Dictionary Attack Term Project
In cryptanalysis and computer security, a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
A dictionary attack is based on trying all the strings in a pre-arranged listing, typically derived from a list of words such as in a dictionary (hence the phrase dictionary attack). In contrast to a brute force attack, where a large proportion of the key space is searched systematically, a dictionary attack tries only those possibilities which are deemed most likely to succeed.
It is possible to achieve a time–space tradeoff by pre-computing a list of hashes of dictionary words, and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but allows the actual attack to be executed faster. Pre-computed dictionary attacks are particularly effective when a large number of passwords are to be cracked. The pre-computed dictionary need be generated only once, and when it is completed, password hashes can be looked up almost instantly at any time to find the corresponding password.
There are mainly 2 types of dictionary attack.
- Online Dictionary Attack
- Offline Dictionary Attack
- Attack on FTP Server (Online)
- Attack on Login form (Online)
- Attack on offline password protected files (Offline)
An FTP server is a computer which has a file transfer protocol (FTP) address and is dedicated to receiving an FTP connection.
- FTP’s regular authentication scheme is quite rudimentary: it is a simple “username / password” login scheme, shown in Figure. Most of us are familiar with this type of authentication for various types of access, on the Internet and elsewhere. First, the user is identified by sending a user name from the User-PI to the Server-PI using the USER command. Then, the user's password is sent using the PASS command.
- The server checks the user name and password against its user database, to verify that the connecting user has valid authority to access the server. If the information is valid, the server sends back a greeting to the client to indicate that the session is opened. If the user improperly authenticates (by specifying an incorrect user name or password), the server will request that the user attempt authorization again.
- After successful authentication, the server then sets up the connection to allow the type of access to which the user is authorized.
- Establishing TCP connection to the server.
- Generate the dictionary file.
- Send the username that we are cracking password for.
- Try the passwords in the dictionary file and check if login successful and show the cracked password.
- Python Programming Language for scripting
- ftplib library for making TCP connection with the FTP Server
- For simulation purpose, we are using windows default FTP Server.
The login page allows a user to gain access to an application by entering their username and password or by authenticating using a social media login.
Passwords are taken through the forms. The passwords are posted through HTTP Post method. A general HTTP POST method in the website will send the password in the HTTP header and a response will come from the other side.
An HTTP client sends an HTTP request to a server in the form of a request message which includes following format:
- A Request-line which begins with a method token followed by the Request-URI and the protocol version, and ending with CRLF.
- Zero or more header fields followed by CRLF. There are many header fields for this.
- An empty line indicating the end of the header fields.
- Optionally a message-body A sample HTTP request is shown below:
- First, we will have to get the url of the login page.
- Then, we will have to inspect the login page and find the username and password field. We will need the id and class name for the username and password field.
- We need to figure out the password success and failure response from the website.
- Then we will construct a HTTP request header for the login page and try to login using username and passwords from our dictionary.
- If we become successful, then we will show the password for the username.
- Python Programming Language.
- requests standard library for constructing HTTP request for the website.
- We will host a dummy website on a local server to test our attack. Our dummy login page will look like following:
- For local server, we will use wampserver.
When a document like pdf, docs or zip is encrypted with a password, then it is called password protected document.
- For the password protected files, we will generate a password dictionary.
- Guess the password for the file.
- If we become successful then the password is cracked.
- Python Programming Language
- zip, pypdf2 library for opening and entering passwords for zip and pdf files.
Dictionary attacks often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords, or simple variants obtained, for example, by appending a digit or punctuation character. So, we can exploit this ignorance of many people of using weak passwords. By guessing the common passwords, there is a chance of cracking the authentication system.
- The first is to implement an account lockout policy. For example, after three failed login attempts, the account is locked out until an administrator unlocks it.
- We should use a challenge-response test to prevent automated submissions of the login page. Tools such as the free reCAPTCHA can be used to require the user to enter a word or solve a simple math problem to ensure the user is, in fact, a person.
- Any Web application should enforce the use of strong passwords. At a minimum, requiring users to choose passwords of eight letters or more with some complexity (letters and numbers, or requiring one special character) is an excellent defense against brute force attacks.