CompTIA Security+ Question A-40

The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?

A. Online rainbow table attack
B. Offline brute force attack
C. Offline dictionary attack
D. Online hybrid attack

Answer: D

This is an example of an online hybrid attack. A hybrid attack is a combination of attacks. In this example, we have a combination of a dictionary attack and a brute-force attack. A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. A dictionary attack uses a list of words to use as passwords. The combination or hybrid attack adds characters or numbers or even other words to the beginning or end of the password guesses. In this example we have a password guess of ‘admin’. From the word admin, we have four combinations, ‘admin1, 1admin, admin2, 2admin’.