Speaking in laymen terms, a brute force attack typically is a hit-and-try attacking method. A set of predefined values is matched against data generated from attacking a target. The attack succeeds when a match between the two data sets is struck. Where most other sophisticated attacking and breaking techniques might fail, brute-force is something that will always give you a result.
The feasibility of using this, however, varies according to the predefined values that you use to test for a match, as well as the data set that is matched. If the data is too large or too complex, it is not feasible to use a brute-force attack since the computation time would be too large. Although many modern techniques have looked to usurp it, brute-force attacks still remain a basic method of attack.
Popular Tools for Brute-force Attacks
Although brute force attacks are still primarily being used for password breaking, they have other applications in revealing hidden content and web pages in web applications. It is the most generic and successful password cracking tool at one’s disposal, but the issue is the computation overhead that comes along with. Nevertheless, here is a list of the popular tools for brute-force attacks that are available today:
- John the Ripper
John the Ripper is one of the most widely use brute force attack tool. It was originally developed for Unix systems but now supports over 15 platforms. It performs a brute force attack by combining all the text and numerical patterns to look for a match. It can even crack encrypted passwords as it can detect the hashing used in the encryption.
- Rainbow Crack
Rainbow Crack is an efficient tool for brute force attacks. It looks to minimize the time taken to search for a matching hash value when decrypting hashed passwords. It does so by using a rainbow table, which is a pre-computed table with the reverse hash values for the passwords. This means that the tool need not calculate the hash value at each attempt as it simply needs to refer to the rainbow table. Many organizations have provided pre-computed rainbow tables which can be downloaded from the internet. However, there is the drawback of the table using a lot more space than any other brute-force tool.
- Cain and Abel
Cain and Abel is another brute force attack tool worth mentioning here. It is quite popular as it has different approaches to cracking a password like brute-force approach, dictionary attack, and Cryptanalysis attack. Dictionary attacks match the targeted password with all the known passwords while cryptanalysis attacks use the Rainbow table.
This is one of the best wireless password cracking tools and is available free of cost. The approach use by Aircrack-ng is performing a dictionary attack against a wireless network for guessing the password. The feasibility again depends on the password dictionary used, and it supports Windows, Linux, iOS and Android platforms.
This is an open source, free tool used to crack windows passwords. It does so using LM hashes via the rainbow tables. It comes with a rainbow table that can be used to crack passwords containing alpha-numeric characters and which are less than 14 characters in length.
Despite other techniques that aim to decrease the computation time for successful password cracking, brute-force still remains a popular technique. It can be used on any sort of passwords, with only its computation time and efficiency being hampered by the complexity of the passwords.
It is also a great technique to test against weak passwords as the time taken for a successful brute-force attack against a password can give information about its strength. This list provides you some of the most popular tools for brute-force attacks.