6 Cryptographic Attacks That You Must Know
Sometimes, to rob a casino, you need to plan a complicated Ocean’s Eleven-level heist complete with a Boeski and a Jim Brown. Sometimes you can just grab a lockbox, and run. This is a bit like the difference between many complex pentesting techniques, and the most common cryptographic attack: brute force. Instead of carefully crafting a payload or custom buffer overflow, you can just throw passwords until one works.
Five cryptographic attacks are worth knowing about. They all involve bypassing authentication systems to gain access. Let’s take a closer look at brute force and its five crypto-related cousins.
1. Brute Force
Brute force attacks are exactly what they sound like: using as much muscle as possible in order to guess a login. This is usually done using a wordlist such as those found in SecLists (NSFW language in some of these), and Kali tools like Hydra. These tools can be combined to create a powerful weapon against all protocols that require authentication, including FTP to SSH and VNC to SMB as well as different types of HTTP authentication methods like basic authentication and form information. The tool automatically logs in against a host using a known user name. It then stores each password on the list until it succeeds or runs out.
The brute force attack is based on one simple idea: your password may not be very original. We’re not talking about “password” and “123456.” Some wordlists can contain tens of thousands of passwords.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training. Although brute force isn’t perfect, it can be done with a lot of luck and time. You can’t throw logins at a server as fast as you want. If you do, all your connections will drop. A competent developer should block IPs that spam their server with bogus login request. There are also more sophisticated attacks.
2. Rainbow Tables
First, let’s review hashes to understand rainbow tables. An application would rarely store user passwords as plain text. They are stored as hashes. A hash is created by running a password through a one way algorithm such as MD5 or SHA-1 and producing a string with random characters. This is why the algorithm is one-way is important. The hacker cannot reverse the hashing process to generate a password if the hashes have been compromised.
The app will hash your password when you log in to an application. It will then compare the hash with the database. It is safe to authenticate users without the need for the system to store the password because the algorithm will always produce an identical hash.
It is safe, but hackers can steal databases containing the hashes, which is the norm for many data breaches reported in the news. Problems start when you realize that the password hash is always the same. What if you ran a wordlist through an algorithm to hash a password, stored every generated hash and then compared stolen hashes to this file. This file is called a rainbow table. There are entire websites dedicated to hosting them and searching for your hashes. Sometimes you might just be lucky enough to Google a hash.
Modern apps use algorithms that add salting to generate hashes. However, there are many legacy apps and OSes that still use old school algorithms without salting.
3. Offline Hash Cracking
Online attacks are also known as brute force attacks. To make any progress, you must be able to connect online to the service that you want to compromise. You won’t get anywhere fast if you don’t send and receive a response across your network. Your attack will stop if your IP is blocked.
If you manage to get hold of some hashes and your rainbow tables are empty, you can still work offline crack. We’ll make it i