Password Attacks

From HackOps
Revision as of 05:37, 15 June 2025 by Vegard (talk | contribs) (Created page with "== Password Attacks == Password attacks target authentication systems by attempting to gain access using valid or guessed credentials. These techniques play a central role in assessing the strength of user access controls, exposing weak password hygiene, misconfigurations, or lack of rate-limiting. Password-based authentication remains the most common form of access control, making it a recurring target for security assessments and enumeration strategies. === Goals ==...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Password Attacks

Password attacks target authentication systems by attempting to gain access using valid or guessed credentials. These techniques play a central role in assessing the strength of user access controls, exposing weak password hygiene, misconfigurations, or lack of rate-limiting.

Password-based authentication remains the most common form of access control, making it a recurring target for security assessments and enumeration strategies.

Goals

  • Identify valid username and password pairs
  • Test authentication mechanisms for resilience
  • Bypass login portals or API authentication
  • Expose weak, reused, or default credentials

Common Techniques

  • Brute-force attacks – systematically try all possible combinations.
  • Dictionary attacks – use wordlists of common or leaked passwords.
  • Credential stuffing – use known username/password pairs from breaches.
  • Password spraying – try a small set of passwords across many accounts.
  • Default credential testing – test common vendor defaults on devices and services.

Concepts

  • Username enumeration – discovering valid usernames before attempting login.
  • Rate-limiting evasion – bypassing protections like CAPTCHAs, lockouts, and timeouts.
  • Multi-factor resistance – identifying systems lacking MFA or with weak fallback paths.
  • Authentication protocol abuse – targeting flaws in NTLM, RDP, SSH, or web auth flows.

Tools

  • Hydra – high-speed network login cracker supporting many protocols
  • Medusa – fast, parallel, and modular login brute-forcer
  • Ncrack – network authentication cracking tool from the Nmap team
  • CrackMapExec – post-exploitation and credential validation tool for Windows networks
  • Patator – multi-purpose brute-forcing tool with flexible module support
  • John the Ripper – offline password cracker for local hash files
  • Hashcat – GPU-accelerated password cracker for hashes (offline)
  • Username-Anarchy – generates realistic username lists from real-world names
  • Kerbrute – brute-forces and enumerates Kerberos accounts
  • Crowbar – brute-force tool with support for SSH, RDP, and more

Wordlists & Resources

  • SecLists – extensive collection of wordlists for usernames, passwords, and URLs
  • Have I Been Pwned – check for breached credentials
  • SharpCollection – Windows-focused red team tools and password resources
  • weakpass.com – community-driven password dumps and dictionaries
  • crackstation.net – precomputed hash lookup tables and cracking tips

Common Targets

  • SSH – brute-forcing port 22
  • FTP – default credentials and weak password combinations
  • HTTP(S) – login forms, API tokens, and session-based auth
  • SMB / RDP – targeting exposed Windows services
  • Web CMS – WordPress, Joomla, Drupal admin panels
  • Routers & IoT – testing default credentials and vendor-specific backdoors

Defensive Indicators

  • Sudden spike in failed login attempts
  • Auth logs showing repeated logins from single IP
  • Lockout or throttling mechanisms being triggered
  • Auth bypass via known default credentials

See Also

Retrieved from "https://hackops.wiki/index.php?title=Password_Attacks&oldid=203"