A penetration tester identifies that a web application's login form is not using secure password hashing mechanisms, allowing attackers to steal passwords if the database is compromised. What is the best approach to exploit this vulnerability?
A.
Perform a dictionary attack using a list of commonly used passwords against the stolen hash values
B.
Input a SQL query to check for SQL injection vulnerabilities in the login form
C.
Conduct a brute-force attack on the login form to guess weak passwords
D.
Capture the login request using a proxy tool and attempt to decrypt the passwords
If a system stores passwords in weak or reversible formats, attackers can perform offline cracking. CEH emphasizes dictionary attacks as the fastest and most efficient method to exploit weak hashing practices. This avoids detection and leverages known password patterns to recover plaintext credentials.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit