Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

Tools and Commands for Brute Force Attacks

In this video, watch Zanidd explore the tools and commands for brute force attacks, such as hashcat and John the Ripper.
Hello, world. I’m Zanidd. And welcome back to the Hands On Password Cracking and Security course. In this video, we’re going to discuss the tools and commands for brute force attacks. There are multiple tools we can use to perform a brute force attack. We can even do it manually. Hashcat is a GPU optimized password cracker. But since we’re working in a VM, we will use john the ripper Also, we already know john the ripper from the first section. And it gives us the possibility to configure it to our needs. But why and what should we configure? The why part is easily answered.
As we saw in the last lesson, we can reduce the time it takes to break the password with some information about its structure. We can configure John to use that information. So what can we configure? We can set the passwords length and what type of character’s he used. The john incremental mode, which we used in the first section to crack our first password, can be run in different modes. By default, john will offer you four modes - all, alpha, digits, and alnum. They all try password lengths from 1 to 8 but with different characters. All will try all ASCII characters and is used by default. Alpha will try all lowercase letters from a to z.
Digits will try all numbers from 0 to 9, which is perfect for credit card pins. And alnum combines alpha and digits modes. But john also offers us the option to create custom modes. This can be useful if we want to try other characters and lengths then with the four modes that come with john. We can add custom modes to the /etc/john/john.conf file. Let’s say we want to try passwords with the links from 1 to 9 and lowercase letters. But the default mode alpha only tries passwords with lengths from 1 to 8. We can make our custom mode for that. The name in the brackets tells john that this is a mode for the incremental mode with the name Lower19.
Here is an example of such a configuration for a custom mode. The mode will be called Lower19 and is used in the incremental mode. The name in the brackets tell john that this is a mode for the incremental mode with the name Lower19. File is the character file that this mode will use. John comes with a bunch of different character files. In this configuration, we’re going to use the lower file, which contains all lowercase letters. Min and MaxLen are the minimum and maximum length of the passwords. And CharCount is the amount of characters that should be used. Here it’s 26 since the alphabet only contains 26 letters.
Now that we know how to configure john we will break a weak password using a configuration in the next lesson.

This video will explore the tools and commands for brute force attacks.

The tools we will cover include hashcat and John the Ripper. The reasons why one would use a tool instead of opting for a manual approach are presented. What can be configured by the tool is discussed and an example is provided.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now