1
00:00:00,640 --> 00:00:07,000
‫So when performing a password cracking attack, it's either an online or offline attack.

2
00:00:07,450 --> 00:00:09,760
‫And we'll look at each method in detail.

3
00:00:10,420 --> 00:00:15,850
‫Online password cracking attacks are necessary when you don't have access to the password hashes.

4
00:00:16,660 --> 00:00:22,210
‫When performing an online attack you you're usually presented with a web form asking for username and

5
00:00:22,210 --> 00:00:29,540
‫password combination, performing an online attack and be very noisy, extremely slow and sometimes

6
00:00:29,540 --> 00:00:30,490
‫just not feasible.

7
00:00:31,520 --> 00:00:36,530
‫And many login forms have a lockout feature that locks you out after a certain number of failed login

8
00:00:36,530 --> 00:00:36,950
‫attempts.

9
00:00:37,430 --> 00:00:43,280
‫For example, if I failed to log on to my online banking after multiple tries, my account will be locked

10
00:00:43,280 --> 00:00:44,150
‫for 20 minutes.

11
00:00:45,610 --> 00:00:52,390
‫Now, in addition, online password cracking attacks are very noisy, and when you're throwing random

12
00:00:52,390 --> 00:00:56,410
‫wrong passwords in a system, it's log file will grow tremendously.

13
00:00:56,980 --> 00:01:02,860
‫It looks very suspicious when there are hundreds of wrong password attempts logged into the same IP

14
00:01:02,860 --> 00:01:03,280
‫address.

15
00:01:04,850 --> 00:01:11,480
‫So to get around these factors, you might try to cover up your IP address via a proxy, use a different

16
00:01:11,480 --> 00:01:17,540
‫proxy for every five to 10 guesses or even attempt a few guesses every 30 minutes.

17
00:01:17,960 --> 00:01:19,520
‫So it looks less suspicious.

18
00:01:20,210 --> 00:01:24,410
‫Many of the password cracking programs out there have these features available.

19
00:01:26,200 --> 00:01:27,490
‫Now offline.

20
00:01:27,640 --> 00:01:33,310
‫Password cracking attacks are only possible when you have access to the password hashes.

21
00:01:34,150 --> 00:01:39,550
‫The attack is done on your own system or on systems that you have local access to.

22
00:01:40,870 --> 00:01:48,370
‫Unlike an online attack, there are no locks or anything else to stop you on and offline attack because

23
00:01:48,370 --> 00:01:50,230
‫you are doing it on your own machines.

24
00:01:51,230 --> 00:01:56,720
‫The only thing that could hold you back is the limits of your computer hardware, because an off line

25
00:01:56,720 --> 00:02:02,840
‫attack takes advantage of its machine's processing power and its speed is dependent on the speed of

26
00:02:02,840 --> 00:02:03,800
‫the actual machine.

27
00:02:04,250 --> 00:02:10,670
‫So the better the processor and nowadays even graphics cards, more password guessing attempts, you

28
00:02:10,670 --> 00:02:11,900
‫can get per second.