brute-force's questions - English 1answer

548 brute-force questions.

I've been looking into the oAuth 2 authorization framework for a while now. Yesterday I started wondering how to prevent a brute force attack during the Authorization Code Grant flow (https://tools....

I've updated Kali 2.0 to newest version - it is installed using VMWare. Now, every time I use hydra to brute-force SSH, I get the following error: [ERROR] target ssh://192.168.16.128:22/ does not ...

One of the most common attack vectors against servers is bruteforce login attempts. This is where attackers attempt to access my server, by trying endless combinations of usernames and passwords. So ...

I can't remember my password for a locally installed app but I wrote it down poorly and am sure of 6 letters/numbers out of 11. I generated a list of all the possibilities given that the badly ...

My colleague at work lost the password to his external hard drive (HDD not SSD), a WD Elements. He remembers that his password was simple and 8 characters maximum. The problem is the encryption ...

My http responses produces a '0' when there a valid user is detected and '1' when an invalid user is detected. I used the following hydra commands: hydra URL http-form-post "/checkUser.php:username=^...

I am trying to use Hydra to brute force a HTTP POST form page, however the page is returning a HTTP Continuation I'm not sure what that is. This is being caused by the HTTP/1.0 at the top of the ...

We had a small discussion about a security-related article at work today, and I was a bit surprised about one thing - they claim that some attackers managed to brute-force guess the password of ...

One of our servers (running RdpGuard) shows multiple failed attempts from specific users' machines (3 to be exact) and I can't figure out what is causing them. One user is local and two are remote ...

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-...

I have 2 question after reading this guide on how to evaluate router admin password: https://buffercode.in/hack-crack-web-form-passwords-using-hydra-burpsuite-kali-linux/ This is the command format: ...

A web API needs to store a 'key' for authentication, in much the same fashion as a password but at 128 characters. My concern is that the salted SHA1 hash for the key has less entropy than the key ...

Can the WiFi protocol recognize when a brute force or dictionary attack on it is occurring? WiFi gives the user an authentication failed message after entering an incorrect WiFi password several times....

In XKCD #936: Short complex password, or long dictionary passphrase? Jeff claimed that password cracking with "dictionary words separated by spaces", or "a complete sentence with punctuation", or "...

If I'm not wrong, the cvv code almost always follows a certain pattern based on the credit card number and dates. What are the possibilities to go through to hypothetically bruteforce a cvv code? Is ...

I've just watched this video which shows the attacker bruteforcing both usernames and passwords. How can this be achieved without hitting any limit rate? Does it mean that WordPress doesn't provide ...

Our company has a mobile app with a lot of traffic and we want to protect its API. How can we reduce brute force attacks? Does account lockout is the fastest and proper way to achieve protection? We ...

I have a question about John the Ripper and it's incremental mode. As far as I know, the incremental mode is a brute-force mode, and it tries to get the password by systematic combining all ...

To polish my penetration testing skills I want to attempt to crack NTLM/NTLMv2 hashes (via dictionary/wordlist attack) extracted from Active Directory / SAM database, where the underlying passwords ...

I am building a website and I am implementing two factor authentication (2FA). The second factor will be a random 6 digit code like those from Authy. This site will store very confidential information....

With some colleagues we're having a debate regarding the randomkeygen.com website. I do think that there is a security risk using the generated keys of this (or any of this kind) website. Why ? ...

I am creating a word list for attacking a personal .dmg file on OS X. I'm using John the Ripper for the cracking, and Crunch to create the word list: ./crunch 13 13 abcdefghijklmnopqrstuvwxyz ...

This is purely a thought exercise. Assume a server which does not implement throttling or lock on failed attempts. The server accepts a username/password request & sends back a Yes/No response. ...

With regards to the following question about the feasibility of (brute|dictionary|rainbowtable)-forcing an NTLMv2 hash: How feasible is it for an attacker to brute-force an NTLMv2 response captured ...

Background: I have an SQL Server database running on Amazon RDS The AWS dashboard has a section for logs and whenever I check the logs I see the following: 2018-04-27 06:10:26.00 Logon Error: 18456,...

