Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.
What is the brute force method?
In computer science, brute-force search or exhaustive search, also known as generating and test, is a very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement.
What is a Brute-force attack?
Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds.
The most common and easiest to understand example of the brute-force attack is the dictionary attack to crack the password. In this, the attacker uses a password dictionary that contains millions of words that can be used as a password. Then the attacker tries these passwords one by one for authentication. If this dictionary contains the correct password, the attacker will succeed.
Popular tools for brute-force attacks
- Aircrack-ng
- John the Ripper
- Rainbow Crack
- Cain and Abel
- L0phtCrack
- Ophcrack
- Crack
- Hashcat
- SAMInside
- DaveGrohl
- Ncrack
- THC Hydra
THC Hydra
- THC Hydra is a fast network logon password cracking tool. When it is compared with other similar tools, it shows why it is faster. New modules are easy to install in the tool.
- You can easily add modules and enhance the features.
- It is available for Windows, Linux, Free BSD, Solaris, and OS X.
- This tool supports various network protocols. Currently, it supports Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC, and XMPP.
Features of THC Hydra
- Fast cracking speed
- Available for Windows, Linux, Solaris, and OS X
- New modules can be added easily to enhance features
- Supportive with Brute force and dictionary attacks
PW dump
- Pwdump is actually a different Windows programs that are used to provide LM and NTML hashes of system user accounts.
- Pwdump password cracker is capable of extracting LM, NTLM, and LanMan hashes from the target in Windows, in case if Syskey is disabled, the software has the ability to extract in this condition.
- Software is updated with an extra feature of password histories display if history is available. Extracted data will be available in a form that is compatible with L0phtcrack.
- Recently software is updated to a new version called Fgdump as Pwdump not work fine when any antivirus program is running.
Features of Pwdump
- Available for Windows XP, 2000
- The powerful extra feature is available in a new version of Pwdump
- Ability to run multithreaded
- It can perform cache dump (Crashed credentials dump) and pstgdump (Protected storage dump).
Conclusion
- Brute-forcing is the best password cracking methods. The success of the attack depends on various factors.
- In conclusion, a brute force attack is also known as a dictionary attack that simply means the attack will try every code known in order to crack the system.
- In the computer world, this is both good and bad news. Depending on what the cracker is attempting to do. Computer security needs ethical hackers to constantly attempt to crack their systems in order to better secure it.
Comments
Post a Comment