A Real-World Password Cracking Demonstration Using Open Source Tools for Instructional Use

Passwords are the among the most standard ways to protect and authenticate the security of a network or any other confidential information. Password cracking helps in the penetration testing so that we can find out the strength of a password. In this paper, we are going to discuss different types of password cracking tools with an emphasis on THC Hydra. We are also going to discuss different types of attacks that can be launched by password cracking tools. The paper specifically demonstrates the attack of THC Hydra on an FTP server and an SSH server that can be used in the teaching of a foundational cybersecurity course. We conclude the paper with a discussion on several actions that can be taken for end-user protection.

[1]  Bogdan Groza Analysis of a Password Strengthening Technique and Its Practical Use , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[2]  M. Abadi Strengthening Passwords , 1997 .

[3]  Yoginder S. Dandass Using FPGAs to Parallelize Dictionary Attacks for Password Cracking , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[4]  Udi Manber,et al.  A simple scheme to make passwords based on one-way functions much harder to crack , 1996, Comput. Secur..