Jump to content


Photo
- - - - -

Brute Force


  • Please log in to reply
4 replies to this topic

#1 Begrimed

Begrimed

    the 0ne

  • Members
  • 1 posts
  • Country:
  • Gender:Male
  • Location:Canton, GA

Posted 04 October 2010 - 12:41 PM

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?

#2 Alk3

Alk3

    "I Hack, therefore, I am"

  • Binrev Financier
  • 1,003 posts
  • Gender:Not Telling
  • Location:312 Chi-town

Posted 06 October 2010 - 12:52 PM

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?


Long constructive answer:

I do not seem to believe you googled very much about this topic. You should program an entire brute force suite so you can do it yourself. C++ or C, or with the use of an interpreted programming language like Python or Ruby. With an interpreted programming language the brute force program will run the password check faster, but because its interpreted the entire process runs slower (you load the whole library). I would only suggest an interpreted programming language for password cracking of WEAK passwords. Python / Ruby / Perl can be used if you have a lot of time and a really strong password list.

Short Sugarcoated Answer:

Web Browser -> Google.com -> Search: "password" + "cracker" -> clicky -> http://www.openwall.com/john/

#3 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,092 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 18 October 2010 - 10:12 AM

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?

It depends on what you want to bruteforce. I wouldn't suggest an online bruteforce attack at all. It is possible, but very unlikely to be of any success. Online attacks are usually more successful running about 10 of the most common passwords over as many usernames as possible. The only exception is possibly an attack over UDP, since it can be much faster than over a higher level protocol that uses TCP (http, ftp, etc..)

Offline, it is very practical, depending on the hardware for the attack, and the hashing or encryption algorithm being attacked. Still, a good password will bring even the fastest hardware to it's knees in a bruteforce attack. A good password of 12chars or more, using uncommon special characters, lower and upper case alpha, and numbers would be difficult to crack in standard MD5 without a salt. But, there will always be the human factor involved, which equals bad decisions when passwords are thought out.

As far as the best app, as stated, jtr is a piece of art, and one of the best offline cracking tools ever coded. There are also other tools that use hardware acceleration, and will totally blow jtr away as far as speed goes. But jtr does offer a feature supporting customized rules for dict. attacks that can be used to overcome it's deficiency in sheer cracking speed.

#4 d3xt3r

d3xt3r

    SCRiPT KiDDie

  • Members
  • 20 posts
  • Gender:Male

Posted 18 January 2011 - 01:01 AM

For Password Cracking , you can try the GPU based brute-forcing (offline).
I have used the CUDA Multiforcer, See here

#5 Berzerk

Berzerk

    SCRiPT KiDDie

  • Members
  • 29 posts
  • Country:
  • Gender:Male
  • Location:Lone Star

Posted 18 January 2011 - 01:39 PM

If your using Brutus your on a Win O/S, prefer GUI and I think I understand what your looking for.
Sentry
C-Force
Caecus
Not sure if any of the above are still being developed or supported as it's been literally years since I've had any hands-on with them.

The hardest part will be finding enough good quality proxies to use.
Gook luck.




BinRev is hosted by the great people at Lunarpages!