Password Attacks
Jump to navigation
Jump to search
Password Attacks[edit | edit source]
Password attacks target authentication systems by attempting to gain access using valid or guessed credentials. These techniques play a central role in assessing the strength of user access controls, exposing weak password hygiene, misconfigurations, or lack of rate-limiting.
Password-based authentication remains the most common form of access control, making it a recurring target for security assessments and enumeration strategies.
Goals[edit | edit source]
- Identify valid username and password pairs
- Test authentication mechanisms for resilience
- Bypass login portals or API authentication
- Expose weak, reused, or default credentials
Common Techniques[edit | edit source]
- Brute-force attacks – systematically try all possible combinations.
- Dictionary attacks – use wordlists of common or leaked passwords.
- Credential stuffing – use known username/password pairs from breaches.
- Password spraying – try a small set of passwords across many accounts.
- Default credential testing – test common vendor defaults on devices and services.
Concepts[edit | edit source]
- Username enumeration – discovering valid usernames before attempting login.
- Rate-limiting evasion – bypassing protections like CAPTCHAs, lockouts, and timeouts.
- Multi-factor resistance – identifying systems lacking MFA or with weak fallback paths.
- Authentication protocol abuse – targeting flaws in NTLM, RDP, SSH, or web auth flows.
Tools[edit | edit source]
Username Enumeration & Preparation[edit | edit source]
- Username-Anarchy – generates realistic username lists from real-world names
- Kerbrute – brute-forces and enumerates Kerberos accounts using username lists
Online Password Attacks (Network Protocols)[edit | edit source]
- Hydra – high-speed network login cracker supporting many protocols
- Medusa – fast, parallel, and modular login brute-forcer
- Ncrack – network authentication cracking tool from the Nmap team
- Patator – multi-purpose brute-forcing tool with flexible module support
- Crowbar – brute-force tool with support for RDP, SSH, and VNC
Post-Exploitation & Credential Validation[edit | edit source]
- CrackMapExec – post-exploitation and credential validation tool for Windows networks
Offline Password Cracking[edit | edit source]
- John the Ripper – offline password cracker for local hash files
- Hashcat – GPU-accelerated password cracker for hashes (offline)
Wordlists & Resources[edit | edit source]
- SecLists – extensive collection of wordlists for usernames, passwords, and URLs
- Have I Been Pwned – check for breached credentials
- SharpCollection – Windows-focused red team tools and password resources
- weakpass.com – community-driven password dumps and dictionaries
- crackstation.net – precomputed hash lookup tables and cracking tips
Common Targets[edit | edit source]
- SSH – brute-forcing port 22
- FTP – default credentials and weak password combinations
- HTTP(S) – login forms, API tokens, and session-based auth
- SMB / RDP – targeting exposed Windows services
- Web CMS – WordPress, Joomla, Drupal admin panels
- Routers & IoT – testing default credentials and vendor-specific backdoors
Defensive Indicators[edit | edit source]
- Sudden spike in failed login attempts
- Auth logs showing repeated logins from single IP
- Lockout or throttling mechanisms being triggered
- Auth bypass via known default credentials