Password Cracking Techniques



CyberQ Skill Packs provide direct hands-on, practical experiences in the EC-Council Cyber Range Platform. The CyberQ Skill Pack – Password Cracking Techniques provides an assembly of 10 distinct exercises in password cracking. Purchasing this product will enable the Learning Path in your CyberQ Account providing up to three attempts for each challenge.


Password cracking is the process of recovering passwords from the data transmitted by a computer system or from the data stored in it. The purpose of cracking a password might be to help a user recover a forgotten or lost password, as a preventive measure by system administrators to check for easily breakable passwords, or for use by an attacker to gain unauthorized system access.

Hacking often begins with password-cracking attempts. A password is a key piece of information necessary to access a system. Consequently, most attackers use password-cracking techniques to gain unauthorized access. An attacker may either crack a password manually by guessing it or use automated tools and techniques such as a dictionary or a brute-force method. Most password-cracking techniques are successful because of weak or easily guessable passwords.

Types of Password Attacks

  • Dictionary Attack: In this type of attack, a dictionary file is loaded into a cracking application that runs against user accounts. This dictionary is a text file that contains several dictionary words commonly used as passwords. The program uses every word present in the dictionary to find the password.
    Brute-Force Attack: In a brute-force attack, attackers try every combination of characters until the password is broken.
  • Rule-based Attack: Attackers use this type of attack when they obtain some information about the password. This is a more powerful attack than dictionary and brute-force attacks because the cracker knows the password type. For example, if the attacker knows that the password contains a two- or three-digit number, he/she can use some specific techniques to extract the password quickly.

Password Cracking Techniques Covered in this Learning Path:

  • SSH Password Cracking
  • Telnet password cracking
  • SMB Password Cracking
  • FTP Password Cracking
  • ZIP Password Cracking
  • Password Hash Cracking
  • WinRM Password Cracking
Skill ID Statement
S0001 Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
S0009 Skill in assessing the robustness of security systems and designs.
S0044 Skill in mimicking threat behaviors.
S0051 Skill in the use of penetration testing tools and techniques.
S0137 Skill in conducting application vulnerability assessments.
S0364 Skill to develop insights about the context of an organization’s threat environment
  • Blue Team Technician
  • Red Team Technician
  • Computer Network Defense (CND) Auditor
  • Ethical Hacker
  • Information Security Engineer
  • Internal Enterprise Auditor
  • Penetration Tester
  • Network Security Engineer
  • Reverse Engineer
  • Risk/Vulnerability Analyst
  • Technical Surveillance Countermeasures Technician
  • Vulnerability Manager

Environment Screenshots