MITRE ATT&CK / T1110.002
T1110.002
Password Cracking
Description
Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained. [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) can be used to obtain password hashes, this may only get an adversary so far when [Pass the Hash](https://attack.mitre.org/techniques/T1550/002) is not an option. Further, adversaries may leverage [Data from Configuration Repository](https://attack.mitre.org/techniques/T1602) in order to obtain hashed credentials for network devices.(Citation: US-CERT-TA18-106A)Techniques to systematically guess the passwords used to compute hashes are available, or the adversary may use a pre-computed rainbow table to crack hashes. Cracking hashes is usually done on adversary-controlled systems outside of the target network.(Citation: Wikipedia Password cracking) The resulting plaintext password resulting from a successfully cracked hash may be used to log into systems, resources, and services in which the account has access.
Platforms
Mitigations
- M1027 — Password Policies
- M1032 — Multi-factor Authentication
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Hacking Methodology: A Comprehensive Guide for Cybersecurity Professionals
- Hydra.: A Comprehensive Guide to Automated Password Cracking and Enumeration
- Steps and Process of Hacking Methodology
- Network security and its policy
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →