Attack TechniquesHigh
Dictionary Attack
A password-cracking technique that systematically tests words from a predefined list (dictionary) to guess passwords.
Skill Paths:
Penetration TestingPassword SecurityIncident Response
Job Paths:
Penetration TesterSOC AnalystSecurity Engineer
Relevant Certifications:
OSCPCEHCompTIA Security+
Content
Dictionary Attack
A dictionary attack is a password-cracking technique that systematically tests words from a predefined list (dictionary) to guess passwords. Attackers use dictionaries of common passwords, phrases, and variations to speed up the process compared to brute force attacks.
How Dictionary Attacks Work
- Wordlist Selection: Use of dictionaries containing common passwords
- Automated Tools: Tools like John the Ripper, Hydra, and Hashcat automate the process
- Password Guessing: Each word is tried as a password until access is gained or the list is exhausted
Prevention
- Use Strong Passwords: Avoid common words and phrases
- Password Complexity: Require a mix of letters, numbers, and symbols
- Salting and Hashing: Store passwords securely
- Account Lockout: Limit login attempts to prevent automated attacks
Detection
- Monitor for repeated failed login attempts
- Use intrusion detection systems (IDS)
- Analyze authentication logs for patterns
Related Concepts
- Brute Force Attack: Tries all possible combinations
- Password Cracking: General term for breaking passwords
- Salting: Enhances password security
Conclusion
Dictionary attacks are a common and effective method for cracking weak passwords. Strong password policies and monitoring are essential to defend against these attacks.
Quick Facts
Severity Level
7/10
Method
Tries common words and phrases as passwords
Tools
John the Ripper, Hydra, Hashcat
Prevention
Use strong, complex passwords
Related Terms