Looking for something specific?
Page Tag-Cloud
Software Tag-Cloud
Building from Source
Open Source Definition
All Software
  Popular Tags
C Plus Plus
Source Code
Notable Members
Our Company
Copyright Information
Software EULA
Pre-Release EULA
Privacy Policy
Make Contact
Password Cracking
Let's go out on a limb and say that your password is "scissors". While this might seem like a mighty fine password on the surface (I hope it doesn’t, but it might) – this password is extremely weak. Plain-text passwords are subject to several types of attack - most notably the "dictionary attack".

The dictionary attack is one which a would be attacker will automate a password guessing process using every word in the dictionary; and the dictionary definitely contains the word "scissors".

Now, what if your password were the word "Scissors" (with a capital "S")? This combination is not included in my password list. Why? Think about it. I cannot include every combination of the word scissors in my list or it would be HUGE, easily several hundred of thousands of time larger than it's current size.

Your password could be:
  • "scissors"
  • "Scissors"
  • "Sci$$ors"
  • "scissor$"
  • "scis$ors!"
  • "Sc|ssors"
  • "Sciss0rs?"
  • "S(iss0rs?"
…and this list goes on and on and on for just the word "scissors"!!

So you might be thinking: How do we probe for a password which is not in the dictionary if we can't just build a list of every possible combination? Well, this is where permutations come in - and short of it is that we will need some manner of program. This way we can load a word from the list into memory and try to log-in with it. If the log-in fails, instead of simply moving on to the next word we will "mutate" the word a bit. We'll try adding a question mark to the end. Did that password work? No? What about replacing all of the S's in the word with dollar signs? ...I'm sure you get the gist.

Given a method, a password list and time; the possibilities are limitless. Check out SQLPWAudit for a pre-baked solution for password auditing and recovery.

Be sure to grab most up-to-date version my my password list here:

 Auditing    Cracking    Lists    Passwords  

Created by Josh Patterson on 2/8/2013, last modified by Josh Patterson on 2/8/2013

No comments currently exists for this page. Why don't you add one?
First Previous Next Last 

Copyright © 2024 NetworkDLS.
All rights reserved.
Privacy Policy | Our Company | Contact