Latest Posts
Loading...
Tuesday, 30 July 2013

Brute Force Password Cracking

10:06





How To Crack Passwords With Brute Force 

Brute Force Cracking: Executes every possible trial in tell successful but this can take extreme amounts of time (years) especially over a slow network or on an outdated computer.
Semi Brute Force Cracking: Executes trial commands with password/key from a word-list of common passwords/keys. This type of cracking is a lot more popular because of its speed but lack in reliability because if the password is not on the word-list the crack will fail.

  • How is it Performed?

Form Request
When cracking via form request an application will fill out a form (e.g.  a login form), submit the form then test the response for a successful login and if not repeat the process. Most of the time the form request method is consider for beginners because it is usually slower and easily detected by administrator and bot stopper software like Google’s reCAPTCHA. I should mention it is possible to crack account using the method by hand but would take a lot of time.
POST Request
When cracking via POST request method it is required to use an application that will POST data to login response page and works a very similar way the that form request method tests for a successful login. The POST request method is consider high classed cracking method because if done correctly can bypass many type Bot stopping software. If the concept to a POST request seems foreign to you that is normal because the POST method is hidden from the average user on the internet but if you are web developer and you do not what a post request is than there is a problem.

  • Why Would Someone do This?

People crack password to gain excess for them self are to sell this information for others gain excess.

  • How Do I Protect My Website from Crackers?

You can protect you website from cracker by only allow certain amount failed login requests per IP. The only problem is then crackers then will just use proxies from a proxy list. You also could put a CAPTCHA after the login request and before the response but if, a cracker really wanted to get in they could just use CAPTCHA solving service that costs money but would get passed you security. So cannot protect 100% from crackers only make it difficult for them.




 
Toggle Footer