• Choose a category
• All
• Classic-Fiction

Cross-site scripting Validate cookies, query strings, form fields, and hidden fields.

SQL injection Validate user variables.

Command injection Use language-specific libraries for the programming language.

Cookie poisoning and snooping Don't store passwords in a cookie. Implement cookie timeouts, and authenticate cookies.

Buffer overflow Validate user input length, and perform bounds checking.

Authentication hijacking Use SSL to encrypt traffic.

Directory traversal / Unicode Define access rights to private folders on the web server. Apply patches and hotfixes.

Web-Based Password

Cracking Techniques

As a CEH, you need to be familiar with the techniques hackers use to crack web-based passwords. This includes being able to list the different authentication types, knowing what a password cracker is, identifying the classifications of password-cracking techniques, and knowing the available countermeasures. We'll look at each in the following sections.

List the Authentication Types

Web servers and web applications support multiple authentication types. The most common is HTTP authentication. There are two types of HTTP authentication: basic and digest. HTTP authentication sends the username and password in cleartext, whereas digest authentication hashes the credentials and uses a challenge-response model for authentication.

In addition, web servers and web applications support NTLM, certificate-based, token-based, and biometric authentication. NTLM authentication uses Internet Explorer and IIS web servers, making NTLM more suitable for internal authentication on an intranet that uses the Microsoft operating systems. Windows 2000 and 2003 servers utilize Kerberos authentication for a more secure option. Certificate-based authentication uses an x.509 certificate for public/private key technology. A token, such as SecurlD, is a hardware device that displays an authentication code for 60 seconds; a user uses this code to log in to a network. Biometric authentication uses a physical characteristic such as fingerprint, eye iris, or handprint to authenticate the user.

What Is a Password Cracker?

A password cracker is a program designed to decrypt passwords or disable password protection. Password crackers rely on dictionary searches (attacks) or brute-force methods to crack passwords.

How Does a Password Cracker Work?

The first step in a dictionary attack is to is to generate a list of potential passwords that can be found in a dictionary. The hacker usually creates this list with a dictionary generator program or dictionaries that can be downloaded from the Internet. Next, the list of dictionary words is hashed or encrypted. This hash list is compared against the hashed password the hacker is trying to crack. The hacker can get the hashed password by sniffing it from a wired or wireless network or directly from the Security Accounts Manager (SAM) or shadow password files on the hard drive of a system. Finally, the program displays the unencrypted version of the password. Dictionary password crackers can only discover passwords that are dictionary words.

If the user has implemented a strong password, then brute-force password cracking can be implemented. Brute-force password crackers try every possible combination of letters, numbers, and special characters, which takes much longer than a dictionary attack because of the number of permutations.

Understand Password Attacks: Classification

The three types of password attacks are as follows:

Dictionary Uses passwords that can be found in a dictionary

Brute force Guesses complex passwords that use letters, numbers, and special characters

Hybrid Uses dictionary words with a number or special character as a substitute for a letter.

Hacking Tool

Webcracker is a tool that uses a word list to attempt to log on to a web server. It looks for the "HTTP 302 object moved" response to make guesses on the password. From this response the tool can determine the authentication type in use and attempt to log on to the system.

Understand Password-Cracking Countermeasures