NOTE: I’m not responsible about your actions. If you are planning on using this post for malicious purposes then don’t read this!
In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.
A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier.
When password guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because a brute-force search takes too long. Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.
Brute-force attacks can be made less effective by obfuscating the data to be encoded making it more difficult for an attacker to recognize when the code has been cracked or by making the attacker do more work to test each guess. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.(wikipedia)
I created a python based tool to brute-force http protocols easily. And also it’s possible to generate wordlists.
- crackany.py (https://github.com/I2NhbmloZWxweW91/crackany/blob/master/crackany.py)
- Kali linux (Other operating systems are may be sometimes ok. But need to install modules manually. So personally I use Kali linux 2.0)
- open terminal and call crackany.py
- Then enter the url of the site that you need to attack.
- Provide the username of the victim. ex: firstname.lastname@example.org (this tool is not not supported with random usernames. sure i’ll update)
- I’m sure that you need to create a wordlist. Am I worng?
- Have a idea about next steps from above picture.
- minlenght and maxlenght can be given according to you. also you can see ‘maxlength’ form the soure code of the targeted website. Wordset is also according to you. Have some idea about the victim from social networking services like facebook. Create a grate wordlist. it’s the most important thing in this process. I promise you that, it’s very easy to guess normal peoples’ because they use stupid passwords.
- See /root/crackany_wordlist.txt and smile 🙂
- ‘username var’ and ‘password var’ are variables. need little html knowledge. In the source of the website find like <input type=”text” id=”xxxx”> , we need “xxxx” copy them and give them suitably. No idea? Please learn HTML first of all!
- Then wait. wait. wait.
How it works (have a little idea) :
username as userid
<password> as password
check current url != url
if not loop
(didn’t get ? forget about it)
I know what are you thinking now! No..it’s not working with facebook! If you have a little understand above small algorithm, you must get it. Big websites always changing their url unless given username and password combinations are not matched. So it’s not possible to hack them using this kind of simple tool!! You can’t hack someone’s fb account but try to other services that he registered with. GOOD LUCK! -#canihelpyou