Info Assurance Lesson 8 - Password Cracking

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/20

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards

Password Cracking

It is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.

2
New cards

Password Cracking

It can also be used to help a threat actor obtain unauthorized access to resources

3
New cards

unauthorized access

Password Cracking can also be used to help a threat actor obtain ________________________________________ to resources

4
New cards

password cracker

It recovers passwords using various techniques.

5
New cards

1. Steal a password via some nefarious means

2. Choose a cracking methodology

3. Prepare the password hashes for the cracking program

4. Run the Cracking Tool

Elaborate the 4 steps in Password Cracking:

6
New cards

Hashes

are mathematical functions that change arbitrary-length inputs into an encrypted fixed length output.

7
New cards

encrypted

A password cracker may also be able to identify _______________________ passwords.

8
New cards

decrypt

After retrieving the password from the computer's memory, the program may be able to ___________________________ it.

9
New cards

brute-force,

dictionary attacks

Password crackers use two primary methods to identify correct passwords: ______________________________ and _______________________________.

10
New cards

Brute force

This attack runs through combinations of characters of a predetermined length until it finds the combination that matches the password.

11
New cards

Dictionary search

Here, a password cracker searches each word in the dictionary for the correct password.

12
New cards

Phishing

These attacks are used to gain access to user passwords without the use of a password cracking tool. Instead, a user is fooled into clicking on an email attachment.

13
New cards

Malware

Similar to phishing, using this is another method of gaining unauthored access to passwords without the use of a password cracking tool.

14
New cards

Rainbow attack

This approach involves using different words from the original password in order to generate other possible passwords.

15
New cards

Guessing

An attacker may be able to guess a password without the use of tools. If the threat actor has enough information about the victim or the victim is using a common enough password, they may be able to come up with the correct characters

16
New cards

hybrid attack

Some password cracking programs may use __________________________________ methodologies where they search for combinations of dictionary entries and numbers or special characters.

17
New cards

Cain and Abel

This password recovery software can recover passwords for Microsoft Windows user accounts and Microsoft Access passwords.

18
New cards

Cain and Abel

It uses a graphical user interface, making it more user-friendly than comparable tools. The software uses dictionary lists and brute-force attack methods.

19
New cards

Ophcrack

This password cracker uses rainbow tables and brute-force attacks to crack passwords. It runs on Windows, macOS and Linux.

20
New cards

John the Ripper

This tool uses a dictionary list approach and is available primarily for macOS and Linux systems.

21
New cards

John the Ripper

The program has a command prompt to crack passwords, making it more difficult to use than software like Cain and Abel.