Questions tagged [brute-force]
An attack using every possible input to attempt to produce the correct output. Typically the method of last resort when no weakness allows the use of a more restricted input set. E.g. trying all possible (or likely) passwords, in an attempt to guess the correct one.
801 questions
2
votes
0
answers
51
views
How do I know if our OTP solution is secure enough? [closed]
At work we are using a one time PIN code (6 digits, TTL 5 min) for signing in to devices that we hand out to our customers. We have earlier deemed that this is secure enough for that use case.
Now we’...
- 21
2
votes
1
answer
202
views
Using PBKDF2 in combination with AES-KW defeats usage of BCrypt password hashes?
We are currently implementing envelope encryption for our app. That means, we need to derive a key from a user's password, which then will be used as a key encryption key(KEK) to wrap another key ...
- 347
1
vote
0
answers
56
views
Can brute-force login attacks bypass AD protections if an application's internal brute-force defense is not enforced? [closed]
I was informed by an entity that their hospital information system relies on Active Directory (AD) for user authentication, with AD configured to detect brute-force login attempts. However, the ...
- 11
1
vote
0
answers
62
views
How to brute force security code or One Time Password
As part of my project, I am trying to brute force a security code for an app using "Forgot my password" option. I understand that I can brute force username and password using Hydra. However,...
1
vote
0
answers
93
views
Doubts About Whether 128-bit Entropy is Secure Enough [duplicate]
I've read a lot of materials(including other related questions in this site) and seen many people lay out the mathematical formulas. I have a decent background in math, so I understand how long it ...
- 121
3
votes
1
answer
743
views
Any information on the encrypted Knoppix user data file system (knoppix-data.aes)?
I remember about 90% of my password used for encrypting the persistent user data file system (stored as knoppix-data.aes) while setting up Knoppix a few years ago and would now like to explore the ...
- 33
2
votes
2
answers
145
views
Can we reduce the search space for viable MD5 hashes?
There is a bug bounty website, I can download any file uploaded on it, including files of other users. However, I need to know the md5 hash of a file to download it.
The uploaded files can be any type:...
- 83
0
votes
0
answers
53
views
medusa error when running
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with medusa... I keep getting a Segmentation fault after running the command, can anyone help ...
0
votes
0
answers
51
views
ncrack returning no results
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with ncrack... To my knowledge the syntax is correct, as I do not encounter any errors however ...
1
vote
0
answers
100
views
Massive Increase in Phony Access Attempts from Microsoft IPs – What Kind of Attack Is This? [duplicate]
Over the past few weeks, I've observed a massive spike in suspicious traffic from IP addresses belonging to Microsoft servers in Ireland. These accesses are blocked due to attempts to reach specific, ...
- 11
1
vote
0
answers
151
views
CVSS Score for brute force attack [closed]
A website is given to pentester. It is observed that the website has a login page at https://example.com/admin. In this login page it is also possible to enumerate from error messages that the user &...
- 129
1
vote
1
answer
343
views
In WPA handshake brute force attack, how can attacker find PMK if MIC is performed using only HALF of PTK?
Brute force attack against WPA is the most common attack against WPA/WPA2 networks. Attacker captures the 4-way handshake that allows the authentication key to be cracked offline.
During the 4-way ...
- 197
0
votes
0
answers
413
views
John the Ripper not working properly
I am new to JTR and am currently trying to crack some passworts I generated.
Because I am new to JTR, I wanted to start by hashing a simple password like "Cat", write it in a file named pw....
- 1
2
votes
4
answers
286
views
How do you rate limit bruteforce attempts on a Tor hidden service?
I'm considering the feasibility of a .onion domain for my website to cater to privacy conscious users.
Actions that occur before there's a known UserID (eg. login page) need to have a bounded number ...
- 510
0
votes
0
answers
45
views
How to correctly compose a command for brute force http-post-forms? [duplicate]
I encountered a strange error when using Hydra to brute force an http-post-form. Please tell me how to write a request correctly to avoid mistakes?
hydra -L userslist -p passlist "url" http-...
- 101
0
votes
0
answers
208
views
Hydra says different passwords with are correct each run, but only one works
I am doing CTF 'Skynet' from THM and came across this problem.
Enumerating SMB, I gathered credentials 'milesdyson' and a list of passwords 'log1.txt'.
I figured that I could try to brute force ...
7
votes
4
answers
9k
views
Is a randomly generated 80-bit password strong enough nowadays?
Theoretical question - Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what ...
- 73
1
vote
2
answers
225
views
Weak password hash + strong rate limiter = secure?
I have a microservice which sole purpose is to serve as a cache for other microservices. The point of the cache is to speed up processing, but the strong password hash algo counter that purpose. (...
- 13
0
votes
0
answers
361
views
How to brute-force password of a GUI application? [duplicate]
I have forgotten the exact password to a locally installed Windows application I use. There is no password reset function.
What I need is a way to use a source file of the various words/characters and ...
- 1
0
votes
0
answers
147
views
Can Sending All Possible Otp Codes Within 1 Second Bypass Server Protections? [duplicate]
I'm exploring the security implications of OTP (One-Time Password) authentication and wondering about the effectiveness of server-side protections against brute force attacks.
If an attacker attempts ...
- 1
0
votes
0
answers
192
views
Cracking 1000-password assignment from hashed file
OS: Ubuntu 20.04 on VMWare, tool: John the ripper
The whole system is up-to-date
The file has 1000 hashed passwords. There are 40 rules provided, a small word list is provided to help crack part of ...
-1
votes
1
answer
397
views
bruteforce local software's password
There is a lot of online tools to bruteforce online server like hydra and offline with hashes like hashcat. Yet it seems very weird that there is not a single offline bruteforcing app for software. ...
0
votes
1
answer
192
views
FFUF command returns status code 400, regardless of mode option: clusterbomb, pitchfork, sniper
I'm working on a lab on PortSwigger.com titled Username enumeration via different responses. While using ffuf to solve the lab, the output keeps returning a 400 status code.
So far this is what I've ...
user303027
0
votes
1
answer
117
views
GTK and 4 way handshake
GTK is transferred at 3 message.
https://www.wifi-professionals.com/2019/01/4-way-handshake
What is for GTK key in 4 way handshake while PTK exists?
- 1
2
votes
1
answer
1k
views
Using Hydra on a NTLM authentication
I'm learning Active Directory attacks and in one of the labs we are given the example of gaining the initial foothold in an AD system via NetNTLM by performing a password spraying attack. For the ...
- 531
1
vote
0
answers
31
views
Hydra returning all credentials as valid [duplicate]
I am setting up a brute-force with hydra, and receiving valid responses for almost all requests from passwords list. But on the web form I am still getting an error that credentials are wrong. What am ...
- 11
0
votes
0
answers
1k
views
How can I understand the zip2john hash format?
I had a .zip file that was apparently encrypted with AES-256 deflate.
7z l -slt archive.zip | grep Method
Method = AES-256 Deflate
Then I used zip2john to get a "hash" out of it:
archive....
- 101
0
votes
1
answer
243
views
Does 7z or RAR5 offer better resistance to brute force attacks?
Does 7z or RAR5 offer better resistance to brute force attacks?
- 1
-2
votes
1
answer
839
views
Is it possible to bruteforce SHA256? [duplicate]
SHA256, 64 characters using only 0-9 or lowercase a-f
Making 1.15792089E+77 total possible combinations. Is it possible to crack the input for its given hash?
- 1
1
vote
0
answers
2k
views
How to crack KeePass database when knowing the first part of the master password [duplicate]
I have a KeePass 2.47 database which is protected with a master password and a key file.
I managed to lose the 2nd part of my master password. So, I have access to the database, the key file and the ...
- 111
0
votes
1
answer
431
views
What's stopping attackers from brute forcing SSH passwords over new sessions?
I know that when you attempt to log in to a device via SSH, upon inputting an incorrect password, you must wait several seconds before you get another attempt. This is obviously a deterrent against ...
- 246
0
votes
1
answer
1k
views
LUKS brute force risk?
If a person finds an old hard drive that was partially overwritten and let's say 1GB of that wasn't and was formerly used for part of a LUKS encrypted partition, what is the risk that such data, which ...
- 1
0
votes
0
answers
176
views
Brute force copy of PKI root certificates
If an attacker wants to create a phishing website with a fake TLS certificate, to my noob mind, there is a way to do this:
Create the fake website certificate
Create the hash for this certificate
...
- 51
1
vote
1
answer
13k
views
Why hydra showing this error [ERROR] could not connect to ssh://192.168.0.1:22?
