Skip to main content

2 posts tagged with "Password Spraying"

Password spraying is an authentication attack where the attacker sends a large number of login attempts with a single, common password across multiple user accounts. This technique relies on the assumption that many users reuse passwords, making it more likely for the attacker to gain access to at least one account. By using a "spray" of common passwords, the attacker can efficiently test a large set of potential credentials without being detected by rate limiting or other security measures.

View All Tags

THM | Password Attacks

· 27 min read

Red Teaming | Password Attacks | Summary:

This room is designed to teach about various strategies and techniques used in cracking or guessing passwords. It covers both offline and online methods, including dictionary and brute-force attacks, rule-based attacks, and custom rules.

The room emphasizes password profiling, teaching users how to create effective wordlists using default, weak, leaked, combined, and username sources.

Other topics include keyspace techniques, CUPP (Custom Password Profile), and online attacks targeting FTP, SMTP, SSH, and HTTP login pages. Additionally, it introduces the concept of password spraying attacks.