bakingsoda Posted October 16, 2019 Share Posted October 16, 2019 Let's say the end goal of an attack is just to get a maximum amount of random working logins for a given website. You have a list of usernames (1 million for example), What would be the most effect username to password ration to use for the attack - given you have 1 week to complete it? example: A: Use 100 usernames with a huge password list of 1 million passwords B: Roughly same amount of usernames and passwords C: Use all 1 million usernames, testing each with only 100 most commonly used passwords? Out of experience, which do you think would be the most effective? Link to comment Share on other sites More sharing options...
Cap_Sig Posted October 17, 2019 Share Posted October 17, 2019 The first step would be more recon on the target. If you could find there method for assigning usernames then the list can be reduced to allow for more password utilization. Another very useful piece of info is if they have password requirements. This could really help define things like length, characters used, etc. If you are going in completely "blind" then you are leaving the best answer more to chance. I'm sure some users experience will have a more likely answer to this question but it can be situational as well. Another way to maximize things would be use of rainbow tables / databases but there is a memory trade off doing this. Link to comment Share on other sites More sharing options...
digininja Posted October 17, 2019 Share Posted October 17, 2019 Give us your use case for this, what are you attacking? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.