I am using hydra to bruteforce my router admin page. By scanning with nmap it is showing port 22 ssh is open and when i use medusa it is bruteforcing properly but with hydra i am using this command :
...
- 11
1
vote
0
answers
3k
views
Hydra brute force ssh usernames with given RSA key
On a machine supporting ssh, an RSA key is given but no username.
My idea was brute-forcing the SSH username with Hydra but I didn't find any option to give the RSA key to Hydra.
Is it possible to ...
- 1,025
1
vote
1
answer
296
views
Unlisted directory discovery of a web server without using bruteforce attacks
Some creator I support on SubscribeStar hosts their files on a dedicated AWS web storage server of theirs and the names are easily accessible and sometimes guessable without any kind of security or ...
- 111
3
votes
1
answer
5k
views
Why does Hydra SMB attack not work while Metasploit does?
I'm learning about password attacks, and doing TryHackMe labs.
User: penny
Pass: leo1234
When using Hydra to find the password for the SMB user, I get no valid results:
I know the valid password is ...
- 33
0
votes
0
answers
7
views
Server directory bruteforcing [duplicate]
Recently I saw hundreds of strange requests from different ip addresses in my server logs.
These requests were trying to bruteforce directories for example:
GET /admin/admin.php 404
GET /admin/...
- 1
-1
votes
1
answer
878
views
Why I can´t access my -u and -s flag in Gobuster [closed]
I was trying to use the gobuster tool but I came across this error that I can't find an answer no matter how much I search. How am I supposed to be able to use these two flags with gobuster?
──(kali㉿...
0
votes
1
answer
850
views
How long would this take to bruteforce?
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Having inspected the source code ...
- 713
0
votes
1
answer
110
views
Does this implementation of 2FA expose valid credentials?
I have come across scenarios where a website would send OTP once a user has supplied valid username/password. A confirmation dialog e.g. An OTP has been sent to your registered mobile number would be ...
- 305
5
votes
5
answers
6k
views
Randomly generated secrets: encoding the random bytes in base64 vs keeping them
Today this came to my attention.
When generating random secrets for e.g. JWT (in node.js the most common way is using the crypto.randomBytes() method), I have noticed a lot of people save these tokens ...
- 169
1
vote
1
answer
2k
views
Brute-Forcing DVWA login page with hydra - csrf incorrect
I'm learning how to use hydra, but I found a problem.
When I run the following script, I get a CSRF token error. Apparently, the problem is that the token received in CURL is different from the one in ...
- 13
0
votes
1
answer
4k
views
John The Ripper succedeed in finding password without printing it
Some days ago I tried to found the password of a file encrypted with AxCrypt 1.x.
I tried John The Ripper and HashCat, but for unknown reason with the last one I failed, and I will open a new thread ...
user285664
3
votes
2
answers
2k
views
Brute forcing lost password for PGP encrypted file (symmetric)
I have a file I encrypted with PGP in 2003. It contains some personal data I'd like to regain access to. I have vague idea of the password, but not enough to successfully guess; but I know its ...
- 31
1
vote
0
answers
271
views
"john --format=axcrypt" is not returning results
I would like to open a mysterious old file that I found on my Hard Disk, the contents of which I do not know nor can I guess from its name (PB-mp4-rar.axx).
The file was password-protected with the ...
user285664
4
votes
1
answer
1k
views
Is brute force for SSH similar to cracking WPA2 handshake?
I heard recently that WPA2 passwords can be brute forced if somebody captures handshake (which is not very difficult). Can somebody tell if a similar method exists for cracking SSH traffic? I mean ...
- 143
1
vote
1
answer
268
views
Is it secure to expose a salted bcrypt hash IF it is maximum length random secure password?
Is it secure to expose a salted bcrypt hash (minimum 14 cost) if the used password is 72 characters (maximum) byte long, randomly generated letters, numbers, and special characters using secure ...
- 13
2
votes
3
answers
407
views
Best way to bruteforce a list of hashed integers?
I have a list of hashes, I need to find the original value of any of them.
So far I know that the hashes are only numbers of length 30. The format should be something like ...
- 23
2
votes
0
answers
183
views
How to configure Windows Server 2012 Firewall to block this bot attack?
My Windows logs are flooded with what looks like a brute force attack on my machine. I want to be able to block these ports from the outside, but I'm not certain what service this is and what port ...
- 121