Skip to main content

What Is Brute Force



 What is a Brute-force attack?

brute force attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly. This is an old attack method, but it's still effective and popular with hackers.

Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. If it is larger, it will take more time, but there is better probability of success. The most common and easiest to understand example of the brute-force attack is the dictionary attack to crack the password. In this, attacker uses a password dictionary that contains millions of words that can be used as a password. Then the attacker tries these passwords one by one for authentication. If this dictionary contains the correct password, attacker will succeed.


In traditional brute-force attack, attacker just tries the combination of letters and numbers to generate password sequentially. However, this traditional technique will take longer when the password is long enough. These attacks can take several minutes to several hours or several years depending on the system used and length of password.


To prevent password cracking by using a brute-force attack, one should always use long and complex passwords. This makes it hard for attacker to guess the password, and brute-force attacks will take too much time. Most of the time, WordPress users face brute-force attacks against their websites. Account lock out is another way to prevent the attacker from performing brute-force attacks on web applications. However, for offline software, things are not as easy to secure.


Credential Stuffing

In most of the data breaches, the attackers gain access to databases with usernames and password combination. This information is then sometimes sold on the dark web, or published on the web. Other times, this information is obtained by cleverly designing phishing attacks or installing key loggers etc. Whatever may be the means, credential stuffing is defined as an attack where attacker uses such already exposed information to hack other accounts. Today, on average an individual has more than 20 web accounts such as email accounts, rewards account (Airlines, shopping etc.), social media accounts, credit card accounts etc. Since, most individuals recycles the same passwords for many of the accounts, a password garnished from a data breach, could very well be stuffed at other accounts to obtain unauthorized access. This type of attack is on the rise, especially due to the increasing cloud adoption.



Reverse brute-force attack

 A reverse brute-force attack is another term that is associated with password cracking. It takes a reverse approach in password cracking. In this, attacker tries one password against multiple usernames. Think if you know a password but do not have any idea of the usernames. In this case, you can try the same password and guess the different user names until you find the working combination.
Now, you know that Brute-forcing attack is mainly used for password cracking. You can use it in any software, any website or any protocol, which do not block requests after few invalid trials. In this post, I am going to add few brute-force password-cracking tools for different protocols.






Popular tools for brute-force attacks

1) Aircrack-ng

2) John the Ripper

3) Rainbow Crack

4) Hashcat

5) THC Hydra



How it can happen?

Well, if you are interested in cracking passwords, you will have to use computers. To do that, you need to write some simple lines of code. Such programming skills are basic to any coder.
Now, suppose that you have developed a password breaking program that tries 1,000 combinations per second. The time reduces to 7 thousand years.
Not possible!
Well, you need a supercomputer. So, let’s say you get a supercomputer that can try 1×109 attempts per second. In just 22 seconds, all 218 trillions attempts will be tested. (Hopefully, you’ll be inside the account, but if the password is 9 characters long, you’ll have to wait for a few more moments.)

How Can I Prevent It?

Yes, you can take some precautionary measures:
  • 1) Password Length.
  • 2) Password Complexity.
  • 3) Limit Login Attempts.
  • 4) Modifying .htaccess file.
  • 5) Using Captcha.
  • 6) Two Factor Authentication.
  • 7) Cloudflare.









Password Length:

The first step towards Brute Force Attack prevention should be longer password length. Nowadays many websites and platforms enforce their users to create a password of certain length (8 – 16 characters).

Password Complexity:

Another important thing is to create a complex password. It is not recommended to create passwords like ‘ilovemycountry’ or ‘password123456’; instead your password should consist of UPPERCASE and lowercase alphabets and should also have numbers and special characters. Complexity of the password delays the cracking process.

Limit Login Attempts:

Simple yet very powerful action is to limit the login attempts on your WordPress admin or any other admin panel for that matter. For example if your website receives five failed login attempts; it should block that IP for a certain period of time to stop further attempts being made.


Comments

Post a Comment

Popular posts from this blog

penetration Testing

                                      W What Is Penetration Testin g Penetration Testing                                 Penetration testing can help you improve both the security and quality of your product. It’s a complex yet creative process where you must understand what you’re doing and why you’re doing it. It's like in the movie. where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It’s a simulated cyber attack where the pentester or ethical hacker uses the tools and techniques available to malicious hackers. Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before. ...
Post a Comment
Read more

Types Of Ethical Hackers

Types Of Hackers And Its Information Hi Today Video Is About What Is Ethical Hacking Most If Us Where Thing That’s Hacking Is A  Crime And Hacking Is Illegal… But In The Modern Technology Hacking IS Leads To EveryThing But why Hacking has many types  And there are many types of Hackers in the world but here about it we should know what are the types of hackers in the world And we are going to learn here  First Of All Who Is A Hacker A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. ... Script kiddies: A non-skilled person who gains access to computer systems using already made tools A Hacker is a person who is intensely interested in the mysterious workings of any computer operating system. Hackers are most often programmers. They gather advanced knowledge of operating systems and programmin...
Post a Comment
Read more