Password attack can also termed as Password cracking, is the most common attack usually carried out by hacker because the most commonly used mechanism to authenticate users access to computer system is password and sometimes along with username or login ID. Passwords are illegally obtained by criminal hackers in several ways that including guessing of passwords by trying different passwords with the expectation that one will work; this may termed as password brute-forcing or dictionary attack, network sniffing method is also one best way for obtaining encrypted or non-encrypted data containing passwords within a network by capturing packets communicated on a network,getting access to a user’s database can also expose passwords, social engineering by impersonating original user by using Email, SMS and Phone call which known as Phishing, Smishing and Vishing or shoulder surfing and dumpster diving. Office attack requires physical access to a computer or storage media by copying the password file from the storage to another media. More about these methods and techniques are explained below.
Brute-Force and Dictionary attack: Bruce force refers to testing or guessing different passwords with hope that one will work, Dictionary of common and various password combinations in a single file can be used to hack password or test password security using automated script tool.
Social Engineering attack: social engineering impersonates original user by using Email, SMS and Phone call which known as Phishing, Smishing and Vishing or shoulder surfing and dumpster diving.
Social engineering is the technique that persuade to deceive victim in order to obtain sensitive and confidential information. Social engineer uses communication skills and tool to make the victim to trust the social engineer and his action, rather than scanning for vulnerability to exploit. Social engineer usually make phone calls, send SMS or Email, Instant messaging, and some other communication system available on the internet for persuasion and trick to deceive victim to get them to trust the social engineer in order to obtain intended and targeted information.
Sniffing attack: Password Sniffing is one of methods used in Password Attack; it is passive-level attack. Password sniffing can also term as Network Sniffing; it is act of intercepting, monitoring, and capturing of information (data packet) in traffic of a network; most especially in Local Area Network (LAN). The purpose for this action is to steal information like usernames, passwords, network messages, files on transit, etc. Information is captured inform of a Packet using a sniffer software program like WireShark.
Database Injection attack: SQL injection is a type of cyber attack that uses malicious SQL code (SQL injection code) to exploit vulnerabilities in the any SQL Database to obtain or manipulate to access information that may include valuable number of items, lists customer details, customer’s credit card numbers, sensitive company’s data, or username and password of customers / service users.
Offline attack: Unlike Online attack (automated scripting, network sniffing, etc), Offline attack refers to physical access to a computer or storage media by copying the password file from the storage to another media.
Malware attack: Malicious software such as Keylogger and Spyware can be used to record and obtain password or any other information typed on a keyboard. Keystroke logger or keylogger is a monitoring or surveillance software that logs and captures the keystroke on a keyboard, keylogger or Spyware can be found as hardware of software which known as hardware spyware or software spyware which they are all considered to be a type of Spyware Tools.
Password cracking is common attack usually carry out by hacker because it allows direct access to vital information. Education on all major password attack technique is necessary for internet service users and users in organization’s network. Lack of security concern by individuals have caused many organizations into several losses.