Password Attacks
Studied by 0 people
View linked note
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/14
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
15 Terms
What is a common method through which threat actors gain access to a network?
Obtaining credentials to access the network.
What makes on-path and malware attacks difficult to execute?
They require more effort compared to simply obtaining credentials.
How can plaintext passwords be captured?
By obtaining a password file or sniffing unencrypted traffic on the network.
What happens if authentication credentials are transmitted in cleartext?
They can be intercepted via packet sniffing.
What is the purpose of a cryptographic hash algorithm in password storage?
To produce a fixed-length string from a variable-length string using a one-way function.
Why is a hashed password considered more secure than a plaintext password?
Because the plaintext should not be recoverable from the hash.
What is a potential risk of Base64 encoding for passwords?
The password value can easily be derived from the Base64 string.
What are the common files where password hashes are stored?
%SystemRoot%\System32\config\SAM,
%SystemRoot%\NTDS\NTDS.DIT,
and /etc/shadow.
What two techniques does password cracking software typically use?
Dictionary and brute force techniques.
How does the dictionary attack work in password cracking?
It matches the hash to those produced by ordinary words found in a dictionary.
What can significantly speed up a brute force password attack?
Using a mask based on likely facts about how the target chooses a password.
Why can short and simple passwords be cracked quickly?
They produce fewer combinations, allowing quicker matching by the cracking software.
What is the difference between cryptographic hashing and Base64 encoding?
Cryptographic hashing is a one-way function, while Base64 encoding can be easily reversed to obtain the original password value.
What effect do longer and more complex passwords have on brute force attacks?
They increase the time required to run the attack significantly.
What is the role of Hashcat in the context of password cracking?
It is a utility that can speed up various types of attacks, including brute force attacks.