Password Cracking

Common Password Cracking Techniques

1. Brute Force Attack

• Tries every possible combination of characters until the correct password is found.

• Time-consuming but guarantees success if enough resources are available.

• Can be mitigated by using long and complex passwords.

1. Dictionary Attack

• Uses a predefined list of commonly used passwords and words from dictionaries.

• Faster than brute force but fails against complex and unique passwords.

• Example: Attempting passwords like "password123", "admin", "qwerty", or "letmein".

1. Hybrid Attack

• Combines dictionary and brute force techniques by adding variations to common words.

• Example: Testing "Password1", "Admin2024", or "Qwerty!@#" instead of just "password".

1. Credential Stuffing

• Uses leaked username-password pairs from previous data breaches.

• Automated tools attempt to reuse stolen credentials on different websites.

• Defended against by enforcing unique passwords and multi-factor authentication (MFA).

1. Rainbow Table Attack

• Uses precomputed hash values to crack hashed passwords quickly.

• Works against unsalted password hashes, but modern encryption techniques like bcrypt and PBKDF2 mitigate this.

1. Keylogger Attack

• Malware that records keystrokes and captures passwords in real time.

• Often used in phishing campaigns or Trojan-infected systems.

• Prevented by using endpoint security solutions and avoiding suspicious downloads.

1. Phishing & Social Engineering

• Tricking users into revealing their passwords through fake login pages, emails, or phone calls.

• Attackers often pose as trusted entities to steal login credentials.

• Prevented by user awareness training and two-factor authentication (2FA).