4 replies to this topic

[Begrimed]

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?

[Alk3]

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?

Long constructive answer:

I do not seem to believe you googled very much about this topic. You should program an entire brute force suite so you can do it yourself. C++ or C, or with the use of an interpreted programming language like Python or Ruby. With an interpreted programming language the brute force program will run the password check faster, but because its interpreted the entire process runs slower (you load the whole library). I would only suggest an interpreted programming language for password cracking of WEAK passwords. Python / Ruby / Perl can be used if you have a lot of time and a really strong password list.

Short Sugarcoated Answer:

Web Browser -> Google.com -> Search: "password" + "cracker" -> clicky -> http://www.openwall.com/john/

[tekio]

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable (e-mails, forum logins, passwords for online games). Opinions?

It depends on what you want to bruteforce. I wouldn't suggest an online bruteforce attack at all. It is possible, but very unlikely to be of any success. Online attacks are usually more successful running about 10 of the most common passwords over as many usernames as possible. The only exception is possibly an attack over UDP, since it can be much faster than over a higher level protocol that uses TCP (http, ftp, etc..)

Offline, it is very practical, depending on the hardware for the attack, and the hashing or encryption algorithm being attacked. Still, a good password will bring even the fastest hardware to it's knees in a bruteforce attack. A good password of 12chars or more, using uncommon special characters, lower and upper case alpha, and numbers would be difficult to crack in standard MD5 without a salt. But, there will always be the human factor involved, which equals bad decisions when passwords are thought out.

As far as the best app, as stated, jtr is a piece of art, and one of the best offline cracking tools ever coded. There are also other tools that use hardware acceleration, and will totally blow jtr away as far as speed goes. But jtr does offer a feature supporting customized rules for dict. attacks that can be used to overcome it's deficiency in sheer cracking speed.

[d3xt3r]

For Password Cracking , you can try the GPU based brute-forcing (offline).
I have used the CUDA Multiforcer, See here

[Berzerk]

If your using Brutus your on a Win O/S, prefer GUI and I think I understand what your looking for.
Sentry
C-Force
Caecus
Not sure if any of the above are still being developed or supported as it's been literally years since I've had any hands-on with them.

The hardest part will be finding enough good quality proxies to use.
Gook luck.