Web-Based Password Cracking Techniques

  • Basic authentication is achieved through the process of exclusive ORing (XOR) and is considered weak.
  • Message digest authentication is a big improvement over basic. Message digest uses the MD5 hashing algorithm. Message digest is based on a challenge response protocol. It uses the username, the password, and a nonce (random) value to create an encrypted value that is passed to the server.
  • Forms-based authentication is widely used on the Internet. It functions through the use of a cookie that is issued to a client. Once authenticated, the application generates a cookie or session variable.
  • Certificate-based authentication is considered strong. When users attempt to authenticate, they present the web server with their certificate. The certificate contains a public key and the signature of the Certificate authority.
  • Dictionary attacks A text file full of dictionary words is loaded into a password program and then run against user accounts located by the application. If simple passwords have been used, this might be enough to do the trick.
  • Hybrid attacks Similar to a dictionary attack, except that it adds numbers or symbols to the dictionary words. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month's password is "Mike"; second month's password is "Mike2"; third month's password is "Mike3"; and so on.
  • Brute force attacks The most comprehensive form of attack and the most potentially time-consuming. Brute force attacks can take weeks, depending on the length and complexity of the password.

SQL Injection





Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net