Immortal_Corruptor

Brute Forcing

18 posts in this topic

Yes, I'm back. With some more stupid questions. The way I look at it is, you guys helped me alot with scanning, so I thought you could help me with this.

Ok I already know that "Brute Forcing" is away to get someones password. Now heres what I don't know...

Where to get any of these kinds of programs.

How they work ?

Do they only work on websites, or do they work on msn/yahoo for example.

Do they really take a long time ? If so, why ?

Well anyway, you guys rock so I'm sure you can get me some links and info on this. Oh and by the way, I heard about this being talked on phreak phactor witch is incidentally one of the coolest things ever.

0

Share this post


Link to post
Share on other sites

There is a good program calld brutus at hoobie.net

Brute forcing takes a long time because it has to try combinations and so it should always be your last resort.

It won't work on yahoo and stuff because it will lock you out after a certain number of tries. HTTAccess is a good thing to try brute forcing on. Never brute force from your connection because it generates a lot of "noise".

Lets say you have a 1 character password and you can only use letters. That's 26 combinations so lets say 1 try takes 1 second. That's half a minute. Add numbers and it's 36. Now you have to characters so the number of combination is 36*36. 3 characters is 36^3. These numbers get huge. More efficient than bture forcing is a dictionary attack which tries regular words from a dictionary and sequences. This will crack around 80% of passwords. 10 more percent can be cracked with guessing their name, pet name, etc.

0

Share this post


Link to post
Share on other sites
It won't work on yahoo and stuff because it will lock you out after a certain number of tries.

Yeah. After about 8 or 9 tries, Yahoo freezes the account you are trying to access for 12 hours. Its fun when you are trying to get into an old email account and forgot your password and security answer.... :growl:

Hmm, who was my best friend when I was 14.....

Edited by Parapsycho
0

Share this post


Link to post
Share on other sites

Thats interesting sheepbyte... But what do you mean don't use your connection? and what is noise? also, I was told if i run a proxy from my computer it wont take effect? what the heck is it for then - isnt it for hiding your ip by sending packets FOR you... But then the website requests your ip from the proxy and the proxy has to give it your ip? what I am talking about? LOL I don't know a whole lot about this stuff.

0

Share this post


Link to post
Share on other sites
Yeah. After about 8 or 9 tries, Yahoo freezes the account you are trying to access for 12 hours.  Its fun when you are trying to get into an old email account and forgot your password and security answer....  :growl:

Hmm, who was my best friend when I was 14.....

Yeah, I remember doing that to my friend, too. Except, I actually got his password. Shoulder surfing really does work. :P

0

Share this post


Link to post
Share on other sites

I see, ok so if Brute forcing would be my "last resort" what would be my first one ?

:blink:

0

Share this post


Link to post
Share on other sites

You can look for code/server/system/whatever exploits. If it runs a CMS look for vulns for it. Find open directories and guess file names. "Noise" means that they will notice. Somebody might not notice 2 or 3 password attempts but 18,000 is VERY noticable. "noise" is like if you are trying to enter a building banging pots and pans. Running it from your own connection will get you downtown, arrested. Running through a proxy or from another connection insures your safety. If you use proxies use anonymous or high-anonymity proxies. "transparent" proxies reveal your IP. Check whatismyipaddress.com to find out your and check your proxy.

0

Share this post


Link to post
Share on other sites

From a more geeky point of view there are ways taht programs can increase the speeds in a couple of ways, the main way would be if you are dealing with a "web password" where you are passing a request over tcp/ip comparitivly to the system bus and main memory, tcp/ip is incredbly slow (it becomes the limiting factor) and will create a tremendous delay. If the program is multithreaded that maximize the use of the cpu, and makes more tcp requests, and thus generates a lot of "noise" over the connection, depending on how many threads are running.

If you are dealing with a encrypted password that you have the encrypted hash or encrypted value, and you know the specifed hash like with a password file you can use multithreaded or distributed password cracker that will generate the encrypted value from a library. This is the easiest way to deal with ecrypted password files other then social engineering it. :D .

Also with a little bit of code you could write a fairly simple web page brute force if you know what your requests are going to look like.

If any of this is off, please correct me.

