Kelly is a network security officer for a large state-run agency in California. Kelly is asked by the IT manager of another state agency to perform a security audit on their network. This audit she is asked to perform is an external audit. The IT manager thought that Kelly would be a great candidate for this task since she does not work for this other agency and is an accomplished IT auditor. The first task that she is asked to perform is an attempt to crack user passwords. Since Kelly knows that all state agency passwords must abide by the same password policy, she believes she can finish this particular task quickly.
What is the best password attack method for Kelly to use in this situation?
A. Kelly can produce the best and fastest results if she uses a dictionary attack.
B. A hyberfil-based password attack is the best method of password cracking in this scenario.
C. She should utilize the reverse-encryption password cracking technique since she knows the password policy.
D. Kelly should use a rule-based attack on the agency’s user passwords.
The correct answer is D.
This attack is used when the attacker or security auditor has some information about the password. This is more powerful attack than the dictionary and brute-force attacks, because the attacker or security auditor knows the password type. For example, if the attacker or security auditor knows that the password contains a two- or three-digit number, he or she will use some specific techniques to extract the password quickly.
Certified Ethical Hacker v9