brute-force's questions - English 1answer

566 brute-force questions.

I have a database in a dedicated server (CentOS 7) setup by an external provider. I see a disgusting amount of brute-force attempts in MySQL log file every day. I know the best option would be to not ...

I've updated Kali 2.0 to newest version - it is installed using VMWare. Now, every time I use hydra to brute-force SSH, I get the following error: [ERROR] target ssh://192.168.16.128:22/ does not ...

Can the software ModSecurity defend from Brute Force Attacks on PHPmyadmin and WordPress as well? A particular hosting company providing shared hosting told me that ModSecurity should cover ...

My colleague at work lost the password to his external hard drive (HDD not SSD), a WD Elements. He remembers that his password was simple and 8 characters maximum. The problem is the encryption ...

I want to optimize the way I'm using John the Ripper. I have a password with a know length (9) that consists only of (lower-case) hex characters and exactly two special characters. First I tried ...

I can't remember my password for a locally installed app but I wrote it down poorly and am sure of 6 letters/numbers out of 11. I generated a list of all the possibilities given that the badly ...

I'm planning to research & learn from brute force methods, but all the popular ones I found like John the Ripper or hashcat are written in C & OpenGL which I don't have much knowledge about so ...

I am testing a bruteforce on a windows rdp server within a domain. It seems to not be working because nothing is locking out the account I am targeting. How do you specify a domain username? I tried ...

During a penetration testing lab, I have obtained access to a .kdb file of a KeePass 1.25 (password management). Therefore I tried to find a way to obtain the file key file or key and after ...

I want to test some mechanisms of my website when the password of a single user is entered a lot of times in a short time incorrectly in the login form. Therefore I got Hydra (for windows) on GitHub. ...

Let's say i have 50000 SHA256 hash of a complete random generate 16 characters password list (made by upper, lower & numeric characters). Combine brute force with birthday paradox, how many ...

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-...

I was thinking about a thought experiment. Let's imagine a world full of crackers such that whenever you encrypt something there will be someone who will try to crack your cryptographic key through ...

I don't have enough bandwidth for brute force dictionary attacks so I'm searching for a website or a way that I can do brute force attacks as a background process even if I turn my internet ...

i'm using Hashcat for a while & try to solve this challenge: is this possible to crack at least half the possibilities combinations password of 10 character using 94 characters from keyboard with ...

I have a question about John the Ripper and it's incremental mode. As far as I know, the incremental mode is a brute-force mode, and it tries to get the password by systematic combining all ...

I reviewed the auth.log file on my Ubuntu server to find: [preauth] Feb 22 17:39:18 code-storage sshd[17271]: Disconnected from 147.135.192.203 port 49408 [preauth] Feb 22 17:40:15 code-storage sshd[...

When talking about password security, a lot of discussion centers on the risk of a password being guessed in a brute-force attack. For websites where a user has registered an account, what are the ...

I have been learning metasploit. One thing I noticed was that, all the videos on YouTube, which said "Brute forcing", used a password and a username list. My question is that, won't this be called a ...

I'm doing a research project and I have a question regarding how difficult it would be to brute force something. Say there is a piece of text - "My name is James" Removing the whitespaces yields "...

Suppose a user uses a password to log in to their PC. When the user logs in, the PC applies a cryptographic function to the password and compares the ciphertext to the stored ciphertext of the known ...

I want to brute-force a site using Hydra (https-post-form) that I don't know valid login credentials for, so I cannot specify a value for success condition (S=). Failed logins result in a redirect ...

As far as I understand, bruteforcing ssh is only attempted for passwords, not keys (barring edge cases where presumably the NSA wants to break in). So if a server has disabled (in addition to root ...

I know of mask and dictionary attacks. Using a mask attack, I specify the charset for each position in the password pattern, e.g., ?1?1?d?1?d?1?1?d, where ?1 := ?l?u?s. But how do I tell hashcat to ...

I'm trying to get a hypothetical benchmark for the BitLocker hash mode if Hashcat would support it. Which (-m) mode is closest to BitLocker's latest/default algorithm? From Google searches I learned ...

