Page 54 - Computer Software Application TP - Volume 1
P. 54

COMPUTER SOFTWARE APPLICATION - CITS


           EXERCISE 14 :  Password Cracking: Dictionary vs Brute-

                                       Force vs Hybrid methods


            Objectives

           At the end of this exercise you shall be able to
           •  crack password by using Dictionary Attack method
           •  crack password by using Brute-Force Attack method
           •  crack password by using Hybrid Attack method.

           Requirements

           Tools/Materials
           •  Linux PC/Laptop with internet connection
           •   Password cracking tools John the Ripper, Hashcat,
             Hydra


           Procedure
           Password  cracking  involves  attempting  to  gain  unauthorized  access  to  a  system  or  an  account  by  trying  to
           decipher or guess the password. There are several methods for password cracking, including dictionary attacks,
           brute-force attacks, and hybrid attacks. Here are practical steps for each method:

           TASK 1: Dictionary Attack
           1  Gather  Wordlists:  Obtain  a  comprehensive  wordlist  or  dictionary  containing  commonly  used  passwords,
              phrases, and combinations.

           2  Select Tools: Choose a password cracking tool that supports dictionary attacks, such as John the Ripper,
              Hashcat, or Hydra.

           3  Configure Tool: Set up the password cracking tool to use the selected wordlist as input.
           4  Execute Attack: Run the tool against the target system or account, attempting to log in with each password
              in the dictionary.

           5  Analyze Results: Review the output to identify successful password guesses and gain access to the target
              account.


           TASK 2: Brute-Force Attack

           1  Determine  Password  Complexity: Assess  the  complexity  of  the  target  password,  including  length  and
              character set.

           2  Select Tools: Choose a password cracking tool capable of brute-force attacks, such as John the Ripper,
              Hashcat, or Hydra.

           3  Configure Tool: Set up the password cracking tool to systematically generate and try all possible combinations
              of characters within the specified parameters.

           4  Execute Attack: Run the tool against the target system or account, attempting to guess the password through
              exhaustive trial and error.

           5  Monitor  Progress:  Monitor  the  progress  of  the  brute-force  attack,  as  it  may  take  significant  time  and
              computational resources.

           6  Analyze Results: Review the output to identify successful password guesses and gain access to the target
              account.




                                                           39
   49   50   51   52   53   54   55   56   57   58   59