Sunday, January 24, 2010

More Effective Bruteforcing

The goal of bruteforcing is ultimately to obtain a password via trying everyone possible until you tr the correct one. The main concern in any bruteforce attack is time. Thankfully, there a number of different modifications you can make to a bruteforcer to speed up the process. Please note that these methods are only effective on human created passwords. Passwords generated by a computer may become impossible to obtain if the suggestions in this post are followed.


Eliminate unlikely numbers

The most commonly used numbers in creating a password are the numbers 1 and 9. Unless you have reason to believe that the password you're attacking may contain other numbers, you will want to prevent your bruteforcer from checking any other numbers. Generally, people do not use all the numbers ( 0 - 9 ) available to them and sometimes don't even use any numbers at all. Getting rid of as many numbers as possible from being checked will greatly speed up your attack.


Eliminate unlikely letters

Most people do not use the letters z, x, or q in their passwords. You should prevent your bruteforcer from checking these and any other unlikely letters during your attack.

Attack from multiple directions

Figure out the sequentially greatest password your victim could possibly have. For example, if you believe that they do not have a password more then 8 characters long, then the greatest sequential password they could possibly have is zzzzzzzz. Have a descending sequential bruteforcer work from the top down.

Figure out the sequentially lowest password your victim could possibly have. For example, if you believe they could not possibly have a password less then 6 characters, then the sequentially lowest password is 000000. Have a second bruteforcer work as a sequential ascending bruteforcer from the bottom up.

Lastly, have as many bruteforcers as you can work as randomized bruteforcers and guess passwords between what you believe are the sequentially highest and lowest possible passwords.



Hopefully, the tips and tricks I've shared here will help you to more efficently and more quickly successfully bruteforce a password.

No comments:

Post a Comment