Saturday, December 13, 2014

What Is Brute-forcing?

BRUTE-FORCING

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys.Just as a hacker might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.




Crackers are sometimes used in an organization to test network security.

Example: Ophtcrack uses brute force to crack Windows NT passwords from a workstation. PC Magazine reported that a system administrator who used the program from a Windows 95 terminal with no administrative privileges, was able to uncover 85 percent of office passwords within twenty minutes.

You must have seen in movies how a hacker cracks a password. He take out a small device from his pocket. Connect it to the locker or whatever he wants to crack and then lots of digits and alphabets are shuffled on the device’s screen and in a matter of minutes (and sometimes in seconds), the thing is unlocked. Pretty Impressive but it doesn’t happen that way. Basically a online system (by online system i means a system which requires you to log in to get access) can’t be hacked like that. Even a password stored in a offline file can’t be hacked so easily.

You want to access a file which is password protected. You create a program that tries every possible combination of alphabets and numbers and then feed it to the file if its the right one. This procedure is repeated till the right combination is accepted by the file. This is what we call as a attack. And this very procedure of trying possible combinations is called Brute Force Attack.

Here is the list of most popular brute forcing softwares:
1.Attack tool kit
2.CrackWhore 2.0
3.Apache scanner
4.Brutus
5.Brutus 2006
6.CGI scan
7.crackftp
8.E-mail cracker
9.hackers utillity
10.php brutforcer
11.php BB pass extracter
12.php cracker
13.shadow scan
14.web crack 4.0

Now even if a hacker has the best of hardware, he can’t hack that easily. Why? Ever entered a password wrong multiple times? It requires you to enter the image to confirm that you are a human and it is not a account called a Captcha and even if that fails (yes there are algorithms that can read the text behind the image), the user is forbidden to enter the password for a fixed amount of time. So, there is no way in hell that a hacker can hack by Brute force or even with the help of rainbow tables. But it surely gets the job done for offline files...

This is how a Captcha looks like.

No comments:

Post a Comment