Ethical Hacking Essentials Practice Test

What attack strategy does Melvin utilize to crack passwords using previously computed hashes?

• A. Man-in-the-middle attack
• B. SQL injection
• C. Rainbow table attack
• D. Social engineering

The correct answer is: Rainbow table attack

The rainbow table attack is a method that exploits precomputed hash values to crack passwords more efficiently than by direct brute-force attempts. In this attack, an attacker uses a precompiled table containing a vast number of hashes for common passwords. When a password is hashed, it can be compared against these precomputed values to quickly find the corresponding original password. This is more efficient because it eliminates the need to compute the hash for every possible password during the attack, significantly speeding up the process. Using this strategy, an attacker like Melvin can crack passwords that have been hashed by simply looking them up in the rainbow table rather than generating hashes on the fly. This approach highlights the importance of using strong, unique passwords and salt (random data) alongside hashing to defend against such attacks. In contrast, the other options do not utilize precomputed hashes to crack passwords. Man-in-the-middle attacks involve intercepting and potentially altering communications between parties. SQL injection exploits vulnerabilities in databases to execute arbitrary SQL code, often leading to data breaches. Social engineering relies on manipulation or deception to trick individuals into revealing confidential information, rather than hash comparisons. Each of these strategies targets different aspects of security and does not specifically relate to the direct use of precomputed hashes like in a rainbow