Password Attacks
rtsort
A rainbow table is an array of rainbow chains. Each rainbow chain has a start point and an end point. The rtsort program sorts the rainbow chains by end point to make binary search possible. To sort a rainbow table, use the following command (the period at the end is part of the command): rtsort .
Offline attack
Offline attacks require the attacker to somehow steal the password file. The attacker can then run attacks against that file with no limitations, such as lock out policies. This is the ideal method for the attacker, but is more difficult because it requires the attacker to somehow steal the password file.
shoulder surfing
Shoulder surfing is an eavesdropping technique in which the attacker obtains passwords or other confidential information by looking over the shoulder of a user typing a password.
User manipulation
A common social engineering technique is user manipulation. This involves the attacker interacting with the user to trick the user into revealing the username and password. For example, the attacker may call the target pretending to be from tech support with a urgent problem. The attacker asks for the target's login information to remote in to resolve the issue. User manipulation is a very successful technique and is still used quite often. User training is the best prevention method.
Physical access
An attacker can use social engineering to gain physical access to an office building. Once inside, the attacker can look around for login information that users have written down. Many users have a tendency to write login information on sticky notes and stick the notes on the monitor or place them under the mouse pad.
Dumpster diving
An attacker may dumpster dive (go through the trash) to find important documents or information that has been thrown out. Many users will throw out papers without realizing the importance of the information. Documents should always be shredded to prevent data loss due to dumpster diving.
Password Guessing
An international company is looking to expand its network of factories, which use labor-intensive production methods, in a region of the world experiencing significant growth in the working-age population. Based on the data in the table, which of the following regions should the company choose?
Online attack
An online brute force attack requires the attacker to submit the passwords using the same user login interface while the target is up and running. For example:An attacker targeting a website will submit login attempts to the site interface.An attacker targeting a computer will submit login attempts to the login screen. The best defense against this method is to implement lock out policies. This means if the incorrect password is entered multiple times in a short period of time, the account will be locked for a specified amount of time.
Dictionary attack
In a dictionary attack, the hacker uses a list of words and phrases to try to guess the password. Dictionary attacks work well if weak passwords are used. Using longer and uncommon passphrases is the best way to secure data against these attacks
Password spraying
Password spraying is another method that allows the attacker to avoid lock out policies. Instead of attempting multiple logins using a single user account and different passwords, the attacker will use the same password with multiple user accounts. The attacker will continue cycling through the user accounts submitting passwords until a match is found. Because there is a delay between submitting a password on each account, the lock out policy can be avoided.
rcrack . -h hash_value
The -h parameter loads and displays the results for a single hash.
rcrack . -l /root/hashes.txt
The -l parameter loads the hashes from a file and each hash is shown on its own line. The hash is shown followed by the cracked password.
Social Engineering
the art of manipulation
Brute Force Attacks
the attacker attempts to guess the password by using a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time. A brute force password attack can be a very time-consuming attack.
Rainbow attacks
When a plaintext password is stored, it is encrypted and a hash is generated.
rtgen
This command generates a rainbow table based on the parameters specified by the user.The parameters are: rtgen hash_algorithm charset plaintext_len_minplaintext_len_max table_index chain_len chain_num part_index
