New Training: Credential Attacks

In this 6-video skill, CBT Nuggets trainer Bob Salmans walks through multiple credential attacks including hash cracking, brute force, and pass the hash. Watch this new CompTIA,Cyber Security training.

Watch the full course: CompTIA PenTest+

This training includes:

• 6 videos

• 53 minutes of training

You’ll learn these topics in this skill:

• Credential Attacks Pt.1

• Credential Attacks Pt.2

• Creating Custom Wordlists

• Performing a Brute Force Attack

• Cracking Hashed Passwords

• Executing a Pass the Hash Attack

Can You Still Brute Force Passwords?

There was a time where cracking passwords with a brute force attack was standard practice. Is brute-forcing a password still a viable option today?

First, let's explain how brute-forcing a password works. Attackers use algorithms to submit passwords rapidly to an application to try and match an encrypted password in a database. Brute forcing attacks, by nature, are a guess and check attack. There isn't any reverse engineering involved. Because of this, brute-forcing passwords have the potential to be slow depending on how complex a password might be.

Brute forcing passwords can be much more difficult today. Libraries like Bcrypt encrypt passwords in such a way that it is both difficult and time-consuming to brute force passwords. Cracking user passwords through brute force attacks can now be near impossible depending on how applications are built. This should serve as a healthy reminder that you shouldn't cut corners with application security.