"Brute Force Attack"
Hey Fellas π, after taking hands with "SQL Injection" in the previous post Link here π, let us move towards new attack called the Brute Force attack.
Let's take on about what is Brute-force attack...
πIntroduction
Brute Force attack is a cryptography-based attack in which an attacker tries to gain unauthorized access to the system or website by trying multiple combinations of passwords and usernames until the match is found. It is like "guessing" someone's password systematically until the correct one is cracked. The attacker guesses a key generated from the password using the Key Derivation Function(KDF) called an exhaustive key search.
As the length of the password increases, the number of combinations in the brute-force attack increases exponentially. Brute force attacks are simple, reliable, and have a high success rate. If a password is weak enough, it merely takes a few seconds to crack it and some can even take years to crack a longer password.
For cracking the password, you need a wordlist(usually a text file) that contains the keys related to the username and a password list of all the possible combinations to match the original one and by combinations of username list, one should iterate through.
πTypes of Brute Force Attack
1. Simple brute force attack:
‣ Hacker attempts your password credentials not much assisted from any tool or software. These attacks can reveal extremely weak passwords and IDs.
2. Dictionary attack:
‣ They are not necessarily brute force attacks but these are standard and most basic to brute force attack. An attacker mainly uses many words, phrases, or strings and their combinations to get into someone's system or site. The credentials used in this attack are generally guessed as the name of the color, flower, dish, and many such things related to a username.
3. Hybrid brute force attack:
‣ A hybrid brute force attack is a combination of both dictionary and brute force attacks. This attack starts as the logic behind what the password of the target should be and continues as a classical brute force approach. It has a list of passwords guessed in a dictionary.
4. Credential Stuffing:
‣ It uses a combo of username-password of many users to test them on different websites. Since users use frequent logins to multiple websites, it can be tested up to months on a system. Users that use the same password for multiple logins are often a victim of these attack.
5. Reverse Brute Force attack:
‣ In reverse brute force attack, a single-common password is tested on multiple users or encrypted files. This process may be repeated and the attacker is generally not targeting a specific user.
πPopular attacking tools used in Brute Force attack
1. THC Hydra: It is the tool of choice for brute-forcing. It can perform rapid dictionary attacks against 50+ protocols. Works on Windows, Linux, iOS, Android.
2. John the Ripper: Most famous password cracking tool for long passwords. It has a good, user-friendly command-line interface. Works on Windows, Linux, OpenVMs, and 15 more platforms.
3. Hashcat: The most advanced and fastest password recovery tool. Can perform simple and hybrid brute force attacks easily. Works on Linux, Windows, Mac OS.
πPassword cracking examples using John the Ripper
(Source: "Penetration Testing - A Hands-On Introduction to Hacking" by Georgia Weidman)
‣ The following example contains the password and user admin list in John the Ripper,
root@kali: john xphashes.txt
Warning: detected hash type "lm", but the string is also recognized as "nt"
Use the "--format=nt" option to force loading these as that type instead
Loaded 10 password hashes with no different salts (LM DES [128/128 BS SSE2])
(SUPPORT_388945a0)
PASSWOR (secret:1)
(Guest)
PASSWOR (georgia:1)
PASSWOR (Administrator:1)
D (georgia:2)
D (Administrator:2)
D123 (secret:2)
‣ In the above listing, we see that PASSWOR is the first half of the user secret’s pass[1]
word. Likewise, it’s the first half of the password for georgia and Administrator.
The second half of secret’s password is D123, and georgia and Administrator’s
are D. Thus, the complete plaintext of the LM-hashed passwords are
PASSWORD for georgia and Administrator and PASSWORD123 for secret. The
LM hash doesn’t tell us the correct case for a password, and if you try log[1]
ging in to the Windows XP machine as Administrator or georgia with the
password PASSWORD or the account secret with PASSWORD123, you will
get a login error because LM hash does not take into account the correct
case of the letters in the password.
(What are "lm" and "nt"?
The LM(LAN Manager) and NTLM(New Technology LM) are the Microsoft Security Protocols. These are the ways in which Windows stores password. These protocols use hash in response between a server and client.)
And one more short example,
‣ Example (see here)
B4B9B02E6F09A9BD760F388B67351E2B
‣ The algorithm
MD4(UTF-16-LE(password))
UTF-16-LE is the little-endian UTF-16. Windows used this instead of the standard big-endian, because of Microsoft.
‣ Cracking it
john
--format=nt hash.txt
hashcat -m 1000 -a 3 hash.txt
πSecurity measures and preventing Brute Force attack
1. Use standard Passwords and Usernames. Stop using common passwords.
2. Beware of creating accounts that ask for some privacy-related and higher permissions.
3. Enable the two-factor authentication for all your social media accounts.
4. Avoid re-opening of accounts by typing wrong passwords. Avoid multiple attempts while logging into your sensitive accounts.
5. Increase password authenticity by increasing length, have lowercase, uppercase, numeric and special characters in your password.
6. Take a good delay to log into an account after many login attempts, it ensures safety.
that's all about Brute-Forcing, guys we are going to see many interesting attacks in hacking with codes, examples and tutorials also. I will provide you all so that you can practice them on your device also. Next post will be on one of the most famous hacking attacks in android as well as computer...
Stay tuned...SEE YOU...LoL...π
Really really informative even if I am not doing from this domain, but still keeps me curious ππππ
ReplyDeleteThank you so much bro...We will have hands-on practicals in coming posts...keep supprting the blog...all is your love that keeps me inspired...
Delete