Dictionary Passphrase Attack

G5 Cyber Security

2 weeks ago

TL;DR

This guide shows you how to try every possible combination of words from a dictionary file to crack a passphrase. It’s a basic brute-force attack, and it can be slow but effective against simple passphrases.

Steps

Get a Dictionary File

You’ll need a text file containing a list of words, one word per line. Many are available online; search for ‘wordlist’ or ‘dictionary attack list’. A larger dictionary will take longer but has more possibilities.

Choose Your Tool

Several tools can do this. We’ll use hydra as an example, but others like john the ripper also work well. Make sure you have it installed on your system. On Debian/Ubuntu:

sudo apt update
sudo apt install hydra

Identify the Target Service

You need to know what service is protecting the passphrase (e.g., SSH, FTP, a web application login). You also need the username if required.

Run Hydra with Wordlist

This is where you start the attack. The basic command structure for hydra looks like this:

hydra -l  -P

-l : Replace with the username if needed.
-P : Replace with the full path to your dictionary file (e.g., /usr/share/wordlists/rockyou.txt).
: The IP address or hostname of the target server.
: The service you’re attacking (e.g., ssh, ftp, http-post-form).

Example for SSH:

hydra -l testuser -P /usr/share/wordlists/rockyou.txt 192.168.1.10 ssh

Example for a web form (HTTP POST): You’ll need to inspect the login form’s HTML source code to find the parameter names.

hydra -P /usr/share/wordlists/rockyou.txt 192.168.1.10 http-post-form "login=^USER^&password=^PASS^"

Monitor the Output

Hydra will try each word in your dictionary as a password. It will print any successful logins to the console.

Combine Words (Optional)

For longer passphrases, you can try combining words from the dictionary. This significantly increases the number of attempts but also the chance of success. You’ll need a script or tool that generates combinations. A simple bash loop example:

#!/bin/bash
wordlist="/usr/share/wordlists/rockyou.txt"
while read -r word1;
do
  while read -r word2;
do
    echo "$word1 $word2"
  done < $wordlist
done < $wordlist | hydra -P - 192.168.1.10 ssh

This script generates all two-word combinations and pipes them to Hydra.

Consider Rate Limiting

Many services have rate limiting, which will block you after too many failed attempts. You can use the -t option in Hydra to limit the number of concurrent connections and slow down the attack.

Important Considerations

Legality: Always get permission before testing a system’s security. Unauthorized access is illegal.
Ethics: Use this knowledge responsibly for ethical hacking and penetration testing purposes only.
Effectiveness: This attack works best against weak passphrases that use common words or simple combinations.
cyber security: Passphrase complexity is key to preventing brute-force attacks. Encourage strong, unique passwords.