Password attack can also termed as Password cracking, is the most common attack usually carried out by hacker because the most commonly used mechanism to authenticate users access to a computer system is password and sometimes along with the username or login ID. Passwords are illegally obtained by criminal hackers in several ways that including guessing of passwords by trying different passwords with the expectation that one will work; this may termed as password brute-forcing or dictionary attack, network sniffing method is also one best way for obtaining encrypted or non-encrypted data containing passwords within a network by capturing packets communicated on a network,getting access to a user’s database can also expose passwords, social engineering by impersonating original user by using Email, SMS and Phone call which known as Phishing, Smishing and Vishing or shoulder surfing and dumpster diving. Office attack requires physical access to a computer or storage media by copying the password file from the storage to another media. More about these methods and techniques are explained below.
Brute-Force and Dictionary attack: Bruce force refers to testing or guessing different passwords with hope that one will work, Dictionary of common and various password combinations in a single file can be used to hack password or test password security using the automated script tool.
Social Engineering attack: social engineering impersonates the original user by using Email, SMS and Phone call which known as Phishing, Smishing and Vishing or shoulder surfing and dumpster diving.
Social engineering is the technique that persuades to deceive the victim in order to obtain sensitive and confidential information. Social engineer uses communication skills and tool to make the victim to trust the social engineer and his active, rather than scanning for vulnerability to exploit. Social engineering usually makes phone calls, send SMS or Email, Instant messaging, and some other communication system available on the internet for persuasion and trick to deceive the victim to get them to trust the social engineer in order to obtain intended and targeted information.
Sniffing attack: Password Sniffing is one of the methods used in Password Attack; it is passive-level attack. Password sniffing can also term as Network Sniffing; it is an act of intercepting, monitoring, and capturing of information (data packet) in traffic of a network; most especially in Local Area Network (LAN). The purpose of this action is to steal information like usernames, passwords, network messages, files in transit, etc. Information is captured in the form of a Packet using a sniffer software program like WireShark.
Database Injection attack: SQL injection is a type of cyber attack that uses malicious SQL code (SQL injection code) to exploit vulnerabilities in the any SQL Database to obtain or manipulate to access information that may include valuable number of items, lists customer details, customer’s credit card numbers, sensitive company’s data, or username and password of customers / service users.
Offline attack: Unlike Online attack (automated scripting, network sniffing, etc.), Offline attack refers to physical access to a computer or storage media by copying the password file from the storage to another media.
Malware attacks: Malicious software such as Keylogger and Spyware can be used to record and obtain password or any other information typed on a keyboard. Keystroke logger or keylogger is a monitoring or surveillance software that logs and captures the keystroke on a keyboard, keylogger or Spyware can be found as hardware of software which known as hardware spyware or software spyware which they are all considered to be a type of Spyware Tools.
Password cracking is a common attack usually carry out by hackers because it allows direct access to vital information. Education on all major password attack technique is necessary for internet service users and users in an organization’s network. Lack of security concern of individuals has caused many organizations into several losses.