Brute Force attack is one of the famous attacks to crack the heavily encrypted password. It is so successful for password cracking but needs lots of time. In this article, I will explain this attack you in great details. Also, I will explain to you why password cracking is one of the difficult tasks in Hacking. Later in this article, you may learn how to make a well-protected password.
What is Brute Force Attack?
In the starting lessons of password cracking, leaning brute force password cracking is so common. Even if a person has good knowledge of your wi-fi then he can brute force your wifi router to extract password. But it's not that simple.
Theoretically, it is very simple technic, it just uses all the possible combinations of provided characters to find the passphrase of any document or file. It's same as applying all possible combinations by yourself but all this work is accelerated by the use of computers normally.
Still, it is a very long method to crack a small passphrase. You may need to wait weeks for correct combination. If you have done permutation and combination in your previous classes then you may think how many possible combinations a passphrase may have. And it becomes more difficult if you don't know the length and some characters of the passphrase.
There are other tools also like JTR(John The Ripper), Rainbow Crack, Cain and Abel, LOphtCrack and many other. But I will not go to each one of them. Here I just used Crunch to show you how many possible combinations a key may have. Remember Crunch is not a cracker, it's just a key generator.
Crunch is used to generating all possible keys which can further use to crack a password by any cracker like aircrack-ng. If one knows the correct use of Crunch then he may be able to reduce time exponentially.
The commands of crunch is work like this crunch <min char> <max char> <char you want to use> <other options>
All above three images just showing the normal use of crunch. And see the result, like it has grown exponentially.
First one is not so common now, but some people still use 8 letters of keys. Second is in the use so it is effective but you can see the size of file and no. of keys, it's 36 PB and 3.7 quadrillions of possible combinations which are more than a lot. The third one is impossible to crack I think, it's 1.01k of PB.
But the last one, which was used by my neighbor as his previous wifi password, it is very easy. I think it may take you half hour to go through all possible combinations, it's just 42 million.
That's how crunch is used if you know the details of the victim then you can add everything that you know about him.
One more thing is important in brute force, it comes in the category of thermodynamics, I literally read this word thermodynamics in Wikipedia's article about brute force attack. But you really need to maintain the temperature of your computer. Because after a couple of hours, it will start raising the temperature and you have to notice it. It affects the speed of cracking and if it has overloaded, the computer will shut down itself.
Still some passwords need weeks to crack when they show size in gigabytes but they can be crack. The amount of time can be reduced by using more than one system with different type of combinations. Also if data is offline like wifi captured file then speed will not be compromised and it can be done easily. But if it is an online brute force like cracking Facebook or Gmail keys then that always a big wish of people then I think it is not possible. Facebook is more advanced than any of us and they do know how people use brute force so they have their own privacy. Like captcha is a good example. Now every site uses captcha so no one can brute force them and one try to do, they block his IP after 3 or 4 attempts. So using combinations is meaningless on highly secured sites.
Theoretically, it is very simple technic, it just uses all the possible combinations of provided characters to find the passphrase of any document or file. It's same as applying all possible combinations by yourself but all this work is accelerated by the use of computers normally.
Still, it is a very long method to crack a small passphrase. You may need to wait weeks for correct combination. If you have done permutation and combination in your previous classes then you may think how many possible combinations a passphrase may have. And it becomes more difficult if you don't know the length and some characters of the passphrase.
Use of Crunch
Kali Linux is a good platform to perform brute force attacks. Generally, it uses to crack extracted wifi password by use of crunch and aircrack-ng tools. One of them is used to generate the combinations i.e. Crunch and other is used to match the generated combination with captured file or .cap file(encrypted file), which is done by aircrack-ng.There are other tools also like JTR(John The Ripper), Rainbow Crack, Cain and Abel, LOphtCrack and many other. But I will not go to each one of them. Here I just used Crunch to show you how many possible combinations a key may have. Remember Crunch is not a cracker, it's just a key generator.
Crunch is used to generating all possible keys which can further use to crack a password by any cracker like aircrack-ng. If one knows the correct use of Crunch then he may be able to reduce time exponentially.
The commands of crunch is work like this crunch <min char> <max char> <char you want to use> <other options>
All above three images just showing the normal use of crunch. And see the result, like it has grown exponentially.
First one is not so common now, but some people still use 8 letters of keys. Second is in the use so it is effective but you can see the size of file and no. of keys, it's 36 PB and 3.7 quadrillions of possible combinations which are more than a lot. The third one is impossible to crack I think, it's 1.01k of PB.
But the last one, which was used by my neighbor as his previous wifi password, it is very easy. I think it may take you half hour to go through all possible combinations, it's just 42 million.
That's how crunch is used if you know the details of the victim then you can add everything that you know about him.
One more thing is important in brute force, it comes in the category of thermodynamics, I literally read this word thermodynamics in Wikipedia's article about brute force attack. But you really need to maintain the temperature of your computer. Because after a couple of hours, it will start raising the temperature and you have to notice it. It affects the speed of cracking and if it has overloaded, the computer will shut down itself.
Still some passwords need weeks to crack when they show size in gigabytes but they can be crack. The amount of time can be reduced by using more than one system with different type of combinations. Also if data is offline like wifi captured file then speed will not be compromised and it can be done easily. But if it is an online brute force like cracking Facebook or Gmail keys then that always a big wish of people then I think it is not possible. Facebook is more advanced than any of us and they do know how people use brute force so they have their own privacy. Like captcha is a good example. Now every site uses captcha so no one can brute force them and one try to do, they block his IP after 3 or 4 attempts. So using combinations is meaningless on highly secured sites.
Design a Password
Password making may look lazy and no need to read article kind of thing. People do believe if they use wired words and phrases then they can make a non-breakable password, but they are wrong. Big organizations and companies hire hackers for pen testing so they can find the weakness in their systems and security and only a hacker knows how to make a secure password.
The first thing that is most important to design a password is it should not be related to you. This is the weakest point of the victim. People like to use DOB if they want numerics and if they want characters then they use the name of their ex. Also, people like to involve God in their key. Contact number is also an alternative of numerics. All these stuff are very vulnerable in use.
According to my own experience, I'm suggesting you some ways to make a good and secure password.
- Use phrase not word
- Envolve characters numerics capital letters and special characters
- Use local language if possible
- Local languages are very impotent against dictionary attacks. This attack uses the word list that we provide in order to crack the key. But most of the word list on the internet in based on the English language. That's why use your mother tongue or a local language can make a password more protective.
- Change your password frequently
Remember whatever you try a hacker can still hack you if he really wants to. So do whatever you can and if you want to be a password cracker then the journey is not so easy. It is so frustrating and time-consuming. Brute force is not only a method there are many other, one of them is SET.
That's all for today, if you have any other suggestion then please comment below.
Comments
Post a Comment