we have a user name, for example: admin ... then we try each of character combinations as a password using automated script (program).
for example:
user: admin password: 1 -- login fail
user: admin password: 2 -- login fail
... (many login attempts) ...
user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail
... (many login attempts) ...
user: admin password: T3h_s3cr3t -- login success.
Dictionary Attack on Password.
we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated (joined, glued together) into a longer password. again we use automation tool as script for example.
opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.
often it's better to start with a dictionary, before trying brute force or other methods later.
all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.
for a simplified example:
username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.
after using script we'd have following dictionary attack:
user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail
... (many login attempts) ...
user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail
... (many login attempts) ...
user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success.
Hacking Router.
... tried this with my router (TL WR740N), with a success.
Attack on Router's Password with Brutus Software.
Words List,
a 'Dictionary' file.
Attack on Router's Password with THC-Hydra Software.
Login Success.
Other Use Cases.
perhaps this can be used with web applications as well, didn't have time to check this properly as of yet - but my Computer Sciences knowledge tells me that this can be done, not sure if with this versions of software ... if protections such as 'Captcha' won't interfere.
i read that THC-Hydra at least can be used to attack other protocols/software as the SSH for example.
there are protections as well,
there are other similar tools as well.
Hacking Tools' writing urge.
... something tells me i should learn HTTP, Telnet, SSL/TLS & SSH protocols properly, then write a tool similar to Brutus & Hydra.
it's best to know Your hacking tools, to write them from scratch, i think.
Router Firmware Upgrade.
The Router's Firmware Upgrade is possible.
this can be done as is seen on a image above,
there's the danger of turning a router into a spy-tool.
... a lot of low-level programming knowledge & effort is neccessary, i think ...
... probably certain hackers did that already, however, i think.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment