Brute-force attack: In this type of attack, the tool asks the user to configure a few settings, for example, the minimum and maximum lengths the correct password may fall into and what types of characters it could possibly consist of (e.g., letters only, letters and numbers, or special characters) and at what positions (say, for every password it generates, first four would be alphabets followed by two digits and two special characters).The tool enters every single password in the application from the list, in an attempt to find the correct one. Dictionary attack: In this type of attack the tool tries passwords provided in a pre-fed list of large number of words, phrases and possible passwords derived from previously leaked data dumps or breaches.
The common objective in all these is ultimately to correctly guess (“crack”) a password: Password crackers and cryptanalysis tools typically work in three different ways.