All Questions
Tagged with brute-force dictionary
34 questions
1
vote
0
answers
2k
views
How to crack KeePass database when knowing the first part of the master password [duplicate]
I have a KeePass 2.47 database which is protected with a master password and a key file.
I managed to lose the 2nd part of my master password. So, I have access to the database, the key file and the ...
- 111
1
vote
0
answers
261
views
How to limit number strings with crunch
I'm currently trying to generate a very specific word list. The words generated should go like this:
crunch 9 9 -t @%%%%%%,,-o test.txt
But one of the constraints that I have given myself is that the ...
- 11
24
votes
7
answers
11k
views
After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
I assume yes, given that if e.g. the word was "password", and the new ...
- 452
0
votes
1
answer
361
views
Are dictionary and rainbow table attacks a subset of brute force attacks or are they seperate?
This is more of a question on the actual use of the terms rather than the definitions, so my question is this:
Are dictionary and rainbow table attacks a type of brute force attack or are they ...
- 103
1
vote
2
answers
3k
views
How to generate all possible combinations of a forgotten password
I have forgotten my password but I know the words used in the password. I remember the password was something like [email protected].
Is there any software that can produce all combinations like ...
- 11
1
vote
1
answer
2k
views
In Hashcat, How to generate combinatior attacks consisting of more than two words (in lenght)?
I am trying to make a combinator attack using just one dictionary:
word1
word2
word3
word4
word5
...
And would like to try all 4-words-length permutations separated by commas:
word1,word2,word3,word4
...
- 113
0
votes
1
answer
376
views
Smaller password lists [closed]
I hack wifi passwords with kali linux on airmon-ng and I make always password lists with crunch but the lists are always too long (I'm talking about <100 PT) and I want to know if is there a ...
2
votes
2
answers
2k
views
dictionary attack hashing algorithm
Does the kind of algorithm used to hash passwords have any advantages or disadvantages in a dictionary attack? i.e. SHA256, MD5, etc. or is it just the dictionary that is used by the attacker matters? ...
- 21
13
votes
5
answers
8k
views
Defense against attacks using dictionaries
Some forms of attacks on passwords use dictionaries. It is safer to use nonsense passwords like YunSUanLin, Artibichoke, etc., which do not seem to pertain to any dictionary?
- 131
1
vote
1
answer
510
views
Is there any methods available other than brute force and dictionary attacks?
I am curious to know about the wifi attacks. And I have known a little bit about brute force attack and dictionary attack. Is there any other methods available other than these two...?
- 11
0
votes
1
answer
2k
views
Can brute force or dictionary attacks be detected when using the WiFi protocol?
Can the WiFi protocol recognize when a brute force or dictionary attack on it is occurring? WiFi gives the user an authentication failed message after entering an incorrect WiFi password several times....
2
votes
1
answer
3k
views
Tools and computer specs for password cracking [closed]
To polish my penetration testing skills I want to attempt to crack NTLM/NTLMv2 hashes (via dictionary/wordlist attack) extracted from Active Directory / SAM database, where the underlying passwords ...
- 33
3
votes
1
answer
4k
views
How to find out Wi-Fi password with dictionary attack without connecting to the Wi-Fi?
I have some specific problem. Is there any possibility how to find out Wi-Fi password with dictionary attack without connecting to the Wi-Fi?
I need it for my bachelor thesis, where I am using ...
- 31
42
votes
1
answer
20k
views
How does the attacker know what algorithm and salt to use in a dictionary attack?
I am curious about password cracking methods like dictionary and brute force attacks. Nowadays passwords are stored as hashes and not plaintext on the server. Then how can the plaintext passwords in ...
- 608
2
votes
2
answers
1k
views
Is it still possible to run an online dictionary attack from a single machine, without anonymisation?
This question concerns dictionary attacks conducted:
Over the Internet, using programs like THC Hydra
Via protocols such as HTTP, FTP and SMTP
I believe I'm right in thinking that: a) due to the ...
- 979
0
votes
1
answer
669
views
RDP Audit Failures Brute Force Attacks
I need some help on tracking the source of these RDP access attempts on our terminal server.
Port 3389 is open on the firewall (I know this is a terrible practice. I don't want to hear advice on ...
9
votes
3
answers
10k
views
Which is faster - brute-forcing, or using a dictionary attack that contains all possible permutations?
Assuming a 6-character password uses the mixalphanumeric charset, giving each character a character set of 62 and the entire password a keyspace of 62^6 = 46.6 billion (if my calculations are correct)....
