- Brute force password guessing is just what it sounds like: trying a random approach by attempting different passwords and hoping that one works. Some logic can be applied by trying passwords related to the person’s name, job title, hobbies, or other similar items.
- Brute force randomly generates passwords and their associated hashes.
- There are tools available to perform the Brute force attack on the Windows SAM File. Most famous tool available for Windows User Account Password Brute forcing is Cain and Abel. Another one is Sam Inside.
Types of Brute Force Attacks:
The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all. Dictionary attacks start with some assumptions about common passwords to try to guess from the list in the dictionary. These attacks tend to be somewhat outdated, given newer and more effective techniques.
Recent computers manufactured within the last 10ish years can brute force crack an 8 character alphanumeric password – capitals and lowercase letters, numbers, and special characters – in about two hours. Computers are so fast that they can brute force decrypt a weak encryption hash in mere months. These kinds of brute force attacks are known as an exhaustive key search, where the computer tries every possible combination of every possible character to find the right combination.
Cracking passwords for Super computer and quantum computer is very easy.
Simple Brute force python Script:
Suppose the password is 12345:
—————————————————————————————————————————————-
Password = str(random.randint(0,14999))#example password
for i in range(15000): #0-14999
Trial = str(i)
if Trial == Password:
print(‘Found password: ‘ + Password)
—————————————————————————————————————————————-
By this script we can easily crack the password which is in the range between 0 to 14999.
Defend Against Brute Force Attacks
There is something in your favor when it comes to brute force attacks – time! Brute force attacks are not instant, so you have some time to spot one in action and take the correct steps to prevent it from going any further.
- Increase password length: More characters equal more time to brute force crack
- Increase password complexity: More options for each character also increase the time to brute force crack
- Limit login attempts: Brute force attacks increment a counter of failed login attempts on most directory services – a good defense against brute force attacks is to lock out users after a few failed attempts, thus nullifying a brute force attack in progress
- Implement Captcha: Captcha is a common system to verify a human is a human on websites and can stop brute force attacks in progress
- Use multi-factor authentication: Multi-factor authentication adds a second layer of security to each login attempt that requires human intervention which can stop a brute force attack from success