BreachExchange mailing list archives
Six ways by which hackers can crack your password
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 7 Feb 2018 18:20:06 -0600
http://threatbrief.com/six-ways-hackers-can-crack-password/ The password is one of the frontiers that stands between you and your hacked bank account or social media account. Nowadays even losing social media accounts to cybercriminals can cause a huge monetary loss because some bank accounts are linked to online accounts like Gmail, Yahoo, Facebook or Twitter. There are specific ways and means in which hackers compromise your account. Passwords being the central theme of almost all your accounts, hackers prefer to go after your password to hack into your financial as well as online accounts. If your account is hacked, the criminals probably used one of the 6 below given ways to crack your account. If you study these methods you can prepare yourself better to repel such hacks and control your accounts easily. Brute force attack Brute force is about overpowering the user’s password by using repetition. Brute force attack is a random trial and error method hack repeated till the password is finally cracked. Hackers randomly keep applying names and numbers to crack the password through this pattern. Sometimes, a lot of guesswork is also used to decode the password while other times hackers use the password cracking software. Arithmetic numbers, birth date, pet’s name, favorite actor’s name are the password that users commonly use. Mostly all online accounts limit the number of tries a user can make but hackers somehow manage to breach the system. Dictionary Hacking Dictionary hacking is also a form of brute force attack. But in Dictionary hack, hackers use various permutations and combinations of dictionary words. They repetitively use the dictionary software and try a various combination of words to crack your password. Almost 50 percent of the passwords are cracked through this process. Brute force dictionaries always start with simple letters “a”, “aa”, “aaa”, and then eventually moves to full words like “dog”, “doggie”, “doggy”. These brute force dictionaries can make up to 50 attempts per minute in some cases while the number goes up with sophisticated software. Phishing Phishing is another most commonly used tool hackers use acquire user IDs and passwords.Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is perhaps the oldest tool used by cybercriminals to trick the victim into divulging his/her login credentials. Most trojans and malware are planted through phishing. Hackers create cloned websites or fake internet address where you are asked to fill in your username and password details. Spider attack Another hacking tool is the Spider attack. Just as the name suggests, hackers also crawl your website like a spider and collect all the common information. Cybercriminals normally use spider attack to target healthcare firms for identity and financial information about its consumers. A spider is a tool that crawls a website looking for all the available content. Here are a few ways to cybercriminals employ to steal information: – Static Content – Dirbuster – HTTP Method – Ascension Fuzz – Query Fuzz – Cookie Fuzz – Robots.txt / Sitemap.xml – RIA Checks – UserAgent – Regexp path/url – Public cache search – /status Keylogger attack This hacking tool is very similar to phishing and is generally spread through malware infection. The victim is usually trapped into installing a keylogger on his/her PC/Laptop by clicking on an attachment is sent via a spurious phishing mail. The moment you download the attachment, it scans through your browser and installs itself in the root directory. Once installed, the keylogger records all your Internet activity which is relayed back to the command and control servers. Rainbow Table While you might think of Rainbow Table as eclectic colorful furniture but it is a sinister form of stealing your credentials. The Rainbow Table that we are talking about are used to crack passwords and are yet another tool in the hacker’s evergrowing arsenal. This method requires a good knowledge of computers and coding. Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. It’s possible for two different passwords to result in the same hash so it’s not important to find out what the original password was, just as long as it has the same hash. The plaintext password may not even be the same password that was created by the user, but as long as the hash is matched, then it doesn’t matter what the original password was. The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves, Storage these days is plentiful and cheap so this is not a big issue for hackers. You can also get precomputed Rainbow Tables for cracking passwords of vulnerable operating systems such as Windows XP, Vista, Windows 7, and applications using MD5 and SHA1 as their password hashing mechanism (many web application developers still use these hashing algorithms). _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Six ways by which hackers can crack your password Destry Winant (Feb 08)