For a while now I have been interested in the passphrase concept as a potentially more secure replacement for classical passwords. My interest stemmed from a gut feeling that passphrases would be of a ...

I've been looking into the oAuth 2 authorization framework for a while now. Yesterday I started wondering how to prevent a brute force attack during the Authorization Code Grant flow (https://tools....

Say, I have on my server a page or folder which I want to be secret. example.com/fdsafdsafdsfdsfdsafdrewrew.html or example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html If the ...

The password was set on a flash drive using LaCie Private-Public for Windows 10. The password is 12 character long. For each character, I know if it is a number, special character, lower case letter ...

I have obtained a hash for a password that I know is 10 characters and contains lowercase, uppercase and numbers. No special chars. I have created the following incremental mode: [Incremental:myown] ...

We had a small discussion about a security-related article at work today, and I was a bit surprised about one thing - they claim that some attackers managed to brute-force guess the password of ...

The question says everything, knowing that a pdf is protected using standard Adobe password encryption that comes with Acrobat Pro (which as far as i know is AES 128) how much would it take to ...

One of the most common cyber attack is Bruteforce , what are the mechanisms available to protect this attack and how industry apply these mechanisms to mitigate the attacks (best practices)?

My http responses produces a '0' when there a valid user is detected and '1' when an invalid user is detected. I used the following hydra commands: hydra URL http-form-post "/checkUser.php:username=^...

I am trying to use Hydra to brute force a HTTP POST form page, however the page is returning a HTTP Continuation I'm not sure what that is. This is being caused by the HTTP/1.0 at the top of the ...

One of our servers (running RdpGuard) shows multiple failed attempts from specific users' machines (3 to be exact) and I can't figure out what is causing them. One user is local and two are remote ...

I have 2 question after reading this guide on how to evaluate router admin password: https://buffercode.in/hack-crack-web-form-passwords-using-hydra-burpsuite-kali-linux/ This is the command format: ...

A web API needs to store a 'key' for authentication, in much the same fashion as a password but at 128 characters. My concern is that the salted SHA1 hash for the key has less entropy than the key ...

Can the WiFi protocol recognize when a brute force or dictionary attack on it is occurring? WiFi gives the user an authentication failed message after entering an incorrect WiFi password several times....

In XKCD #936: Short complex password, or long dictionary passphrase? Jeff claimed that password cracking with "dictionary words separated by spaces", or "a complete sentence with punctuation", or "...

If I'm not wrong, the cvv code almost always follows a certain pattern based on the credit card number and dates. What are the possibilities to go through to hypothetically bruteforce a cvv code? Is ...

I've just watched this video which shows the attacker bruteforcing both usernames and passwords. How can this be achieved without hitting any limit rate? Does it mean that WordPress doesn't provide ...

Our company has a mobile app with a lot of traffic and we want to protect its API. How can we reduce brute force attacks? Does account lockout is the fastest and proper way to achieve protection? We ...

To polish my penetration testing skills I want to attempt to crack NTLM/NTLMv2 hashes (via dictionary/wordlist attack) extracted from Active Directory / SAM database, where the underlying passwords ...

I am building a website and I am implementing two factor authentication (2FA). The second factor will be a random 6 digit code like those from Authy. This site will store very confidential information....

With some colleagues we're having a debate regarding the randomkeygen.com website. I do think that there is a security risk using the generated keys of this (or any of this kind) website. Why ? ...

I am creating a word list for attacking a personal .dmg file on OS X. I'm using John the Ripper for the cracking, and Crunch to create the word list: ./crunch 13 13 abcdefghijklmnopqrstuvwxyz ...

This is purely a thought exercise. Assume a server which does not implement throttling or lock on failed attempts. The server accepts a username/password request & sends back a Yes/No response. ...

With regards to the following question about the feasibility of (brute|dictionary|rainbowtable)-forcing an NTLMv2 hash: How feasible is it for an attacker to brute-force an NTLMv2 response captured ...

Background: I have an SQL Server database running on Amazon RDS The AWS dashboard has a section for logs and whenever I check the logs I see the following: 2018-04-27 06:10:26.00 Logon Error: 18456,...

Related tags

Hot questions

Language

Popular Tags