Brute Forcers - I'm Interested - What? Where?

I was reading another thread here where the term brute forcer was mentioned. Now, I've heard of them before, and I know what they are. And I'm interested in playing with one. I've always been interested in just trying one out, but I'm afraid that somehow the server will recognize it and trace my IP, and as you can imagine, it would go quickly downhill from there. So, my question is, what are some good brute forcers used today, what protection do they provide against IP tracking, and is there a sort of "playground" for such applications? *Note: If this topic is a bit... inappropriate for this community, I understand. I intend this interegation only as a learning experience.

Comment/Reply (w/o sign-up)

Brute forcers are what their name says - trying to do something by brute force. It's like when you are completely in the dark about a system you're trying to attack - you run this special sort of application that tries to perform logins one after the other based on passwords generated from an accompanying dictionary.

While this is a very uncouth way of trying to get into a system - and any kind of instrusion detection system in place will detect such attempts after 4-5 logins and block your IP - it's somewhat successful on less secure systems. In any case - when using such tools, it's best not to do it from a single IP. You'll end up having your IP blacklisted in no time. Usually, the approach taken is through multiple very different IPs - which connect for a few seconds, try a few of the passwords and disconn upon not being successful. Then another connection sparks off and tries it again with a different set of passwords ... and so on.. this process carries on till you've managed to find a valid login.

The whole process is based on the assumption that 90% of the internet users base their password (even when repeatedly told NOT TO DO SO) on simple dictionary words to remember easily. That's the biggest mistake you can make. On top of that, the person using a brute force cracker, would usually do some social engineering too prior to attempting the hack. This is done to get a valid login-name out of the target invidividual.. That completes half the job - the second half is done by the brute force app.

Brute forcers are way more easier to use on static files - i.e. say to crack the password of a Winzip/RAR archive, MS-Access Passwords - stuff that won't block you out even after several failed attempts. Here the program has the advantage of KNOWING the location where the password is stored in these files and it simply keeps on generating random passwords and then hashes them with the appropriate encryption algorithm and matches this hash with the stored hash in the target programs password db.

Hope this will get you started

 

 

 

Comment/Reply (w/o sign-up)

mse,

rars and zips don't work this way.

The file itself is encoded with the password and a crc checksum is created of the original file. If you enter the correct pass, it decrypts and finds out that the checksum matches the checksum of the file that was just decoded.

If you enter a wrong pass, the original checksum won't be the same as the new calculated one. Then the program assumes you used the wrong password, that way, you must decode the entire zip/rar for every password attempt, so if you have a file of 700mb, decoding takes quite long and is very inefficient.

This means that it's no use to use one computer to crack a large file. Of course, you could try creating a distributed brute-force cracking program that you can run on multiple computers so they will crack as one.

Comment/Reply (w/o sign-up)

I would like to add a little to what MSE has already said.

To bruteforce is to try every possible permuntation that a particular, usually encryption, algorithm can produce. I have written a DES brute force application before so I will use it as a reference.

DES is short for Data Encryption Standard http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf and http://en.wikipedia.org/wiki/Data_Encryption_Standard . Basically DES was created by the NSA as a standard encryption means for the US government. DES uses three elements, a 64-bit plain text, 64-bit key, and a 64-bit chipher text. The key and plain text is feed into the algorithm and the chipher text is the output. Another interesting point is that the 64-bit key is actually not 64 bits but 56-bit due to 8 parity bits.

So the question is this. There is a finite number of bit combinations that 56 bits can make. The combinations are 2^56 or 72057594037927936 keys to be tried.

To brute force an algorithm one must try every possible 72057594037927936 keys. This may seem imposible and it is without computers, and a lot of them. Simply start with the bit sequence of 0 and work you way to the end, ie:

00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000001
00000000 00000000 00000000 00000000 00000000 00000000 00000010
00000000 00000000 00000000 00000000 00000000 00000000 00000011
...
11111111 11111111 11111111 11111111 11111111 11111111 11111110
11111111 11111111 11111111 11111111 11111111 11111111 11111111

This will give you every possible key and one of them WILL be correct. On average the result will be found in half the time it takes to compute the entire key space. In my results it would take 10,000 Penium 2.5GHz computers about 1.53 years to break a DES key. With specialized hardware the process can be scaled down to about 15 hours. Electronic Freedom Foundation, “Cracking DES: Secrets of Encryption Research, Wiretap Policies, and Chip Design,” 1999.

A simplier and more widely used method is to use word lists of common passwords. Instead of trying every possible combination, encode a word, compare it to the password hash and see if a match is present. One of the more common programs is John the Ripper www.openwall.com/john/ . John is portible across almost any platform including Linux and Windows.

If you want to brute force across the network you will need several proxies and an http brute forcer (I'm just assuming you want to crack website paswords).

Comment/Reply (w/o sign-up)

I'm new to computer words and stuff could someone please put it in a more simpler and easy to understand language. Also how do you hack BYOND games?

-BYONDman

Comment/Reply (w/o sign-up)

I can attempt to answer your first query. But, I have no clue about BYOND games.

Brute forcing means repeatedly trying to login to a system by trying all the possible password combinations. This can apply to any panel that is password protected. Say, your friend's cell has phone lock enabled and you need to get through it. The cell takes passwords of upto 3 digits. That equates to 1000 total number of possible passwords (0-999). To hack into the system, you can keep trying all these passwords (0, 1, 2, 3 and so on till 999) until you hit the correct one and the lock opens. As simple as it is, this process is known as brute forcing.

Using the power of automated systems (password crackers to be more appropriate), one can greatly enhance the speed of this process. I remember making a Password Breaker application that could do just that, on a global basis i.e it could attempt to brute force into any application. That was a long time ago, though and it did have a few defects - like it couldn't determine as to when the correct password had actually been entered.

Comment/Reply (w/o sign-up)

Also how do I use the Cain and Abel software? I checked the manual but they wrote as if I was a pro. Could someone make a simple explanation on how to use it and what are hashes? How do I get them?

-BYONDman

Comment/Reply (w/o sign-up)

ADVICE/opinion
Brute Forcers - I'm Interested

Its really easy to break into a lot of sites out there. One easy way envoles 3 programs and takes only 15 minutes once you get use to it. I'm not an expert but ive been doing it for the last three years for a website that sells people logins/passwords for porn sites. I know its moral and all that jazz but its money and in these times we get desprite. Forum Proxy leecher enables you to find around 10,000 proxies to use and its a lot harder to trace back to your computer with the more proxies you have. Once you get these proxies the other part of the Forum Proxy Leecher is to check them for you. Once getting that you need a list of sites that you want to crack into using a program named Staph and this is where you will get the username/passwords. Once finding all that you can you use a program like C-Force or some other program to check brute force there way into the site. I don't use this method anymore but it should still be a good way. You could also use IRC to ask bots to do it for you, but thats a little risky since you could be black listed from it. Now I don't suggest you go out and try these things if you have no idea on what your doing, for me I grew up with it so it came a little easier to me than most. I would leave it to the pros and go around to warez sites or fourms and ask those people to help you or to do it for you depending on the person. If you do decide to fall into make sure you do your research and find all the answers your looking for before doing it. GOOD LUCK:) -reply by ??

Comment/Reply (w/o sign-up)