eJPT - eLearnSecurity Junior Penetration Tester Password Attacks and Cracking Questions and Answers

Question 1

A penetration tester has obtained a list of password hashes from a compromised Windows machine. They want to recover the plaintext passwords as efficiently as possible by using a precomputed lookup table that maps hashes to passwords. Which type of attack is this?

Accepted Answer

Rainbow table attack

Answer

A rainbow table attack uses a precomputed table to reverse cryptographic hash functions, allowing an attacker to quickly find the plaintext password corresponding to a captured hash. [2, 3] This is more efficient than a brute-force attack, which tries every possible combination, or a dictionary attack, which is limited to a wordlist. [4] A pass-the-hash attack uses the hash itself to authenticate, without needing to crack it. [9]

Question 2

During a penetration test, an attacker gains access to a user's NTLM hash. Instead of spending time cracking the hash to reveal the plaintext password, the attacker uses the hash directly to authenticate to other network resources and move laterally. What is this technique called?

Accepted Answer

Pass-the-hash (PtH)

Answer

A Pass-the-Hash (PtH) attack is an exploit where an attacker steals a hashed user credential and reuses it to authenticate and create new sessions on a network. [8, 9] The key characteristic is that the attacker does not need to crack the hash to find the original password. [10]

Question 3

Which of the following password cracking tools is specifically designed to perform dictionary attacks, but can also be extended to perform brute-force and rainbow table attacks, making it a highly versatile offline password cracker?

Accepted Answer

John the Ripper

Answer

John the Ripper (JTR) is a popular and powerful password cracking tool primarily used for dictionary attacks. [19] It is highly versatile and supports multiple modes, including brute-force attacks, and can utilize rainbow tables. [25, 26] Metasploit is an exploitation framework, Wireshark is a packet analyzer, and Nmap is a network scanner; none are primarily password crackers.

Question 4

A junior penetration tester is attempting to crack a password for a web application login. They decide to use an automated tool that systematically tries every possible combination of letters, numbers, and symbols. Which attack method are they using?

Accepted Answer

Brute-Force Attack

Answer

A brute-force attack is a method that involves systematically trying every possible combination of characters until the correct password is found. [1] This contrasts with a dictionary attack, which uses a list of common words, or password spraying, which tries a few common passwords against many accounts. [1, 29]

Question 5

In a scenario where an attacker has a list of common passwords (e.g., 'password123', 'qwerty', '123456') and wants to see if any of these passwords work for a large number of different user accounts on a single system, which attack is being performed?

Accepted Answer

Password Spraying

Answer

Password spraying is a type of brute-force attack where an attacker tries a small number of common passwords against many different user accounts. [29] This technique avoids account lockouts that typically occur when many incorrect passwords are used for a single account.

eJPT - eLearnSecurity Junior Penetration Tester Practice Test

eJPT - eLearnSecurity Junior Penetration Tester Practice Test

eJPT - eLearnSecurity Junior Penetration Tester Password Attacks and Cracking Questions and Answers