Begrimed

Brute Force

5 posts in this topic

What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable [i](e-mails, forum logins, passwords for online games).[/i] Opinions?

Share this post


Link to post
Share on other sites
[quote name='Begrimed' timestamp='1286214068' post='355362']
What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable [i](e-mails, forum logins, passwords for online games).[/i] Opinions?
[/quote]

Long constructive answer:

I do not seem to believe you googled very much about this topic. You should program an entire brute force suite so you can do it yourself. C++ or C, or with the use of an interpreted programming language like Python or Ruby. With an interpreted programming language the brute force program will run the password check faster, but because its interpreted the entire process runs slower (you load the whole library). I would only suggest an interpreted programming language for password cracking of WEAK passwords. Python / Ruby / Perl can be used if you have a lot of time and a really strong password list.

Short Sugarcoated Answer:

Web Browser -> Google.com -> Search: "password" + "cracker" -> clicky -> http://www.openwall.com/john/

Share this post


Link to post
Share on other sites
[quote name='Begrimed' timestamp='1286214068' post='355362']
What is the most recommended program to run for brute force? I have an older copy of Brutus, but it's one that I havn't used in a few years, so it's probably out-dated. I mostly use the programs to recover passwords that are otherwise unobtainable [i](e-mails, forum logins, passwords for online games).[/i] Opinions?
[/quote]
It depends on what you want to bruteforce. I wouldn't suggest an online bruteforce attack at all. It is possible, but very unlikely to be of any success. Online attacks are usually more successful running about 10 of the most common passwords over as many usernames as possible. The only exception is possibly an attack over UDP, since it can be much faster than over a higher level protocol that uses TCP (http, ftp, etc..)

Offline, it is very practical, depending on the hardware for the attack, and the hashing or encryption algorithm being attacked. Still, a good password will bring even the fastest hardware to it's knees in a bruteforce attack. A good password of 12chars or more, using uncommon special characters, lower and upper case alpha, and numbers would be difficult to crack in standard MD5 without a salt. But, there will always be the human factor involved, which equals bad decisions when passwords are thought out.

As far as the best app, as stated, jtr is a piece of art, and one of the best offline cracking tools ever coded. There are also other tools that use hardware acceleration, and will totally blow jtr away as far as speed goes. But jtr does offer a feature supporting customized rules for dict. attacks that can be used to overcome it's deficiency in sheer cracking speed.
1 person likes this

Share this post


Link to post
Share on other sites
For Password Cracking , you can try the GPU based brute-forcing (offline).
I have used the CUDA Multiforcer, [url="http://www.pentestit.com/2009/03/09/cuda-multiforcer-multihash-brute-forcer/"]See here[/url]

Share this post


Link to post
Share on other sites
If your using Brutus your on a Win O/S, prefer GUI and I think I understand what your looking for.
Sentry
C-Force
Caecus
Not sure if any of the above are still being developed or supported as it's been literally years since I've had any hands-on with them.

The hardest part will be finding enough good quality proxies to use.
Gook luck.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now