Passwords Lab Flashcards

Question 1

Q

What is the primary goal of password cracking tools?

A. Encrypt user data.
B. Test password security.
C. Monitor network traffic.
D. Secure files with hashes.

Question 2

Q

Which is a commonly used hashing algorithm for passwords?

A. AES
B. MD5
C. RSA
D. ECC

Question 3

Q

What is a dictionary attack?

A. Using precomputed hashes to crack passwords.
B. Attempting passwords from a predefined list.
C. Brute-forcing all possible character combinations.
D. Exploiting vulnerabilities in hashing algorithms.

Question 4

Q

What is a common defense against brute force attacks?

A. Hashing passwords with MD5.
B. Using account lockout policies.
C. Encrypting passwords with RSA.
D. Storing passwords as plain text.

Question 5

Q

What is THC-Hydra primarily used for?

A. Cracking password hashes.
B. Conducting dictionary attacks on network protocols.
C. Encrypting user passwords.
D. Testing physical access tokens.

Question 6

Q

Which of the following is a supported protocol for THC-Hydra attacks?

A. HTTPS
B. SSH
C. TLS
D. SFTP

Question 7

Q

What does the -l flag specify in THC-Hydra?

A. The target IP address.
B. The username.
C. The password list.
D. The hash algorithm.

Question 8

Q

Which command is used to perform a dictionary attack with THC-Hydra on SSH?

A. hydra -l user -P passwords.txt ssh://target
B. hydra -u admin -d passwords.txt ssh://target
C. hydra -P dictionary.txt target://ssh
D. hydra -f admin -L passwords ssh://target

Question 9

Q

What is the primary purpose of John the Ripper?

A. Cracking password hashes.
B. Encrypting sensitive data.
C. Monitoring system logs.
D. Securing network communications.

Question 10

Q

Which format does John the Ripper typically expect for hashes?

A. Plaintext.
B. Base64.
C. Hash file formats like MD5, SHA1, etc.
D. Encrypted ZIP files.

Question 11

Q

What is the default cracking mode in John the Ripper?

A. Dictionary attack.
B. Brute-force attack.
C. Single-crack mode.
D. Incremental mode.

Question 12

Q

Which of the following commands runs John the Ripper on a hash file?

A. john hashfile.txt
B. john -d hashes.txt
C. john -encrypt hashfile
D. john -h hashes.txt

Question 13

Q

What is Hashcat primarily used for?

A. Cracking password hashes.
B. Encrypting user passwords.
C. Hashing files for integrity checks.
D. Generating random passwords.

Question 14

Q

What is a key feature of Hashcat?

A. It supports only dictionary attacks.
B. It utilizes GPU acceleration for cracking.
C. It can only crack MD5 hashes.
D. It cannot perform brute force attacks.

Question 15

Q

Which of the following is a supported attack mode in Hashcat?

A. Time-based attack.
B. Rule-based attack.
C. Combinatorial attack.
D. Steganographic attack.

Question 16

Q

Which Hashcat command specifies a dictionary file?

A. hashcat -d dict.txt hashfile
B. hashcat -P dictionary.txt -hashes
C. hashcat -a 0 -m 100 hashfile.txt dict.txt
D. hashcat -l dictionary hashfile.txt

Question 17

Q

What is the main difference between a brute force and a dictionary attack?

A. Brute force uses all combinations, while dictionary uses predefined lists.
B. Brute force is faster than dictionary attacks.
C. Dictionary attacks target hashes, while brute force targets plaintext passwords.
D. Brute force requires GPU acceleration.

Question 18

Q

What is a hybrid attack?

A. A combination of brute force and social engineering.
B. Combining dictionary and rule-based attacks.
C. A time-synchronized token attack.
D. Cracking biometric-based passwords.

Question 19

Q

What is a rainbow table attack?

A. Using precomputed hash values to crack passwords.
B. Encrypting passwords with symmetric keys.
C. Breaking passwords using hardware devices.
D. Monitoring network traffic for plain text passwords.

Question 20

Q

Which of the following is a defense against rainbow table attacks?

A. Salting password hashes.
B. Using shorter passwords.
C. Encrypting password files.
D. Avoiding multi-factor authentication.

Question 21

Q

What is a rule-based attack in Hashcat?

A. Brute-forcing using specific character rules.
B. Generating hashes with specific algorithms.
C. Applying predefined rules to a dictionary.
D. Encrypting passwords before cracking them.

Question 22

Q

Which attack method is often faster than brute force but requires precomputation?

A. Dictionary attack.
B. Rainbow table attack.
C. Incremental mode.
D. Rule-based attack.

Question 23

Q

What is the main purpose of password salting?

A. To make passwords easier to remember.
B. To enhance password hash security by adding random data.
C. To allow compatibility with older systems.
D. To improve GPU acceleration.

Question 24

Q

Which of the following is a best practice for password storage?

A. Storing passwords in plain text.
B. Using symmetric encryption for passwords.
C. Hashing passwords with salts.
D. Storing passwords as MD5 hashes without salts.

Question 25

Q

Which of the following commands targets an FTP service with THC-Hydra?

