Password cracking Brute force attack

Password cracking. Brute force attack: Brutus program – AET2.

One of the most popular methods by which the administrator password is cracked. A brute-force attack consists in using special software that guesses a password by brute force from an infinite number of existing options. The program will take into account the minimum and maximum possible password length. Requires maximum resources from the system, the longest of the processes. You understand why. At one time, it was the most productive option for cracking passwords, since virtually any task was brute force on the shoulder. However, recently serious programs, including operating systems, include boot logging, imposing, for example, a limit on the number of passwords entered.

At the bottom of the article, links to some of the versions of the programs will appear. I link in them to my own satellite site, which is located on a free domain. So stock up on AdBlock to protect against intrusive ads.

Further. Such programs are regarded by system defenders and browsers as DEFINITELY malicious. You know what you’re downloading. What is inside the files, only the creators and those from whom I downloaded this program know. Be careful.

What it is?

A brute-force attack implies a sequential selection (in other words, hacking) of different symbols until the necessary combination is selected. The speed of selection depends on the performance of the computer and the complexity of the password. We will use the famous and proven Brutus-AET2 . You can download Brutus-AET2 anywhere on your local network. (Unfortunately, my direct link is regularly banned by Google; but I will add it if necessary).

Brute force attack. The main window of the program.

In the field Target (Assignment) enter the address of the FTP server and the number of the open port of the machine being hacked for this second. How a hacker finds out the open port of a computer, we read in the article at the link. In the Authentication options part , it is better to set well-known usernames ( Use Username ). By default, the program will refer to the text file user.txt containing the usernames of the attacked computer (in the folder with the program). Check the box next to Single user (single user). Pass Mode setting – Brute Force . We press RANGE .

A possible password character window will appear.

If you know what the password might be, the task will be easier. You can select a special option in which to specify, for example, the maximum number of characters (from 0 to 8, for example). Brutus has the option to select the complexity of the password by its constituent elements. From top to bottom in complexity: from a numeric ( Custom Range ) password to a password containing all keyboard characters. Returning to the issue of method performance, we are talking about hundreds and thousands of millions of combinations. Will have to wait.

It is hardly worth using a large number of simultaneous connections ( Connection options ). This will greatly slow down the performance of the program. And pay attention to the upper part of the program window on the right. If a lot of errors appear there, check the utility settings.

In the following blog articles, we will talk about a possible antidote to such attacks.

Good luck.