CyD Software Labs > CyD Network Utilities - Security tools > Brute force module to crack passwords

Brute force module to crack passwords:

When your attempts to break into a server using your basic brain power have failed, you can always fall back on the brute-force method (password cracker). No, brute force does not mean that you will have to grab the site administrator by the throat, knock his head on the wall, and demand that he surrender the passwords. Brute force means simply trying different passwords until you hit on the right one.

Look at the statistics. Every security-research project reaches same conclusion regarding the passwords people use: Most beginners use names of their pets, birthdays, phone numbers, and the like as their passwords. A well-compiled password dictionary can let you break into practically any system, because there are inexperienced users everywhere that use these types of passwords. And if these users have high enough privileges, hackers can have a real field day!

Are you still skeptical? Then let me remind you about the famous Morris worm, which used the dictionary method to break into systems. Its own dictionary contained fewer than 100 words. In addition to its own dictionary, the worm used the dictionaries from the compromised computers. But those did not have too many passwords in them either. Using such a primitive algorithm, the worm was able to spread through a huge number of the Internet computers. This was one of the largest-scale infections ever! Yes, it happened a long time ago, but the level of professionalism of the average user has not grown since then. There are many experienced users, but there are many more green beginners.

Is the brute force used by hackers only? No. You can use the brute force if you lose your own password. Administrators could use the brute force to check all accounts in their system to check accounts for brute force attack. You have to change your password if it found in the dictionary or when the password was cracked too fast. If you can crack your password using brute force, a hacker will do it too.

CyD NET Utils include fast brute force to check resistance to crack passwords. To run brute force, select the item Brute force from the Security menu or press brute force button. A Brute force dialog window will be displayed:

brute force module window

  • Host name / address - the host name or IP address of the destination server;
  • Service - select the service you want to check using brute force module. CyD Network Utilities 2007 SP2 support FTP Server and Mail server.

Press within Brute force module window to start brute . A Brute force properties dialog will be displayed:

brute force properties window

Select Default dictionary to use the built-in default names and passwords dictionary. Select Specified dictionary to use your own dictionary. If you trying to crack mail account, you must use Specified dictionary option. In the Users field type the filename that contain correct username, which you want to crack. For most common WEB servers the user name for an e-mail account is e-mail an address or all text before @. For example: john@mailserver.com to authorize can use the john or john@mailserver.com username.

Toolbar buttons:

- start brute;

- cancel brute;

- save result to text file;

Back to CyD Network Utilities - Security tools