The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?
A.
Online rainbow table attack
B.
Offline brute force attack
C.
Offline dictionary attack
D.
Online hybrid attack
Explanation:
This is an example of an online hybrid attack. A hybrid attack is a combination of attacks. In this example,
we have a combination of a dictionary attack and a brute-force attack.
A brute force attack is a trial-and-error method used to obtain information such as a user password or
personal identification number (PIN). In a brute force attack, automated software is used to generate a
large number of consecutive guesses as to the value of the desired data.
A dictionary attack uses a list of words to use as passwords. The combination or hybrid attack adds
characters or numbers or even other words to the beginning or end of the password guesses. In this
example we have a password guess of ‘admin’. From the word admin, we have four combinations,
‘admin1, 1admin, admin2, 2admin’.
Incorrect Answers:A: A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking
password hashes. The passwords in this attack are plain text, not hashes so a rainbow table is not being
used.
B: The attack in this question is against a web server while the server is online. Therefore, this is an online
attack, not an offline attack so this answer is incorrect.
C: The attack in this question is against a web server while the server is online. Therefore, this is an online
attack, not an offline attack so this answer is incorrect.https://hashcat.net/wiki/doku.php?id=hybrid_attack