Cracking passwords
Password is one of the basic mechanism used for authenticating a user into a system. During our information gathering and enumeration phase, we may come across various services running on the target which are password-protected such as SSH, FTP, and so on. In order to gain access to these services, we will want to crack passwords using some of the following techniques:
- Dictionary attack: In a dictionary attack, we feed the password cracker a file with a large number of words. The password cracker then tries all the words from the supplied file as probable passwords on the target system. If matched, we are presented with the correct password. In Kali Linux, there are several word-lists which can be used for password cracking. These word-lists are located in
/usr/share/wordlists
as shown in the following image:
- Brute-force attack: If password isn't any of the words from the word-list we provided, then we might have to launch a brute-force attack. In a brute-force attack,...