PW Attack Techniques:
- Dictionary Attacks – Use wordlists or rainbow tables as input into cracking algorithms.
- BruteForce Attack – Systematically check all possible password options (hit or miss) by applying any known rules (i.e., password length, case, special characters, etc).
- Hybrid -Combination Dictionary, Bruteforce and rules.
- Other – Additional techniques include phishing, social engineering, malware, and guessing
Hashcat Attack mode parameters
- Dictionary (-a 0) – Reads from a text file and uses each line as a password candidate
- Combination (-a 1) – Like the Dictionary Attack except it uses two dictionaries. Each word of a dictionary is appended to each word in a dictionary.
- Mask (-a 3) – Try all combinations in a given keyspace. It is effectively a Brute Force on user specified character sets.
- Hybrid (-a 6 and -a 7) – A combination of a dictionary attack and a mask attack.
Wordlist Examples (Dictionaries):