The Be Sure Blog

Code Snippets | Problem Solving | Tips & Tricks

The Be Sure Blog banner

Password Attack Hacking

posted on 15.1.2023 by Below Surface in "Cyber Security"

Passwords are used to protect sensitive areas in the digital world. But there are different ways to crack passwords and get access to the protected area. Many security breaches involve access of unauthorized users by taking over an authorized account. There are seven ways of Password attacking

  1. Brute Force
  2. Dictionary Attack
  3. Phishing
  4. Rainbow Table
  5. Credential Stuffing
  6. Password Spraying
  7. Keylogger

1. Brute Force:

Is the most common one. The attacker will try to guess the correct password by using all the possible password combinations. Usually brute forcing starts with the easiest combination and works its way up to more complex combinations until it eventually guesses the correct combination.

2. Dictionary Attack:

Is similar to brute forcing, but the attacker does not randomly try to guess the password, but uses dictionaries to try out whole words or word combinations.

3. Phishing:

Instead of guessing the password, the attacker may just ask the user for it. To increase the rate of success, the attacker may pretend to be a known, legitimate service. For this attack often emails are sent to the target and lead them to a website with input fields for the credentials. Or the attacker may pretend to be the companies IT and ask for the data. This is called social engineering.

4. Rainbow Table:

Normal internet services use hash algorithms to turn users plain text passwords into a unreadable strings of letters, numbers and symbols. The password hash can then be stored in a database without the fear of a database breach leading to directly exposing the plain users passwords. However, if an attacker gets the users hashes and already has a full list of pre-computed hashes, he logically has the correct plain text password of the according hash. A list like this is called Rainbow Table.

5. Credential Stuffing:

Attackers will try acquired passwords and usernames for one service at other services as well. This may work, because users often re-use passwords and usernames for multiple services. This is similar to brute force attacking, but is way more effective because the attacker already have known passwords.

6. Password Spraying: Is part of the brute force family. The attacker will try many accounts of the service with a few commonly used passwords. Success is, if any of the users use one of these usually weak passwords. Instead of trying near endless passwords for one users account, the attacker uses one or a few passwords for many users.

7. Keylogger:

Will be installed on the victims system and log all the keyboard inputs of the user. Even safe passwords will be acquired easily with this method.



cyber security
password attack
brute force
dictionary atack
rainbow table
credential stuffing
password spraying


More posts of this category

Distributed Denial of Service Attacks

What are DDoS attacks and which types are existent

Cyber Security

Man in the Middle attacks

How attackers intercept and relay data with bad intentions

Cyber Security

Drive-by attack hacking

Drive-by attacks or Drive-by downloads are a common way to distribute malware

Cyber Security