Tools and Commands for Brute Force Attacks

Hello, world. I’m Zanidd. And welcome back to the Hands On Password Cracking and Security course. In this video, we’re going to discuss the tools and commands for brute force attacks. There are multiple tools we can use to perform a brute force attack. We can even do it manually. Hashcat is a GPU optimized password cracker. But since we’re working in a VM, we will use john the ripper Also, we already know john the ripper from the first section. And it gives us the possibility to configure it to our needs. But why and what should we configure? The why part is easily answered.

As we saw in the last lesson, we can reduce the time it takes to break the password with some information about its structure. We can configure John to use that information. So what can we configure? We can set the passwords length and what type of character’s he used. The john incremental mode, which we used in the first section to crack our first password, can be run in different modes. By default, john will offer you four modes - all, alpha, digits, and alnum. They all try password lengths from 1 to 8 but with different characters. All will try all ASCII characters and is used by default. Alpha will try all lowercase letters from a to z.

Digits will try all numbers from 0 to 9, which is perfect for credit card pins. And alnum combines alpha and digits modes. But john also offers us the option to create custom modes. This can be useful if we want to try other characters and lengths then with the four modes that come with john. We can add custom modes to the /etc/john/john.conf file. Let’s say we want to try passwords with the links from 1 to 9 and lowercase letters. But the default mode alpha only tries passwords with lengths from 1 to 8. We can make our custom mode for that. The name in the brackets tells john that this is a mode for the incremental mode with the name Lower19.

Here is an example of such a configuration for a custom mode. The mode will be called Lower19 and is used in the incremental mode. The name in the brackets tell john that this is a mode for the incremental mode with the name Lower19. File is the character file that this mode will use. John comes with a bunch of different character files. In this configuration, we’re going to use the lower file, which contains all lowercase letters. Min and MaxLen are the minimum and maximum length of the passwords. And CharCount is the amount of characters that should be used. Here it’s 26 since the alphabet only contains 26 letters.

Now that we know how to configure john we will break a weak password using a configuration in the next lesson.