As a certified ethical hacker, you are performing a system hacking process for a company that is suspicious about its security system. You found that the company’s passwords are all known words, but not in the dictionary. You know that one employee always changes the password by just adding some numbers to the old password. Which attack is most likely to succeed in this scenario?
Given the context where passwords are known words with numbers added, the most effective attack would be a Hybrid Attack. A Hybrid Attack combines elements of both dictionary attacks (known words) and brute-force attacks (adding variations like numbers). This approach is particularly useful when passwords are created by modifying known words through predictable patterns, such as appending numbers, which is the scenario described.
I think answer is D, because it specify "known words, but NOT dictionary". Hybrid attack combined with known words from dictionary, so rule-based should be a more accurate answer.
I agree with this.
This is the way
well the correct is in fact C. Hybrid Attack
C check pg 604 CEH V12
Is C. Hybrid attack, as the first comment says, at page 604 of CEH there is clearly written this attack works when people changes the password by just adding some numbers to the old password.
The question mentions the words are not in the dictionary. So it can't be hybrid since it utilizes dictionary of known words.
Hybrid Attack: This type of attack depends on the dictionary attack. Often, people change their passwords merely by adding some numbers to their old passwords. In this case, the program would add some numbers and symbols to the words from the dictionary to try to crack the password. For example, if the old password is “system,” then there is a chance that the person will change it to “system1” or “system2
This is the way
C. Hybrid Attack A hybrid attack combines elements of both dictionary attacks (known words) and brute-force attacks (trying all possible combinations, including modifications like adding numbers). In this case, the attacker leverages the knowledge that the passwords are known words but also incorporates variations by adding numbers. Hybrid attacks are effective in situations where there are patterns or rules applied to password creation, as is the case in the described scenario.
Attackers use rule-based attacks when they have some knowledge of the passwords and see evidence of simple salts and peppers like "123" at the end of the password. This question is garbage in terms of it's wording, but does combine the two fundamental concepts of rule-based.
D. Rule-based Attack Rule-based attacks are a sophisticated form of brute-force/dictionary attacks where the attacker defines complex rules based on typical user behavior of password creation (like replacing 'o' with '0', adding years at the end, etc.). This can be highly effective if you understand the common modifications users make to base words in their passwords.
C. Hybrid Attack Key word Often, people change their passwords merely by adding some numbers to their old passwords.
answer dddddddddddddddddddddddd A hybrid attack combines elements of a dictionary attack with specific rules, such as adding numbers or symbols to the ends of dictionary words. In theory, this type of attack could fit well with the pattern observed in this employee's password changes, since it is based on predefined rules. However, the reason answer C is not selected as the most likely option in this scenario is because, given the information provided, there is no mention of employees using dictionary words as the basis for their passwords. Instead, passwords are stated to be known words with the addition of numbers.
remember ...company's passwords are all known words, BUT NOT in the dictionary...
This is a more powerful attack than disctionary and brute-force attacks because the cracker knows the password type." (M06 P604)
D. Rule-based Attack
well the correct is in fact C. Hybrid Attack
C: Hybrid Attack
Hybrid Attack