- Dictionary attack
A simple dictionary attack is by far the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded into a cracking application (such as L0phtCrack), which is run against user accounts located by the application. Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to to the job. - Hybrid attack
Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a password. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "cat"; second month password is "cat1"; third month password is "cat2"; and so on. - Brute force attack
A brute force attack is the most comprehensive form of attack, though it may often take a long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password. L0phtcrack can also be used in a brute force attack.
let's have a look of few tools & utils
Most popular tools is L0phtCrack (now called LC4). L0phtCrack is a tool that allows an attacker to take encrypted Windows NT/2000 passwords and convert them to plaintext. NT/2000 passwords are in cryptographic hashes and cannot be read without a tool like L0phtCrack. It works by attempting every alphanumeric combination possible to try to crack passwords.
Protocol analyzer (better known as a network sniffer, such as Sniffer Pro or Etherpeek), which is capable of capturing every piece of data on the network segment to which it is attached. When such a tool is running in promiscuous mode, it can "sniff" everything going around on that segment such as logins and data transfers. As you'll see later, this can seriously damage network security allowing attackers to capture passwords and sensitive data.
No comments:
Post a Comment