A. hydra -l admin -P passlist.txt ftp://target
B. hydra -d ftp://admin -passlist.txt
C. hydra -user admin -L passlist.txt ftp://target
D. hydra -p passlist admin://ftp

Question 26

Q

What is the purpose of the -P flag in THC-Hydra?

A. Specify the username.
B. Set the protocol to attack.
C. Provide the password list.
D. Define the target IP address.

Question 27

Q

Which protocol is NOT supported by THC-Hydra?

A. HTTP
B. SSH
C. SMTP
D. Blockchain

Question 28

Q

What does the -f flag do in THC-Hydra?

A. Forces the tool to run with GPU acceleration.
B. Stops after finding the first successful password.
C. Formats the output for easier reading.
D. Flushes all results to a log file.

Question 29

Q

What is the incremental mode in John the Ripper used for?

A. Brute-forcing with increasing password complexity.
B. Using external files for cracking.
C. Running dictionary attacks sequentially.
D. Cracking salted hashes.

Question 30

Q

Which of these commands runs a dictionary attack with John the Ripper?

A. john –wordlist=wordlist.txt hashfile
B. john –incremental hashfile
C. john –dict-mode hashfile
D. john –allwordlist=words.txt hashfile

Question 31

Q

What is the purpose of the –show option in John the Ripper?

A. Displays successful crack results.
B. Shows all available hashing algorithms.
C. Lists the hashes currently being cracked.
D. Outputs the status of GPU usage.

Question 32

Q

What is the format for specifying a custom cracking mode in John the Ripper?

A. john -mode custom hashfile
B. john –custommode hashfile
C. john –external=mode hashfile
D. john –mode-ext hashfile

Question 33

Q

What does the -m flag specify in Hashcat?

A. The hash algorithm.
B. The attack mode.
C. The target hash file.
D. The password list location.

Question 34

Q

Which attack mode corresponds to brute-force in Hashcat?

A. -a 0
B. -a 1
C. -a 3
D. -a 6

Question 35

Q

Which option in Hashcat enables GPU acceleration?

A. –gpu-enable
B. –device-type=gpu
C. -D 1
D. –enable-acceleration

Question 36

Q

What does Hashcat’s -a 1 mode perform?

A. Combinatorial attack.
B. Brute-force attack.
C. Rule-based attack.
D. Dictionary attack.

Question 37

Q

What is a key principle for password complexity?

A. Use at least 8 characters with a mix of upper/lowercase letters, numbers, and symbols.
B. Use simple words for easy recall.
C. Avoid using symbols to simplify input.
D. Use passwords that are not case-sensitive.

Question 38

Q

Which hashing algorithm is considered obsolete for password storage?

A. MD5
B. SHA-256
C. bcrypt
D. Argon2

Question 39

Q

What is a major drawback of using unsalted hashes?

A. They require more storage space.
B. They are vulnerable to rainbow table attacks.
C. They are incompatible with multi-factor authentication.
D. They cannot be brute-forced.

Question 40

Q

What is the purpose of password expiration policies?

A. To make users remember passwords.
B. To enforce periodic password changes to enhance security.
C. To reduce the reliance on salted hashes.
D. To eliminate brute force attacks.

Question 41

Q

What is a combinatorial attack in Hashcat?

A. Combining two or more dictionaries.
B. Using hybrid attack methods.
C. Applying GPU acceleration to brute-force attacks.
D. Generating word combinations dynamically.

Question 42

Q

What is a key feature of bcrypt?

A. GPU acceleration support.
B. Built-in salting and adaptive hashing.
C. Only supports short passwords.
D. Requires precomputed hashes.

Question 43

Q

What is the default mode for THC-Hydra?

A. Dictionary attack.
B. Brute-force attack.
C. Incremental attack.
D. Rule-based attack.

Question 44

Q

What does the -O flag in Hashcat enable?

A. Optimized kernel usage.
B. Output format configuration.
C. Override attack settings.
D. Online hash validation.

Question 45

Q

What is the benefit of using Argon2 for password hashing?

A. High-speed performance.
B. Resistance to side-channel attacks.
C. GPU-based hash generation.
D. Compatibility with older systems.

Question 46

Q

Which tool is considered the fastest for GPU-based password cracking?

A. THC-Hydra
B. Hashcat
C. John the Ripper
D. Aircrack-ng

Question 47

Q

What is a hybrid attack in Hashcat?

A. A combination of dictionary and brute-force attacks.
B. A method for cracking encrypted passwords.
C. Using precomputed hashes with salt.
D. Combining rainbow tables with incremental guessing.

Question 48

Q

What is a defense against phishing attacks for passwords?

A. Multi-factor authentication.
B. Encrypting all passwords.
C. Using longer passwords.
D. Avoiding salted hashes.

Question 49

Q

Which command in John the Ripper lists all supported hashing algorithms?

A. john –list=formats
B. john –hashes
C. john –list-hashes
D. john –show-algos

Question 50

Q

What is the best practice for securing password files?

A. Store passwords with salts and secure hashing algorithms.
B. Encrypt passwords with MD5.
C. Use plaintext storage with access controls.
D. Ensure passwords are hashed without salts.

Brainscape's Knowledge GenomeTM

Passwords Lab Flashcards

Brainscape's Knowledge Genome^TM