In this article I’m going to explain Brute Force. At the end of this article you will be able to explain that, what is Brute Force Attack, how it works, what is the main logic working behind this attack and the most important, how you can prevent yourself from this attack.
What is Brute Force?
Brute Force is a technique used by hackers to find the user credentials. In this technique, hackers crack the user credentials by trying various possible credentials. So, basically Brute Forcing is not about exploiting any loophole or vulnerability of any website or web application. It is all about trying various possible combinations and permutations of password or username of your target. So, we can say Brute Forcing is all about guessing and trying username and password. It is a trial and error method, because in this technique you will have a large list of user names and passwords. In some cases, you may know the password priorly but you will have a large list of passwords then. So, you have to try each possible combination and check whether you get right combination or not.
As it is clear now that, you will need a user name list and a password list. In some cases, you may know the user name, then you will need a password list only, but in other cases you will need both to perform this attack. There are various tools that are used to perform Brute Force attack. Some of the most popular tools are:
- John the Ripper
How Brute force Works?
First of all, hackers feed user name and password list to the Brute Force tool of his choice. It can be one user name and many passwords or many user names and many passwords. Then that tool sends all possible combinations of provided user names and passwords to the target web application or application. After that Brute Force tools checks the authentication for that combination of user name and password.
And then response of the web application analyzed, and then the tool decides the credentials were right or not. If the login will successful then, tool will consider that combination of user name and password as right, and if the login will fail, then that combination of user name and password will be considered as wrong. Then the Brute Force Application will try next possible combination. It can take a lot of time, depending on the size of lists of user names and passwords provided. So, this is how Brute Force works.
How to prevent yourself from Brute Force?
Some of the most common preventions methods are:
- Always use the passwords with long length, because it is hard to guess long passwords, and it is very time-consuming process to crack long password.
- Make your passwords more complex. Suppose your password contains number only, then it is very easy to crack, because password generating tools will generate your password quickly. If you are using Combination of numbers. Alphabets (upper and lower case) and special characters, then your password will more complex. Which will difficult for hacker to crack.
- Use two-factor authentication. So, if hacker will able to crack your password, then also he will not able to access your account.
So, this is all about Brute Forcing. I hope this article was informative. If you have any queries o doubt please ask in comments.