- 979
4
votes
2
answers
1k
views
What's the correct term form a pre-computed table with password/hash pairs?
The table looks like this:
123456 -> asfty18u78t489yh
password -> 89y203rupdifhof
something -> 2r892389n89rfsd
And the idea is that if you have the hash (asfty18u78t489yh), you know ...
- 277
1
vote
4
answers
2k
views
Creating a wordlist knowing parameters
I need to crack my own router password. Advantage is that I know possible characters and maximum length.
What I need is to create a dictionary. The dictionary should contain all the combos of ...
- 113
1
vote
0
answers
534
views
Password Strength: Compound Words [duplicate]
I’m familiar with XKCD’s Correct Horse Battery Stable example but I am wondering about one aspect of password strength.
Dictionary words are an easy target for password crackers. If you compound a ...
- 141
-1
votes
2
answers
524
views
Limiting five letter string to only include words from dictionary in Crunch?
I am creating a word list for attacking a personal .dmg file on OS X. I'm using John the Ripper for the cracking, and Crunch to create the word list:
./crunch 13 13 abcdefghijklmnopqrstuvwxyz ...
36
votes
7
answers
9k
views
Is it possible to improve brute-force guessing of a password with a picture of the keyboard used to enter it?
Is it a bad idea to post a photo of your keyboard to social media?
Can I look at a photo of a keyboard and determine the password of an account?
Assuming a certain (set of) password(s) is the most ...
- 515
1
vote
2
answers
375
views
Are password-guessing attacks a real threat?
There are tons of questions, answers, articles, papers, cartoons etc. on the subject of how to choose a password in such a way that it's difficult to guess or crack with a dictionary-based attack.
I ...
- 411
1
vote
1
answer
569
views
Is it secure to allow an account to use `test123!` as their password?
I'm working on tightening up security for the auth layer of my app and I'm currently making a call on the complexity I'll require for passwords.
Is there a 'standard' recommendation for complexity?
...
- 326
3
votes
2
answers
1k
views
How to generate a password dictionary for a specific use
I have a locked work file that I need access to. Unfortunately, the company that provided the file is no longer in existence and I can't track anyone down to help me out.
The file is encrypted and ...
- 133
1
vote
0
answers
75
views
hydra password penetration test syntax [duplicate]
I am trying to penetrate a password on my own website using hydra.
Let's say that I know login and password and i just put both there like in sample below:
hydra -l admin -p password 123.123.123.123 ...
- 31
18
votes
3
answers
102k
views
What are the differences between dictionary attack and brute force attack?
Can someone explain the major differences between a Brute force attack and a Dictionary attack. Does the term rainbow table has any relation with these?
- 2,097
-1
votes
1
answer
1k
views
Where can I find good word list for MySQL 5? [closed]
I wonder where can I find good collections of dictionaries which can be used for MySQL 5 dictionary attack?
I just need MySQL 5 word lists / dictionaries. I found a lot of MD5, SHA1, etc. but not ...
0
votes
2
answers
683
views
Showing CAPTCHA
I'd like to show a CAPTCHA to prevent brute forcing attempts, but I was thinking of showing it whenever a user fails for an invalid username/password combination after X attempts, regardless of ...
4
votes
3
answers
802
views
Could using a generated key from an online service be considered a risk?
With some colleagues we're having a debate regarding the randomkeygen.com website.
I do think that there is a security risk using the generated keys of this (or any of this kind) website.
Why ? ...
- 151
20
votes
4
answers
309k
views
Wordlists on Kali Linux?
I notice that in /usr/share/wordlists in Kali Linux (former Backtrack) there are some lists. Are they used to bruteforce something? Is there specific list for specific kind of attacks?
- 383
14
votes
6
answers
67k
views
How can I generate custom brute-force dictionaries?
I have found during testing that companies often use variations of their names for critical passwords (for example Microsoft's password might be M1cr0s0f+ or m1cros0ft etc etc).
So if I gave it the ...
- 11.5k
22
votes
5
answers
120k
views
How to generate dictionary for a dictionary attack?
I need to crack my own password. Advantage is that I know possible characters and maximum length.
What I need is to create a dictionary. The dictionary should contain all the combos of characters ...
- 323
139
votes
9
answers
348k
views
Where can I find good dictionaries for dictionary attacks?
I’m wondering where I can find good collections of dictionaries which can be used for dictionary attacks?
I've found some through Google, but I’m interested in hearing about where you get your ...
- 16.2k