CCNA – https://certbros.teachable.com/p/cisco-ccna?utm_sourceyoutube&utm_mediumdesc&utm_campaignCCNA
FREE CCNA FLASH CARDS
CCNA Flashcards – https://certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
Get a good book – https://amzn.to/3f16QA5
Take a video course – https://certbros.teachable.com/p/cisco-ccna?utm_sourceyoutube&utm_mediumdesc&utm_campaignCCNA
Use practice exams – https://www.certbros.com/ccna/Exsim
SOCIAL
Twitter – https://twitter.com/certbros
Instagram – https://www.instagram.com/certbros
LinkedIn – https://www.linkedin.com/company/certbros
Discord – https://www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I will receive a small commission at no extra cost to you.
————————————————– ————————————————– ———–
HackTheBox Academy
Learn to hack with HackTheBox Academy https://www.certbros.com/HTBAcademy
Start Bug Bount Hunter Training https://www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox https://www.certbros.com/HackTheBox
00:00 Why target login pages?
00:23 Types of attacks
02:19 Setup with Hack the Box
03:46 Command format
05:31 Dictionary attack
16:48 How to protect ourselves
17:28 Exit
Most websites have login pages and in this video I'll show you how to hack them!
So why target login pages? Well, behind each login page is access to confidential information or even administrator level access.
It's gold dust for hackers! As penetration testers or bug bounty hunters, this is also extremely valuable to us.
So how can we actually hack a login page?
There are two main types of attacks we can use here. Brute forcing and dictionary attacks.
A brute force attack involves trying every possible password that exists. For example, we could start with A, then AA, then AAA, then AAB, and so on until the correct password is found.
In theory, it will eventually find the right password, whatever it is. However, the time required can vary greatly.
For example, finding a 5-character password containing only lowercase letters might take a few seconds. However, a 16 character password with numbers, capital letters and special characters could take millions of years!
This is why we use the second type of attack called dictionary attack. A dictionary attack is actually a type of brute force.
But instead of trying every possible combination of letters, numbers and symbols, we use a predefined list of possible passwords.
We humans are not as smart as we like to think! We tend to use passwords that are easy to type, easy to remember, and even reuse that same password over and over again.
So we can use password lists containing words, phrases and passwords known from previous data breaches and there is a good chance we will find a match.
Fortunately, we don't need to enter these passwords ourselves. There are many tools we can use to do this for us. The most popular is probably called Hydra.
Hydra is a free tool used to hack connections, and that's what we're going to use today.
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments