Bruteforce
Jump to navigation
Jump to search
Bruteforce attacks
Description
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Tools
| Name | Compat | Description |
|---|---|---|
| Aircrack-ng | 
|
802.11 WEP and WPA-PSK keys cracking program based on captured data packets |
| Airsnort |
|
Not maintained anymore. Has been replaced by aircrack-ng |
| BruteSSH | 
|
Python based SSH brute force cracker |
| Brutus |
|
Brutus is a fast and flexible remote password cracker available for Windows |
| Burp Intruder |
|
Burp Intruder is a module of BurpSuite. It enables to automatize pentesting on web applications. |
| Cain-Abel |
|
Password recovery tool for Windows. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. |
| Crowbar (SensePost) |
|
Crowbar is a generic password cracker for web applications, also enabling to crack cookies by fuzzing methods |
| Hydra (THC) |
|
Very complete password cracker which understands a lot of protocols |
| JHijack (YGN Ethical Hacker Group) |
|
Fuzzer in Java, mainly used for session stealing and paramaters enumeration |
| John The Ripper |
|
One of the most famous password cracker, based on brute force and words lists |
| L0phtcrack |
|
Password cracker for Windows and *nix systems. Package includes nice functionalities, such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. |
| Lcrack (Lepton's Crack) |
|
Generic password cracker based on both dictionary-based (wordlist) and brute force (incremental) password scan, including the use of regular expressions. Supports MD4, MD5, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. |
| md5cracker.sh |
|
md5cracker.sh is a shell script that connects to various online resources to gather hash corresponding to a provided MD5 string. |
| Medusa |
|
Medusa is a fast parallel login brute-forcer. Many services implemented. |
| mysqlbrute |
|
Brute force tool against MySQL databases |
| ncrack |
|
High-speed network authentication cracking tool based on Nmap syntax |
| Ophcrack |
|
Free Windows password cracker based on rainbow tables |
| Pwdump |
|
Not really a brute forcer. Pwdump extracts NTLM and LanMan hashes from a Windows target, and displays password history. It outputs the data in a L0phtcrack-compatible form, and can write to an output file. |
| RainbowCrack |
|
Tool for Windows, enabling to crack hashes with rainbow tables. |
| sqlninja |
|
Test various SQL injections, escalate privileges, bruteforce passwords on SQLServer databases |
| SSHatter |
|
Perl based SSH brute force cracker |
| W3AF (basicAuthBrute module) |
|
This W3AF module enables to brute force basic HTTP authentications |
| Wikto (SensePost) |
|
Enables to display hidden parts of a Web application by brute forcing directories |
Online resources
- http://gdataonline.com/seekhash.php
- http://milw0rm.com/cracker/insert.php
- http://www.darkc0de.com/bruteforce/
- http://www.hash-cracker.com/
- http://www.onlinehashcrack.com/
- http://www.netmd5crack.com/cracker/
- http://www.md5this.com/crack-it-/index.php
- http://www.hashchecker.com/index.php?_sls=add_hash
- http://crackstation.net/index.php?p=cracker
- http://www.hashcrack.com/
- http://www.cloudcracker.net/
- http://md5.rednoize.com/
- http://www.md5decrypter.co.uk/
- http://md5decryption.com/
Word lists/Dictionaries
- Generic: http://www.skullsecurity.org/wiki/index.php/Passwords
- Hotmail: http://current.com/technology/91108676_email-password-leak-update-gmail-yahoo-aol-and-hotmail-hit-too.htm
- Rockyou: http://securitystream.info/data-breaches/easy-passwords-found-in-rockyou-data-leak/
- Kevin Atkinson's wordlist: http://wordlist.sourceforge.net/
- Default passwords list for common applications/devices: http://www.phenoelit-us.org/dpl/dpl.html
Protection against bruteforce attacks
- Detection with Snort: rule on /etc/password access attempts
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.