• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cybersecurity Question About Brute Force

Status
Not open for further replies.
U

us3rnotfound

Diamond Member
How is it that hackers can brute force a password using dictionary lookup or whatever method they use? Most websites/applications will not allow a computer to sequentially try 5000 passwords/sec, they usually have slow response time and have a mechanism to stop you after 3-10 tries usually.

Or is it that, the hackers take all of the software on the server side to (the authentication software) and crack that, then they can talk to it very quickly and feed it a trillion passwords?
 
us3rnotfound said:
How is it that hackers can brute force a password using dictionary lookup or whatever method they use? Most websites/applications will not allow a computer to sequentially try 5000 passwords/sec, they usually have slow response time and have a mechanism to stop you after 3-10 tries usually.

Or is it that, the hackers take all of the software on the server side to (the authentication software) and crack that, then they can talk to it very quickly and feed it a trillion passwords?
Click to expand...

Ideally, you would steal the password file first.

Then, on one of your own computers, you would use a prehashed dictionary file, and simply compare the dictionary hashes against the password hashes.

You might want to look at a tool like John the Ripper for more information.

Uno
 
You download the database. If the database isn't encrypted all the better, some are not. Check out Hash Cat.

http://en.wikipedia.org/wiki/Hashcat

Not sure if we should talk about these programs though. If not mod remove links. Didn't know.

Sometimes all it takes is a phishing attack like in the case of the iCloud nude photos BS. This is why you never open an untrusted E-mail.
 
Last edited:
us3rnotfound said:
How is it that hackers can brute force a password using dictionary lookup or whatever method they use? Most websites/applications will not allow a computer to sequentially try 5000 passwords/sec, they usually have slow response time and have a mechanism to stop you after 3-10 tries usually.

Or is it that, the hackers take all of the software on the server side to (the authentication software) and crack that, then they can talk to it very quickly and feed it a trillion passwords?
Click to expand...

They either guess a password based on other knowledge of the account holder, brute force, or have access to the hash'd passwords. Hash'd passwords can be used to lookup rainbow tables, which at this point would be a simple search through the table for any matching hash.

For web based applications, it is also possible to hijack the session and update the password. For this reason, some sites require you to enter in the current password in order to change the password.
 
Status
Not open for further replies.

TRENDING THREADS

Back
Top