---khai niem
a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually
guessing a combination correctly.
rely on sheer computing power and trying every possibility rather than advanced techniques to improve efficiency
Hydra is a very fast online password cracking tool, which can perform rapid dictionary attacks against more than 50 Protocols
--Huong den ai
--Muc dich
it is for password cracking.
--Tan cong bang cach nao
The most common and easiest to understand example of the brute force attack is the dictionary attack to crack passwords.
In this, the attacker uses a password dictionary that contains millions of words that can be used as a password.
The attacker tries these passwords one by one for authentication. If this dictionary contains the correct password,
the attacker will succeed.
--Tool
Hydra is a very fast online password cracking tool, which can perform rapid dictionary attacks against more than 50 Protocols.
Hydra is described as a network logon cracker that supports many services
-- how to use
In hydra, you can use the -x to enable the brute force options. Brute force options have its own help file which you can get to by typing hydra -x -h.
YOu have to has the database which can easily found on
https://wiki.skullsecurity.org/Passwords
Command line for brute force attack with hydra
Result
--study case of brute force attack
According to China's Ministry of Public Security, TaoBao, a commerce site that could be considered the eBay of China,
was the subject of an ongoing offensive that lasted from mid-October to November. Using a database of 99 million usernames and passwords,
the attackers managed to compromise 20.6 million accounts—or one in five.
--study case of leaked password
Yahoo
Date: 2013-14
Impact: 3 billion user accounts
Details: Yahoo announced in September 2016 that in 2014 it had been the victim of what would be the biggest data breach in history.
Sina Weibo
Date: March 2020
Impact: 538 million accounts
Details: With over 500 million users, Sina Weibo is China’s answer to Twitter. However, in March 2020 it was reported that the real names, site usernames, gender, location, and -- for 172 million users
-- phone numbers had been posted for sale on dark web markets
Share with your friends: |