Web-Based Password Cracking Techniques

Table of contents:

  • Basic authentication is achieved through the process of exclusive ORing (XOR) and is considered weak.
  • Message digest authentication is a big improvement over basic. Message digest uses the MD5 hashing algorithm. Message digest is based on a challenge response protocol. It uses the username, the password, and a nonce (random) value to create an encrypted value that is passed to the server.
  • Forms-based authentication is widely used on the Internet. It functions through the use of a cookie that is issued to a client. Once authenticated, the application generates a cookie or session variable.
  • Certificate-based authentication is considered strong. When users attempt to authenticate, they present the web server with their certificate. The certificate contains a public key and the signature of the Certificate authority.
  • Dictionary attacks A text file full of dictionary words is loaded into a password program and then run against user accounts located by the application. If simple passwords have been used, this might be enough to do the trick.
  • Hybrid attacks Similar to a dictionary attack, except that it adds numbers or symbols to the dictionary words. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month's password is "Mike"; second month's password is "Mike2"; third month's password is "Mike3"; and so on.
  • Brute force attacks The most comprehensive form of attack and the most potentially time-consuming. Brute force attacks can take weeks, depending on the length and complexity of the password.

SQL Injection

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net