BRUTE-FORCE ATTACK

BRUTE-FORCE ATTACK

Disclaimer: This presentation is for educational purposes only. Nothing in this presentation constitutes legal advice. The individuals appearing in this presentation, if any, are depicted for illustrative purposes only and are presumed innocent until proven guilty in a court of law.

Unlike the dictionary attack which tries only those words present in the list, the brute force attack, on the other hand, tries every possible permutation of alphabets, numbers and even special characters until the right password is found. In theory, it is possible to crack any password using this approach, but here’s the catch! The bruteforce attack takes a long time to crack passwords. The time actually depends on the speed of the computer and the complexity of the password. For example, if the target password is small and doesn’t contain any numbers or special characters, it is fairly easy to crack such passwords using this approach. However, if the password is lengthy, contains numbers or even special characters, this approach may take a long time to complete. For some complex passwords, brute force approach may take up even years to finish the cracking process as there are billions of permutations to try.

Here is how you can configure the Brutus program to try the brute force approach: 

1. Configure the “Target”, “Type” and “Port” in the same way as in the case of the dictionary attack. 

Under the “Authentication Options”, select the “Pass Mode” as Brute Force and click on the “Range” button as shown in the Figure below :-

2. Once you click on “Range” you will see a number of options to select with such as “Digits only”, “Lowercase Alpha”, “Uppercase Alpha” and so on. You can also set the Min Length and Max Length to narrow your brute force attack option.

In the above example, Brutus will try all permutations of lower alphabets ranging from 0 to 6 characters in length. Going for options like “Mixed Alpha” or Alphanumeric” and increasing the Max Length would increase the success rate of cracking the password but consequently takes more time to complete.

3. Once your range selection is over, click “OK” and hit the “Start” button. 

The brute force cracking attempt will begin and will take anywhere from a few minutes to a couple of hours to complete. If the crack attempt is successful, you should see the username and its corresponding password displayed on the Brutus window!

That's it, all done here.