✔️ Gain persistent access to an exploited machine
✔️ Choose the right method to attack passwords
✔️ Exploit reused credentials
Passwords are generally the only line of defense from unauthorized access
→ they must be stored securely
→ stored in files or databases
→ not stored in clear-text
→ must be stored in encrypted form
encrypted with a one way encryption algorithm
→ Cryptographic Hashing functions
used to transform passwords from clear text to encrypted safe-to-store form
🗨 Password Cracking is the process of recovering clear-text passwords from their hash
→ try every single possible combination
This is the only method that will guarantee finding a correct password
program which generates every possible password of any length
pseudo-code