Password Attacks: Difference between revisions
Jump to navigation
Jump to search
Created page with "== Password Attacks == Password attacks target authentication systems by attempting to gain access using valid or guessed credentials. These techniques play a central role in assessing the strength of user access controls, exposing weak password hygiene, misconfigurations, or lack of rate-limiting. Password-based authentication remains the most common form of access control, making it a recurring target for security assessments and enumeration strategies. === Goals ==..." |
m →Tools |
||
| Line 25: | Line 25: | ||
=== Tools === | === Tools === | ||
==== Username Enumeration & Preparation ==== | |||
* [[Username-Anarchy]] – generates realistic username lists from real-world names | |||
* [[Kerbrute]] – brute-forces and enumerates Kerberos accounts using username lists | |||
==== Online Password Attacks (Network Protocols) ==== | |||
* [[Hydra]] – high-speed network login cracker supporting many protocols | * [[Hydra]] – high-speed network login cracker supporting many protocols | ||
* [[Medusa]] – fast, parallel, and modular login brute-forcer | * [[Medusa]] – fast, parallel, and modular login brute-forcer | ||
* [[Ncrack]] – network authentication cracking tool from the Nmap team | * [[Ncrack]] – network authentication cracking tool from the Nmap team | ||
* [[Patator]] – multi-purpose brute-forcing tool with flexible module support | |||
* [[Crowbar]] – brute-force tool with support for RDP, SSH, and VNC | |||
==== Post-Exploitation & Credential Validation ==== | |||
* [[CrackMapExec]] – post-exploitation and credential validation tool for Windows networks | * [[CrackMapExec]] – post-exploitation and credential validation tool for Windows networks | ||
==== Offline Password Cracking ==== | |||
* [[John the Ripper]] – offline password cracker for local hash files | * [[John the Ripper]] – offline password cracker for local hash files | ||
* [[Hashcat]] – GPU-accelerated password cracker for hashes (offline) | * [[Hashcat]] – GPU-accelerated password cracker for hashes (offline) | ||
=== Wordlists & Resources === | === Wordlists & Resources === | ||
Latest revision as of 05:48, 15 June 2025
Password Attacks[edit | edit source]
Password attacks target authentication systems by attempting to gain access using valid or guessed credentials. These techniques play a central role in assessing the strength of user access controls, exposing weak password hygiene, misconfigurations, or lack of rate-limiting.
Password-based authentication remains the most common form of access control, making it a recurring target for security assessments and enumeration strategies.
Goals[edit | edit source]
- Identify valid username and password pairs
- Test authentication mechanisms for resilience
- Bypass login portals or API authentication
- Expose weak, reused, or default credentials
Common Techniques[edit | edit source]
- Brute-force attacks – systematically try all possible combinations.
- Dictionary attacks – use wordlists of common or leaked passwords.
- Credential stuffing – use known username/password pairs from breaches.
- Password spraying – try a small set of passwords across many accounts.
- Default credential testing – test common vendor defaults on devices and services.
Concepts[edit | edit source]
- Username enumeration – discovering valid usernames before attempting login.
- Rate-limiting evasion – bypassing protections like CAPTCHAs, lockouts, and timeouts.
- Multi-factor resistance – identifying systems lacking MFA or with weak fallback paths.
- Authentication protocol abuse – targeting flaws in NTLM, RDP, SSH, or web auth flows.
Tools[edit | edit source]
Username Enumeration & Preparation[edit | edit source]
- Username-Anarchy – generates realistic username lists from real-world names
- Kerbrute – brute-forces and enumerates Kerberos accounts using username lists
Online Password Attacks (Network Protocols)[edit | edit source]
- Hydra – high-speed network login cracker supporting many protocols
- Medusa – fast, parallel, and modular login brute-forcer
- Ncrack – network authentication cracking tool from the Nmap team
- Patator – multi-purpose brute-forcing tool with flexible module support
- Crowbar – brute-force tool with support for RDP, SSH, and VNC
Post-Exploitation & Credential Validation[edit | edit source]
- CrackMapExec – post-exploitation and credential validation tool for Windows networks
Offline Password Cracking[edit | edit source]
- John the Ripper – offline password cracker for local hash files
- Hashcat – GPU-accelerated password cracker for hashes (offline)
Wordlists & Resources[edit | edit source]
- SecLists – extensive collection of wordlists for usernames, passwords, and URLs
- Have I Been Pwned – check for breached credentials
- SharpCollection – Windows-focused red team tools and password resources
- weakpass.com – community-driven password dumps and dictionaries
- crackstation.net – precomputed hash lookup tables and cracking tips
Common Targets[edit | edit source]
- SSH – brute-forcing port 22
- FTP – default credentials and weak password combinations
- HTTP(S) – login forms, API tokens, and session-based auth
- SMB / RDP – targeting exposed Windows services
- Web CMS – WordPress, Joomla, Drupal admin panels
- Routers & IoT – testing default credentials and vendor-specific backdoors
Defensive Indicators[edit | edit source]
- Sudden spike in failed login attempts
- Auth logs showing repeated logins from single IP
- Lockout or throttling mechanisms being triggered
- Auth bypass via known default credentials