How does dictionary attack work

Introduction

Today we will discuss one important topic of ethical hacking and that is dictionary attack. In this post we will cover below things,

  • What is Dictionary Attack.
  • Why hackers do this attack.
  • Which mechanism or tool is used.
  • How to do the dictionary attack (step by step).

Lets see these one by one,

What is dictionary Attack

Dictionary attack is a method of cracking password of any system (OS, Service, network devices, etc.). An attacker uses a list of password (contains a list of commonly used password) and tries each of it with the help of some tools.

Why hackers do this attack

Hackers want to have the control of any systems and for that they need credentials of that system. Most of the cases they try to take control of the Operating System, Web sites and other services (ftp). But sometimes, they want to decrypt the encrypted files (password protected).

Which mechanism or tool is used

Hackers use different tools to crack the password of target system (website, Operating system etc.). One of the most common tool is Hydra by THC. Another tools are also there named Aircrack-ng, Cain & Abel, John the Ripper, Hashcat, DaveGrohl, and ElcomSoft. Most of these tools uses a list of word as a password and list of word an user. With the help of the tool, automatically attempt to login using the list. If any username and password matches, it shows you that.

How to do the dictionary attack (step by step)

Prepare an Attack Machine: To simulate any attack, you need an attack machine. Ethical hackers start learning using Kali linux. You can download the Kali linux ISO and install it in a virtual environment like Hyper-v virtualbox, vmware workstation. Kali has different tools installed by default to practice Ethical Hacking.

Prepare a Target System: To simulate the attack you need a target system. You can install Ubuntu Server Operating System in the same virtual environment.

Create a list of User & Password: You need a list of users and Password for doing the attempt. You can download the the password list from here. Prepare a list of users by your own. Both the list can be saved as .txt

Do the attack: Login to Kali and open a terminal. Run below command to start.

hydra -L user.txt -P password.txt ssh://{ip_address}

Replace ip_address with your target machine IP.

Result:

How to Install MobaXterm in Windows

Download Free version from official MobaXterm download Page.

Open your browser and visit the download page and Download the Installer Edition. A ZIP file will be downloaded named MobaXterm_Installer_vxxx (example: MobaXterm_Installer_v24.3).

Extract the Installer:

Right Click on the Zip file and keep your mouse over 7-Zip and click Extract to “MobaXterm_Installer_v24.3\“. It will create a folder with the same name as ZIP file and extract all files into that folder. In my PC, I have 7zip installed but may be you have some other application for unzip for example WinRAR.

Run the Installer:

Open the folder and you will get two files (.msi and .dat). Right Click on the MSI file and click Install.

MobaXterm Setup Wizard:

MobaXterm Setup Wizard will open. Click Next to Continue.

Accept End-User License Agreement:

End-User License Agreement Windows will be appeared. Check the box I accept the terms in the License Agreement and click Next.

Select the Destination folder (Installation folder):

Destination Folder Windows will appear. You can change the destination folder if you want (click Change and set) but I am keeping the default. Once done, click Next.

Confirm the Readiness of Installation:

Click Install to confirm the Installation.

Finish the Installation:

It will take few moments to Install. Click Finish to complete the Installation.

Run MobaXterm and Start Using:

From the Start Menu, search for MobaXterm and Run it. You will see the Window like below. Enjoy!

How to Find a PDC Emulator

This post will describe the PDC Emulator and way to detect PDC Emulator in your environment.

Step 1: Open PowerShell: Click on Windows button or Search box in your System. Type powershell and Right-click on it. Then Click Run as administrator.

Step 2: Run Command to Find PDC: Type Get-ADDomain | Select-Object -Property PDCEmulator and hit Enter.

You can see the FQDN (Fully Qualified Domain Name) of the PDC machine. Now you can login to this machine and do your advanced Active Directory related troubleshooting.

Video Tutorial:

List of Command to Run Windows Program

This post is about to discuss the way to open different popular Windows Application by running single command. It will help you to run the application from single place, i.e. command prompt or Run.

Lets see the commands and try in our system….

How to delete a Windows Partition Using Command Line

In this post, we will describe how to delete a partition from command line. It is necessary when you are not able to do it from Disk Management (GUI). Let’s not delay and start.

Step 1: Run Command Prompt as Administrator: Click Start Menu/Search Box, type Command Prompt. Right-click on Command Prompt App and Click Run as administrator.

Step 2: Enter Disk management Utility: Type diskpart and Hit Enter

Step 3: Show available Disks: Type list disk and Hit Enter. [in this case only one disk is available]

Step 4: Select the desired disk: Type select disk 0 and Hit Enter. [will modify partitions from Disk 0]

Step 5: Show Available Partitions: type list partition and Hit Enter. [partitions are listed]

Step 6: Select Desired Partition: Type select partition 6 and Hit Enter. [will modify partitions 6]

Step 7: Delete the Selected Partition: Type delete partition override and Hit Enter.

Step 8: Verify that Partition is deleted: Repeat Step 5.

You can see the partition 6 is no more available here.