Password Attacks with Kali Linux

Webinar Registration

Kali Linux has almost 40 tools in its Password category of tools. In this webinar, we will show you the most popular and useful. But before you can really use these tools for pentesting or risk analysis you also need to understand the multifaceted world of password attacks. 

Password attacks can largely be divided into online and offline attacks and hybrid.

With online attacks, you actively contact listening service – trying to authenticate using various passwords or related credentials. Brute force online attacks are the simplest but most time consuming and “loudest”. We’ll look at “better-than-brute force” methods and tools in Kali. 

Offline attacks require you to harvest some derivative of a password such as hashes, session keys, cached credentials and more. Then you work backwards from that artifact to figure out the actual password in a process called cracking. We will look at tools for harvesting credential artifacts and then we’ll explore some of the cracking tools that come with Kali as well as techniques like rainbow tables.

But is it even necessary to crack the hash? Some technologies, such as Windows, are vulnerable to hybrid attacks such as pass-the-hash. We will discuss how these attacks work, their perquisites and tools in Kali that apply these techniques.

There are a lot of peripheral tools to make the above attacks more efficient. For instance, we’ll look at PACK and other tools that help you build efficient wordlists for online login attacks as well as cracking. The more you know about the environment and users involved, the more targeted you can make the list of passwords tried.

Here’s a list of some of the tools we plan to discuss:

  • Creddump
  • PACK
  • Hashcat
  • HexorBase
  • Hydra
  • Keimpx
  • Ncrack
  • Ophcrack

For online attacks it’s also important to have tools that can attempt logon through a wide range of protocols. We’ll show you how some of these tools can try everything from RDP to SQL Server and in between.

Then Joseph Carson from our sponsor, Thycotic, will show you some of the techniques he uses to get your passwords and some best practices to help reduce the risks of your password being stolen and abused.

Join us for this real-training-for-free session.

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  
Company Size:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.



Additional Resources