My previous home wifi router's WPA2 password was permanently fixed to FZ4HBCKHGC8. How long would it take to crack via brute force? Or more pragmatically: How long would it take to exhaust all ...

I want to test some mechanisms of my website when the password of a single user is entered a lot of times in a short time incorrectly in the login form. Therefore I got Hydra (for windows) on GitHub. ...

I have found a flaw in a site where the password reset feature resets passwords in the following format UpperCaseLetter-Number-LowerCaseLetter-Number-LowerCaseLetter-Number-UpperCaseLetter Eg: ...

During the last week, our company website has been under a weird brute-force, this attack actually led to hacking an admin account. Our website is a wordpress site. The attacker keeps performing POST ...

This question concerns dictionary attacks conducted: Over the Internet, using programs like THC Hydra Via protocols such as HTTP, FTP and SMTP I believe I'm right in thinking that: a) due to the ...

I came across today to the first zip file with password I had ever seen (I realise now it's common but yeah...) So I didn't know the password and started searching on the web about ways to bypass it. ...

A 256 bit AES key is required to be broken using the brute force method on a 2GHz computer. How long would it take to break the key in the best case and in the worst case situations? Assume that 1000 ...

Especially in cryptocurrencies you often hear people say that private key/seeds should not be typed "randomly" by humans, but rather use a truly random number generator. I understand, that humans ...

So I'm interested in Brute Force attacks and I have made them with Python 3 and C++. However, those only reached a max of about 20 million passwords per second. I know for a fact that 1 billion ...

This is going to get long, so prepare. Basis of the question is, Do all these steps improve security, or am I completely overthinking the problem? Are my assumptions/thought process valid? We all ...

I've watched Mr. Robot lately and can't stop thinking why it was so hard to decrypt files encrypted using AES encryption with a 256-bit key. Let us say the only method to find the key is through brute ...

I know that CDN services usually protect a user by hiding it's original machine's IP and by screening (and banning) any attackers that send too many requests in the form of DDoS. But should a CDN ...

I got my hands on an old-ish residential gateway with SIP support and two analog phone connections. I want to use it for it's SIP support to use analog phones with my SIP provider. I didn't know the ...

Are there any significant speed up in time on cracking an RSA key (either brute-force or factoring with general number field sieve) using a GPA or FPGA compared to a CPU? If there is a speed advantage,...

When talking about password security, a lot of discussion centers on the risk of a password being guessed in a brute-force attack. For websites where a user has registered an account, what are the ...

Request for logs please. So, I had an interesting question posed to me around geographical trends in SSH brute force attempts. The question being "has anybody ever looked into the prevalent SSH ...

I am using itsdangerous to sign a string using a secret key. It says that the signing mechanism is HMAC and SHA1 and that it is an implementation of the Django signing module. Assuming I use one ...

Backgound Reading this article on BBC News dated 29th March 2018, the company in question suffered a data breach and up to 150 million accounts usernames, email addresses and passwords were ...

This article states: Brute-force techniques trying every possible combination of letters, numbers, and special characters had also succeeded at cracking all passwords of eight or fewer characters. ...

I've read various articles on password strength and passwords vs pass phrases (including the one from XKCD and its thread here), but most of those articles seem to be focused on online passwords, and ...

Hi I have created a login page Below. I want to test the security of my exe I do not want to use a captcha or timeout on my exe. Are there any applications specifically designed for bruteforcing .exe ...

What is a good source for an [American] English character frequency analysis containing the space character? I have seen this Norvig analysis, and it does not contain frequencies of the space ...

I have some specific problem. Is there any possibility how to find out Wi-Fi password with dictionary attack without connecting to the Wi-Fi? I need it for my bachelor thesis, where I am using ...

I've been doing some research on hacking recently and I found some very interesting tutorials on brute force cracking. I have some questions to ask and I'll be using Facebook as an example. Let's say ...

I just installed ownCloud in my laptop. I tried to brute force my ownCloud using Hydra and Hydra gave me 12 valid passwords where none of them are my right password. I googled it and the result says ...

Related tags

Hot questions

Language

Popular Tags