The easiest hacking method - Brute force

in #popularscience5 years ago (edited)

The easiest hacking method - Brute force

Brute force - one of the most popular methods of hacking passwords on servers and in various programs. Program-cracker tries to get access to a program (for example, to the mailbox) by brute force in accordance with the criteria specified by the owner of the program: dictionary, length, combinations of numbers, etc.


The program takes into account the minimum and maximum password length. It requires maximum system resources and takes a lot of time.

Brute force attack involves sequential selection (in other words hacking) of different characters until the necessary combination is selected. The rate of selection depends on the productivity of computer and complexity of the password, but the process can be performed in a linear time.

This method of password guessing is very good as in the end this password will be cracked, but it may take a very, very long time. So that this method of hacking is not always justified, if the user-owner of the hacked service acted quite cleverly, and didn’t use simple passwords like "123», «qwerty», but used both uppercase and lowercase letters, numbers, and special characters that are allowed. If the password is long enough (about 10 characters), then brute force hacking wouldn’t be dangerous.

During the development of various cryptographic ciphers, a total busting method is used in the evaluation of its resistance to cracking. This new code is considered to be sufficiently persistent if there is no faster method of hacking it than exhaustive search of all possible keys. Such cryptographic attacks, like brute force, are the most effective, but often take a very long time.

Dictionary attack is the most used type of brute force - the selection of passwords is made from a text file with a pre-compiled dictionary. This method of attack is very effective in mass hacking, for example, to hack an Internet messengers and ICQ accounts. At the same time, there is a fairly high probability that the attack by the dictionary wouldn’t succeed.

Since 2005, the number of attacks carried out on secure SSH-services significantly increased. Even if the server has the newest software, it does not mean that it is impossible to choose a password, especially if the firewall is inactive or is not configured correctly. So to increase the impossibility of hacking you need to configure the firewall properly, it will help protect the server from unpleasant surprises in the future.

And finally, let's talk a little bit about the mathematical side of Brut force

  • In terms of knowing some methods of passwords Bruting, the screening of unacceptable values is used (blank passwords, the same recurring characters, etc.). In mathematics, this method is called the branch and bound method.
  • Methods of parallel computing, when several passwords are sorted out, are also used in Brut force. This is accomplished in two ways: by conveyer method, and by the method of Brut force of disjoint subsets of all possible passwords.

Hacking by brute force method is quite slow, but powerful, so hackers use it to this day, and in view of the ever-increasing power of computers and bandwidth of Internet channels, it will be in service for a long time.

Remember that all the actions that are aimed at gaining unauthorized access to other people's information are illegal. All methods of brute force, which are described in this article may be used only to find vulnerabilities in the services that belong to you.

References: 1, 2

Follow me, to learn more about popular science, math, and technologies

With Love,
Kate

Image credit: 1, 2, 3

Sort:  

They mostly find it useful when there is no other chance like social engineering the admin side of the determinated website or most of them go search by the 0day exploits where they can decide to use them or resell them even.

@krishtopa is there any possibility to see the IP address - (real one) of the hacker? Brute force gets reported via loginizer but I wonder if the IP address is actually for real cause some IP address points to huge companies and I wonder if they are actually the real hackers.
Great post - I followed you.

Most services now provide all logging data to the user, so you could figure out if the login was malicious. But most hackers use VPN and proxy, so IP address that you see tells almost nothing about the attacker

@krishtopa - yes, I doubted about the IP address as well
and most of the addresses lead to a huge online shopping name -
thank you for confirming that .