How Brute-force cracking can reveal your password?
Introduction :
In the world of cybercrime, Brute force attacks have become very popular as the number of attacks in a day is counted from thousands to several million.
Brute force is a trial and error method for cracking the username or password for a particular account. It creates a lot of combinations and keeps on guessing the password or the username until both the aspects form a perfect combination.
It is also known as Brute force or Brute force cracking, and the technique is exclusively used for cracking password or usernames of a target account.
Basically, a lot of combinations are tried until you get the right password. But it is not as simple as it sounds, even an ATM cards pin or mobile phones pin has a minimum of 4 characters which are a combination of numbers, so here the possibility will be a total of 9000 attempts, but do you really think that you will be getting so many attempts before you get locked down.?
When it comes to attempting for the right password, you might have noticed with facebook or Gmail that it gives you a maximum of 4 attempts after which you get locked down, In some cases the lockdown is carried for 24-48 hours however if the security is high there are chances that you may lose your account.
Let us make it simpler for you. Let us imagine a password having 8 characters which can be alphanumeric.
By calculating the number of characters which is 26 Uppercase and 26 lower case letters along with 10 digits making it 62 in total. For an 8 character password, the number combination will be 628 which is around 218 trillion combinations, taking it one try per second will be 7 million years for trying all the combination and I am sure no one is going to live that long.
If you have supercomputer which can make which can make at the least 1000000000 tries in a second then the password can be cracked in 22 seconds which is practically impossible unless you have a supercomputer.
If you think that it is the only type of attack that can reveal the password, you are wrong, there is another one which works the same way but with reverse phenomenon, which is Reverse Brute force attacks.
A reverse brute force attack is the same phenomenon which is widely used for password cracking, but there is a small change, this is used when you know the password and you will have to guess the username, but this is not similar to Brute force attack where you will have to guess millions of combinations before finding the right working combination.
Aircrack-Ng :
Aircrack Ng is a popular tool used for password cracking, It uses the WEP/WPA/WPA2 protocol for Wifi 802.11. If you under a brute force attack you should know that password cracking mainly depends on the dictionary of the password combination available on the cracking tool. More effective the dictionary, sooner are the chances of cracking the password.
This tool is available on Windows and Linux Operating systems, However it is also imported to run on Android and iOS platforms as well. You can download the tool from the official website
John The Ripper :
This is another popular tool used for password cracking, Next to Aircrack, John the Ripper is the second most widely used tool for Brute force attacks.
This tool was first developed only for Unix systems, due to the sudden gain in popularity, developers started working on different operating systems and today it is available on more than 10 widely used operating systems including Windows, DOS, Linux, BeOS and many more.
This tool normally performs password cracking using all the combinations of alphabets and numbers, but if you on a dictionary attack, it can use the dictionary of password to perform a dictionary attack.
This tool can be downloaded here
Rainbow Crack :
Rainbow crack is another tool used by most of the hackers in cracking password, this tool is famous for the rainbow tables of combinations to perform attacks,
Rainbow tables are a precomputed set of values or combinations that reduce the time taken to crack a password.
This application is still active and is available only on Windows and Linux platforms,
The tool can be downloaded from the link : http://project-rainbowcrack.com/
Cain and Abel :
This is a popular and multi-tasking tool for hackers, Similar to the tools discussed above, this tool helps in cracking password and also dictionary attacks.
You should know that this tool is recognised as malware by most of the Antivirus software. Make sure you turn off Antivirus if you are installing the tool.
As the tool is labelled as a multitasking tool, below are some of the known features which can be performed using Cain and Abel.
- Network Sniffing
- Dictionary attacks
- Decoding passwords
- Analysing routing protocols
- Recovering network keys
Click here to download the tool.
HashCat :
A lot of hackers claim that Hashcat is the fastest CPU based tool for cracking passwords, This tool is available for free and is available on Linux, Windows and MAC OS versions.
The speciality of this tool is that it supports all the hashing algorithms like LM hashes, SHA-family, MD4, MD5 etc. Also, you should know that this tool is not only used for Brute force attacks but also used for Dictionary attacks, fingerprint attacks, Mask attacks and many more.
This tool can be downloaded from the official website.
NCrack :
We have discussed a lot of tools that work on common Operating system platforms. This tool gained popularity for being usable on RDP, SSH, FTP, SMB and other platforms.
This tool also supports all the versions of Linux, BSD, Windows operating systems.
SAM Inside :
SAM inside is another popular tool used for cracking Windows OS passwords, It is similar to tools like Ophcrack or Lophtcrack. This tool can crack around 10 million passwords in a second if you have a computer with good speed and high-end configuration. This tool supports over 400 hashing algorithms including SHA-family, MD4, MD5 and many more.
Dave Grohl :
Dave Grohl is a popular password hacking tool for MAC OS and supports This is an open all versions of MAC, This is a specialised tool for brute force attacks and dictionary attacks as well. It is so advanced that it can be performed from multiple computers to attack or work on a single hash code. This is a open source application and all the source codes are available here
Simple Steps to prevent Brute Force Attacks :
Password Length : Always make sure that you set a password strong enough from being hacked and which can be remembered easily, Do not keep your birthdays, pet names, phone numbers which can be easily guessed.
Password Complexity : Complexity of the password can be measured by the number of characters and the combinations used. Nowadays it is recommended to have a password of 8-15 characters, which includes the use of alphabets( upper and lower cases ), numbers and special characters.
Limited Login attempts : This is the best feature developed till date which helps you keep your account safe, Social media applications like Facebook, Instagram and Email services like Gmail have already got this feature in use.
This feature locks you down from your own account if you exceed the number of failed login attempts, the criteria can be either Username or the password, if the combinations do not match, the account will be locked. Some accounts get locked for a few hours a whereas some go up to 24-48 hours.
Two-Factor Authentication : This is another unique way of protecting your account from brute force attacks, Two Factor authentication helps in being logged into your account using 2 ways, For example, Gmail uses two-factor authentication using the password and your phone number.
Whenever you are logged into your account from a new network or a different device, it sends you a code to your phone number which has to be validated and you will be able to proceed.
Using a strong encrypted VPN : Virtual private networks are more commonly used when you want to secure your connection, Nowadays it is widely observed that VPN is used for accessing Geo-restricted sites, but that is not actually VPNs were introduced for. Once you are connected to a VPN server, all your browsing activities are channeled through a 256 bit encrypted tunnel which takes millions of years to bypass.
Conclusion :
Brute Force cracking is the best possible password cracking method, practically being impossible on a normal computer, it is still recommended to have a strong and lengthy password with all the combinations like alphabets, numbers and special characters, It does not avoid a brute force attack but surely makes it tough and time consuming further. Another solution will be using a VPN service to completely encrypt your connection. With the likes of LimeVPN, rest assured that all your data will be secure as LimeVPN uses a 256 bit military grade encryption on their servers.
Any suggestions or doubts, write to us in comments.
