Kelly is a network security officer for a large state-run agency in California. Kelly is asked by the IT manager of another state agency to perform a security audit on their network. This audit she is asked to perform is an external audit. The IT manager thought that Kelly would be a great candidate for this task since she does not work for this other agency and is an accomplished IT auditor. The first task that she is asked to perform is an attempt to crack user passwords. Since Kelly knows that all state agency passwords must abide by the same password policy, she believes she can finish this particular task quickly.
What is the best password attack method for Kelly to use in this situation?
A. Kelly can produce the best and fastest results if she uses a dictionary attack.
B. A hyberfil-based password attack is the best method of password cracking in this scenario.
C. She should utilize the reverse-encryption password cracking technique since she knows the password policy.
D. Kelly should use a rule-based attack on the agency’s user passwords.
Reveal Answer
The correct answer is D.
This attack is used when the attacker or security auditor has some information about the password. This is more powerful attack than the dictionary and brute-force attacks, because the attacker or security auditor knows the password type. For example, if the attacker or security auditor knows that the password contains a two- or three-digit number, he or she will use some specific techniques to extract the password quickly.
Related Course
Certified Ethical Hacker v9
CEH v9 Question of the Week Series
CEH v9 Question of the Week: Retina Scanners
CEH v9 Question of the Week: Employee Behavior
CEH v9 Question of the Week: CVE-2007-2447
CEH v9 Question of the Week: SQL Injection
CEH v9 Question of the Week: Web Application Penetration Testing
CEH v9 Question of the Week: iptables
CEH v9 Question of the Week: Examine Streams of Packets
CEH v9 Question of the Week: Scans
CEH v9 Question of the Week: SQL Injection
CEH v9 Question of the Week: Standard Risk Assessment
CEH v9 Question of the Week: Penetration Testing
CEH v9 Question of the Week: SMB Over TCP/IP
CEH v9 Question of the Week: Block Cipher
CEH v9 Question of the Week: Prevent Future DoS Attacks
CEH v9 Question of the Week: Same MAC Address
CEH v9 Question of the Week: XSS Scripting
CEH v9 Question of the Week: Sniff a Switched Network
CEH v9 Question of the Week: TCP/IP Session Hijacking
CEH v9 Question of the Week: Firewall Traffic
CEH v9 Question of the Week: Full TCP connection
CEH v9 Question of the Week: Password Cracking Tool
CEH v9 Question of the Week: Social Engineering Attack
CEH v9 Question of the Week: Password Attack Method