Want to know More? (Links)

Chimera

http://tomicki.net/chimera.php

John the Ripper:

http://www.openwall.com/john/

Crack

http://www.crypticide.com/users/alecm/

Slurpie

http://www.securiteam.com/tools/2JUPSR5SAC.html

L0pht Crack - Win32 not free

http://www.atstake.com/products/lc/

Edited by mrfishopolis
0

Share this post


Link to post
Share on other sites

To add to sheepbyte's mathmatical concepts, also don't forget that letters could be capital or lower case, thus doubling the possible number of passwords. Also if you wanted to estimate how long it would take be sure to look up something called the "birthday paradox" and other mathmatical properties and cryptography related mathmatics. Hacking, of almost any kind, is very dependent on math! And as for noise, sheepbyte is right, bruteforcing something will create a lot of entries in a log that says there has been x number of bad password attempts, raising a bunch of red flags. Not that you should be gaining access to someone else's account at all, but a brute force attack could take an eternity and you have to consider if the information your after is truly worth all that effort/work/time. Ideally though, a brute force program could present an excellent opporunity for you to write your own program. You could set up arrays of characters custom to what is allowed at each login (say only letters numbers and _ are permitted etc etc), and you could use it against your own password to see how long it would take for a brute force to compromise your password so you know how often you should change it.

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites

I was bored so I downloaded brutus from the site you posted, I also downloaded a nice large word list... Now what I want to know is, do I type in a username/site any were ? And what about "method" and "word combo" ...

0

Share this post


Link to post
Share on other sites

First you need to find a webform. I'm not good with webforms so I usually only brute HTTaccess like at 2600.com/admin (DONT BRUTE THAT). You can either browse and select your wordlist or do a full-on brute force. I would reccomend setting up your own form and trying it. For method look in the page source it should say method="?" most are POST but you should check.

0

Share this post


Link to post
Share on other sites

Brute-Forcing is always a last resort in my book. When it comes to brute-forcing and time, I usually distribute the load on other computer systems with broad band connections I own. This is also easy for some one to do if they have a bot net to use. All one has to do is equally distribute a word list to all other systems that are going to be used to try and brute force a desired account etc. This will definately cut down time when it comes to brute forcing. So remember the more processing power and bandwidth one has, the better! One also has to consider the victim and how much traffic they can handle.

One thing brute forcing is useful is when it comes to trying to crack voice mail boxes. Since the password can only be a numerical combination, it can be brute forced in a matter of time. Also like I said above, the more the better! I have seen old VMB Crackers that use external modems and they take quite a while! What would be faster and kooler to see is a VMB Cracker with a voip connection!

0

Share this post


Link to post
Share on other sites

Ok so everyone is saying that brute forcing is there last resort , and I already know I asked this question, but in..... more simpler terms, could you explain some of the more effective/easyer programs ?

0

Share this post


Link to post
Share on other sites
Ok so everyone is saying that brute forcing is there last resort , and I already know I asked this question, but in..... more simpler terms, could you explain some of the more effective/easyer programs ?

Ughh goole is your friend! If you want to crack yahoo accounts, google "Yahoo Cracker" and so on. Dont get confused with different types of crackers though. There are brute-forcers out there for all kind of things, such as L0pth (LC4 or whatever version it is now ). Which will brute-force a SAM hash, which is a window password account. Also check out Cain & Abel because its free and does the same thing.

NOTE: From experience if your trying to crack yahoo or aim accounts be careful and dont be stupid. Remember that people code these crackers and some of them have backdoors and other shit you really dont want installed on your system.

0

Share this post


Link to post
Share on other sites

Thanks for the help. I'm not really trying to crack yahoo acounts, mostly just website acounts. You don't really need to give me links or anything, but is there any msn password crackers out there ?

So I have one more question for anyone who reads this. If I was on some radome site, and you really hated me and wanted my password, what is the first thing you would do ?

*Note, I'm stupid please go into detail.

0

Share this post


Link to post
Share on other sites

It depends on what site it is and the systems they are running.

0

Share this post


Link to post
Share on other sites

Well for instances. The hotmail system has brute force protection but IRC accounts generally don't. Topsites generally don't. Forums generally do not.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now