Before moving on to our topic, let me ask you few questions. Don’t worry it will be Yes or No type questions only.
First things first, Tell me one thing, Is each and every password of any of the accounts are made only through keyboard? Of course Yes!
What if we get able to create each and every possible combination which can be ever thought or made by a keyboard? Can we crack any of the passwords through that single dictionary?
This question made you think right!
Good!!
What if i say that this logic has been implemented much before we can ever think?
Don’t be shocked! Yeah it’s true!
And this technology is known as
BRUTE FORCE !
Exciting, isn’t it?
Let’s explore what this thing really is!
“Bruteforce is a technology in which the attacker tries guess your login credentials (sometimes OTP and much more) through automatic tools and a wordlist which is usually generated by that particular tool by which we are using this technology.”
A really complex definition, isn’t it?
How about breaking out that complex thing in certain points?
Basically, it’s just a technology which tries a password a number of times.
But, there’s a limit of trying password na? What about it then?
Ohh curious kid!
Bruteforce bypasses that counter first and then try a series of passwords from the weakest one to the strongest one from the wordlist. That wordlist may be one of those generated by the software itself or any of what we feeded to it. The wordlist created by it is generally some information about the victim collected by OSINT (we will cover it in next blog) in a way that can be used as a password and the world lists feeded by us can be a dictionary of anything, literally anything, Yeah! those possible combination of keyboard too.
Trying a million of passwords to crack one, funny! Isn’t it?
And it is quite obvious that if you gonna try a million of passwords then it will cost you time. This makes Bruteforce a really slow process but we got your back mate. We can try attacking the same target through multiple devices using different lists, quite efficient na! (Bonus Tip)
What are those software by which we can Bruteforce and where to find them?
I got you my friend!
- Hashcat: A highly popular and versatile password cracking tool that supports various hashing algorithms and GPU acceleration.
- Cain and Abel: A Windows-based tool that can perform various security tasks, including password recovery.
- Hydra: A fast and flexible password-cracking tool that supports numerous protocols and services.
- Medusa: A command-line password cracking tool known for its speed and flexibility.
- Aircrack-ng: Focused on Wi-Fi security, Aircrack-ng is used for cracking WEP and WPA/WPA2 keys.
- THC-Hydra: A popular online password cracking tool that supports numerous network protocols and services.
- RainbowCrack: Specializes in password cracking using rainbow tables, which are precomputed tables of hashes.
- Pyrit: A Wi-Fi-focused tool that leverages GPU power to crack WPA/WPA2 keys.
A really nice list of tools ha!
But where’s our arsenal?🤔
Well if you use Kali Linux, then it’s a plus point for you. Most of the tools are pre installed in it, you just need to setup them.
Then you gonna enjoy this technology! I am sure you gonna say “Hail Bruteforce!”
That’s all for today’s blog!
Thank you!
