The next stage to Enumeration is system hacking and password hacking is one of the crucial part of hacking a system. Depending on how an attacker tries to attack password for hacking password attacks can be classified as follows,
Passive Online Attack
Active Online Attack
Offline Attack
Non-Technical Attack
Passive Online Attack:
In passive online attacks an attacker don’t contact with authorizing party for stealing password, in other words he attempts password hacking but without communicating with victim or victim account. Types of passive online attacks includes wire sniffing, Man in the middle attack and reply attack.
Active Online Attack:
This type of attack can be directly termed as password guessing. An attacker tries number of passwords one by one against victim to crack his/her password.
Offline Attack:
Offline password attacks are performed from a location other than the actual computer where the password reside or were used. Offline attacks requires physical access to the computer which stores password file, the attacker copies the password file and then tries to break passwords in his own system. Offline attacks include, dictionary attacks, hybrid attacks, brute force attack, precomputed hash attacks, syllable attacks, rule based attacks and rainbow attacks.
Non Technical Attacks:
This type of attacks does not require any technical knowledge hence termed as non-technical attacks. This kind of attacks may include, social engineering, shoulder surfing, keyboard sniffing and dumpster diving.
Passive Online Attack Types:
Wire Sniffing:
Most of the time when we talk of passive online attack we consider it as sniffing the password on wired or wireless networks. The password is captured during authentication phase and then compared to dictionary file or word list. The majority of Sniffer tools are ideally suited to sniff data in hub environment. These tools are also known as passive sniffers as they passively wait for data to be sent before capturing the information. User account passwords are commonly hashed or encrypted when sent on the network to prevent unauthorized access and use. In such cases hacker uses his special tools to crack password.
Man In The Middle Attack:
In man in the middle attack an attacker intercepts the authentication server and then captures traffic and forwards it to server. To perform this attack a hacker inserts a sniffer between client and server, like this he is able to sniff from both sides and can also capture password.
Replay Attack:
It occurs when the hacker intercepts the password and en routes to the authentication server and then captures and resend the authentication packets for later authentication. In this manner, the hacker doesn’t have to break the password or learn the password through MITM but rather captures the password and reuses the password-authentication packets later to authenticate as the client.
Active Online Attack:
Password Guessing:
Password guessing is an active online attack. It relies on human factor involved in creating passwords and only works on weak passwords. In this method an attacker tries to build a dictionary of words and names to make all possible combination that can be used as password. The attacker performs this attack with help of program that gives hundreds and thousands of words per second. A good password is hard to guess and easy to remember, so you must have good password to protect yourself from this kind of attack.
Offline Attack:
Dictionary Attack:
A dictionary attack is the simplest and quickest of type of attack. It’s used to identify a password that is an actual word, which can be found in a dictionary. Most commonly, the attack uses a dictionary file of possible words, which is hashed using the same algorithm used by the authentication process. Then, the hashed dictionary words are compared with hashed passwords as the user logs on, or with passwords stored in a file on the server. The dictionary attack works only if the password is an actual dictionary word, therefore this type of attack has some limitations. It can’t be used against strong passwords containing numbers or other symbols.
Hybrid Attacks:
A hybrid attack is the next level of attack a hacker attempts if the password can’t be found using a dictionary attack. The hybrid attack starts with a dictionary file and substitutes numbers and symbols for characters in the password. For example, many users add the number 1 to the end of their password to meet strong password requirements. A hybrid attack is designed to find those types of anomalies in passwords.
Brute Force:
The most time-consuming type of attack is a brute-force attack, which tries every possible combination of uppercase and lowercase letters, numbers, and symbols. A brute-force attack is the slowest of the three types of attacks because of the many possible combination of characters in the password. However, brute force is effective; given enough time and processing power, all passwords can eventually be identified.
Pre-Computed Hash:
Encrypted password that are stored can prove useless against dictionary attacks. If the file contains the encrypted password in readable format, the attacker can easily detect the hash function. He/she can then decrypt each and every word in the dictionary using hash function an then compare with the encrypted password. Storage of hashes requires large memory space and hence time-space trade-off is used to reduce memory space required to store hashes.
Syllable Attack:
Syllable attack is combination of both brute force and dictionary attack. This cracking technique is used when the password is not an existing word. Attackers use the dictionary and other methods to crack it. It also uses the possible combination of every word present in the dictionary.
Rule Based Attack:
This type of attack is used when attacker gets some information about the password. This is the most powerful attack because the cracker knows about the type of password. This technique involves use of brute force, dictionary and syllable attacks.
Rainbow Attack:
Rainbow attack is nothing but a little advanced from of precomputed hash. It uses already calculated information stored in memory to crack the cryptography. In rainbow attack the same technique is used, the password hash table is created in advance and stored into the memory. Such a plain table is known as rainbow table. A rainbow table is a look-up table specially used in recovering the plain text password from a cipher-text.
Non-Technical Attack:
Social Engineering:
Social engineering is the art of interacting with people either face to face or over the telephone and getting them to give out valuable information such as passwords. Social engineering relies on people’s good nature and desire to help others. Many times, a help desk is the target of a social-engineering attack because their job is to help people—and recovering or resetting passwords is a common function of the help desk. The best defense against social engineering attacks is security awareness training for all employees and security procedures for resetting passwords.
Shoulder Surfing:
Shoulder surfing involves looking over someone’s shoulder as they type a password. This can be effective when the hacker is in close proximity to the user and the system. Special screens that make it difficult to see the computer screen from an angle can cut down on shoulder surfing. In addition, employee awareness and training can virtually eliminate this type of attack.
Dumpster Diving:
Dumpster diving hackers look through the trash for information such as passwords, which may be written down on a piece of paper. Again, security awareness training on shredding important documents can prevent a hacker from gathering passwords by dumpster diving.