In this section, we will look at common password cracking techniques. Some of these techniques may overlap in tools and methodologies. Attackers often blend multiple, complimentary tactics to improve their chances of success.
Credential stuffing attacks do not attempt to brute force or guess any passwords. The threat actor automates authentication based on previously discovered credentials using customized tools. This approach can entail launching millions of attempts to determine where a user potentially reused their credentials on another website or application.
Some password cracking techniques rely on system vulnerabilities or gaining access to a privileged account to achieve lateral movement and amass other passwords. However, most cracking relies on inadequate password hygiene and absence of appropriate credential management tools.
When Game of Thrones was first screening, \"dragon\" rose quickly to become one of the more commonly used passwords. People frequently use the names of pets, children, spouse, and streets, as well as their birthdates.
5. Use Unique Passwords Without Repeating: This simple best practice protects against a broad array of password re-use strategies and password cracking tools. Otherwise, if one account is breached, other accounts with the same credentials can easily be compromised.
7. Implement Multi-Factor Authentication: For sensitive accounts and vendor/remote access, single-factor authentication (password/username pair) is insufficient. Adding additional authentication factors greatly increases protection and increases assurance that the identity trying to initiate access is who they say they are. Multi-factor authentication (MFA), by incorporating factors such as endpoint or biometrics, protects accounts against password cracking tools and guessing attacks.
Enterprise identity security is predicated on the consistent enforcement of password security best practices. However, taking a risk management approach, organizations must prioritize the highest-impact identities first. This entails illuminating the landscape of privileged identities and credentials. You can start by leveraging the most powerful free tool for identifying privileged accounts and access across your environment - the BeyondTrust Privileged Account Discovery Application - no download necessary.
LaZagne is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows systems. LaZagne is publicly available on GitHub.
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used by a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain. 1e1e36bf2d