Thursday, 23 April 2020

6 Types of Password Attacks commonly used by Ethical Hackers

Ethical Hackers, EC-Council Guides, EC-Council Tutorial and Materials, EC-Council Exam Prep

Password attacks, when performed by ethical hackers, verifies the probability of being hacked. In other words, the technique secures your accounts by ensuring that they cannot be hacked by cybercriminals.

Changing your password is indeed the best way to ensure the security of your accounts. However, taking necessary precautions to mitigate password theft is also an important step to secure your account. Assuming that your password cannot be hacked is exactly what cybercriminals want you to think.

How to create a strong password?



Scoring the password to an individual account using traditional methods is easier than securing an organization’s account. However, cybercriminals often target business accounts for monetary and non-monetary reasons. They apply advanced techniques to compromise the accounts. Ethical hackers’ role comes in to ensure the security of your accounts. They test the probability of a compromise. They perform various methods of password hacking, which reduce the probability of being hacked.

6 types of password attacks commonly used by ethical hackers


SNo. Types of Password Attacks  Sub-divisions of Password Attacks Process of Password Attacks 
Non-electronic Accounts It is a non-technical attack thatis performed even without sound technical knowledge.  Shoulder surfing
Social engineering
Dumpster diving 
Active Online Attack Password guessing   Attackers create possible passwords by collecting information from social media accounts and other online sources.

Criminals use the default password provided by manufacturers to crack accounts. 
Brute forcing attack Attackers make multiple attempts with possible combinations until they crack the account.
Dictionary attack   Attackers load dictionary files of passwords and runs it against user attacks. 
Rule-based attack   The attack is performed only after receiving information about the password. 
Trojans/ Keylogger/ Spyware   Either of these viruses or malware are run in the background to track the passwords. 
Hash injection attack   The attacker injects a compromised hash into a local session and uses it to retrieve the domain admin account hash. To log on to the domain controller, use the extracted hash. 
3 Passive Online Attack   Man-in-the-middle   The attacker gains access to the communication channel to extract confidential information.
Wire-sniffing   Packet sniffer tools on the local area network are used to access and track the network traffic.
Replay attack Packets and authentication captured using a sniffer are used to extract relevant information, and then they are placed on the network to gain access. 
4 Offline Attack   Rainbow table Captured password hashes are compared to the precomputed tables to recover passwords.
Distributed network attack The technique is used to recover passwords from hashes using excess power of machines to decrypt passwords. 

Ethical hackers need to be aware of all these and various other password attacks that are commonly used by cybercriminals. It requires getting into the attackers’ shoes and wearing their thinking cap and performing all possible attempts to infiltrate business accounts. Moreover, if ethical hackers can compromise your password, then remember that cybercriminals can easily compromise it too.

Learn and acquire ethical hacking skills


Certified Ethical Hacker (CEH) is a recognized ethical hacking program and is a must credential to all the information security professionals to learn ethical hacking from its fundaments. The CEH trains you on the latest hacking tools and techniques used by information security professionals to secure and defend the organizations from future attacks.

Source: eccouncil.org

Related Posts

0 comments:

Post a Comment