Difficulty Rating: Generally quite hard. But it allows
so much.
Methods:
Idea: Use any of the previous ways (social enginering, web based trojans, packet sniffing).
Problem: See previous way.Idea: Many Unix systems store the password publically available but encrypted. Just decrypt it.
Problem: Need to have (user level) access to the machine to begin with. Only about 1/3 of all passwords can be decrypted. Password changing programs are getting smarter.Idea: Many Unix systems allow anyone access to the keyboard data via X Windows.
Problem: If they allow this, it;s an easy powerful attack. Otherwise it's impossible.Idea: Just send remote login attempts to a Windows NT machine.
Problem: Packet filters. They might be logging remote access attempts. It's slow (1,152,000 passwords/day max).Idea: Replace a *.dll file on a Windows 95 machine. Wait for the next fool to login.
Problem: Need to write your own system level dll. Not targettable.