Certified Ethical Hacker (CEH v12) — Question 94
Ricardo has discovered the username for an application in his target’s environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application.
What type of attack is Ricardo performing?
Answer options
- A. Brute force
- B. Known plaintext
- C. Dictionary
- D. Password spraying
Correct answer: C
Explanation
The correct answer is C, Dictionary, as Ricardo is using a predefined list of common passwords to try and gain access. A Brute force attack involves systematically trying every possible combination of characters, while Known plaintext refers to having both the plaintext and its corresponding ciphertext, which is not applicable here. Password spraying is a different tactic that involves trying a few common passwords across many accounts, rather than using a list against a single account.