Friday, October 15, 2010

Brute force attack

In simple terms,Brute force attack is used to crack a password and/or login name of say an ftp website.Here you use a brute force attacker program (the one we are going to use is called Hydra),to carry out the attack.This program uses a wordlist which contains hundreds or maybe thousands of words which this program sends as password to the server.If it matches with the correct password,you get logged in,else you gota add more words to the list.Remember that hacking requires a lot of patience.

So first of all you need to download and install hydra-5.4.Google it.Its free and it doesn't have a graphical interface.You 'll have to use the command line.After you have downloaded it,you need to search for a wordlist.Search for 'wordlist.txt' on Google.It 'll be text file.Save it in your harddisk.Add more words or phone numbers to it if you want to.

The next thing to do is search for a vulnerable site.A site that allows anonymous login through ftp,can be vulnerable.Or if you know the admin login name you can brutefoce the site as demonstrated below.Lets say the admin login name is 'admin'.You can use a wordlist for admin names even.Open the command prompt and change to the directory where you downloaded hydra.Type the following

Hydra -l admin -P wordlist.txt -e ns -vV [ip address] ftp

where [ip address] is the IP address of the site.To know the ip address you can ping the site by typing the following at the cmd prompt


sitetobehacked is the name of the vulnerable site.You will see the ip address of the site.The wordlist should be in the same directory and if you wanna use a wordlist for username also,replace admin by a text file where you have saved the names.Back to our hydra program,after you type the above command,and hit enter,hydra will start bruteforcing the site and it will take few minutes depending on the length of your wordlist.As soon as the password matches with the correct password,the program will stop and you will see the real password.Use it to login to the site using ftp and then you can download and upload files to the server and view all confidential documents!

No comments:

Post a Comment