Page 54 - Computer Software Application TP - Volume 1
P. 54
COMPUTER SOFTWARE APPLICATION - CITS
EXERCISE 14 : Password Cracking: Dictionary vs Brute-
Force vs Hybrid methods
Objectives
At the end of this exercise you shall be able to
• crack password by using Dictionary Attack method
• crack password by using Brute-Force Attack method
• crack password by using Hybrid Attack method.
Requirements
Tools/Materials
• Linux PC/Laptop with internet connection
• Password cracking tools John the Ripper, Hashcat,
Hydra
Procedure
Password cracking involves attempting to gain unauthorized access to a system or an account by trying to
decipher or guess the password. There are several methods for password cracking, including dictionary attacks,
brute-force attacks, and hybrid attacks. Here are practical steps for each method:
TASK 1: Dictionary Attack
1 Gather Wordlists: Obtain a comprehensive wordlist or dictionary containing commonly used passwords,
phrases, and combinations.
2 Select Tools: Choose a password cracking tool that supports dictionary attacks, such as John the Ripper,
Hashcat, or Hydra.
3 Configure Tool: Set up the password cracking tool to use the selected wordlist as input.
4 Execute Attack: Run the tool against the target system or account, attempting to log in with each password
in the dictionary.
5 Analyze Results: Review the output to identify successful password guesses and gain access to the target
account.
TASK 2: Brute-Force Attack
1 Determine Password Complexity: Assess the complexity of the target password, including length and
character set.
2 Select Tools: Choose a password cracking tool capable of brute-force attacks, such as John the Ripper,
Hashcat, or Hydra.
3 Configure Tool: Set up the password cracking tool to systematically generate and try all possible combinations
of characters within the specified parameters.
4 Execute Attack: Run the tool against the target system or account, attempting to guess the password through
exhaustive trial and error.
5 Monitor Progress: Monitor the progress of the brute-force attack, as it may take significant time and
computational resources.
6 Analyze Results: Review the output to identify successful password guesses and gain access to the target
account.
39