📹 Take a video course - https://certbros.teachable.com/p/cisc...
✔ Use practice exams - https://www.certbros.com/ccna/Exsim
SKILLSHARE COURSES
Landing your dream job takes more than just technical skills. Skillshare is a great place to learn all the soft skills you need to be successful. Use the below link for a free 14-day trial.
Learn to hack with HackTheBox Academy ▶ https://www.certbros.com/HTBAcademy
Start the Bug Bount Hunter Training ▶ https://www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox ▶ https://www.certbros.com/HackTheBox
00:00 Why target login pages?
00:23 Types of attack
02:19 Setup with Hack the Box
03:46 Command format
05:31 Dictionary attack
16:48 How to protect ourselves
17:28 Outro
Most websites have login pages and in this video, I’m going to show you how to hack them!
So why target login pages? Well, behind every login page is access to confidential information or even administrator-level access.
This is gold dust for hackers! So as penetration testers or bug bounty hunters, it's extremely valuable for us as well.
So how do we actually go about hacking a login page?
There are two main types of attacks we can use here. Brute forcing and dictionary attacks.
A brute force attack is where you try every possible password that exists. For example, we might start with A, then AA, then AAA, then AAB, and so on and so on until the correct password is found.
In theory, this will eventually find the correct password, no matter what it is. However, the time it takes can vary greatly.
For example, finding a 5-character password with only lowercase letters could take seconds. A 16-character password with numbers, uppercase and special characters, however, could take millions of years!
This is why we use the second type of attack called a dictionary attack. A dictionary attack is actually a type of brute force.
But instead of trying every possible combination of letters, numbers and symbols, we use a prebuilt list of possible passwords.
Us humans are not as smart as we like to think! We tend to use passwords that are easy to type, easy to remember and even reuse that same password over and over again.
So we can use lists of passwords containing words, phrases and known passwords from past data breaches and there is a good chance we will find a match.
Lucky we don’t need to type these passwords ourselves. There are plenty of tools we can use to do this for us. Probably the most popular one is called Hydra.
Hydra is a free tool used to hack logins, and it's what we are going to use today.
Comments
Post a Comment