Computer Hacking Forensic Investigator (CHFI) Practice Exam

A hybrid attack in password cracking is a method that combines dictionary words with masked characters. This approach enhances the effectiveness of cracking attempts by using a basic word list, such as common passwords or phrases, and augmenting it with variations that incorporate characters, symbols, or numbers to account for the common practices users adopt when creating passwords. For example, if "password" is found in a dictionary file, a hybrid attack would attempt variations like "p@ssw0rd" or "password123".

By leveraging both a dictionary and character masking, this technique increases the likelihood of successfully guessing a password that might not be easily found in a standard dictionary attack. It recognizes that many users often modify simple words through character substitutions or appending numerals, thus effectively combining simplicity with complexity.

In contrast, the other methods listed do not accurately characterize a hybrid attack. For instance, blending brute force and just-in-time attacks lacks the integration of dictionary words with modifications, and social engineering alongside phishing techniques pertains more to human manipulation rather than direct password cracking methods. Statistical analysis and guessing refer more broadly to techniques that might analyze patterns or tendencies in password creation without the focused application of word lists, which is central to a hybrid attack's strategy.