Richard Bucker

CrackQ: Efficient password cracking for pentesters and red teamers

Posted at — Dec 6, 2019

The problem with this sort of system is that it’s wrong. When a user fails to enter the correct password nost system will ban that IP address for a little while. Once that account and system or systems has been freed then it can try again. It’s just too easy to keep track and then ultimately ban the user permanently or at least a longer interval. So things like dictionary attacks do not work anymore. If the attacker is already inside the system and has access to the passwd file and/or the internal authentication does not have fail counters then that is a different problem.