|sanket_rocker||Date: Sunday, 2012-01-29, 12:40 PM | Message # 1|
Hacking Tool: Brutus
Brutus is an online or remote password cracker. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. It is used primarily in two ways:
To obtain the valid access tokens for a particular user on a particular target.
To obtain any valid access tokens on a particular target where only target penetration is required.
Brutus does very weak target verification before starting; in fact all it does is connect to the target on the specified port. In the context of Brutus, the target usually provides a service that allows a remote client to authenticate against the target using client supplied credentials. The user can define the form structure to Brutus of any given HTML form. This will include the various form fields, any cookies to be submitted in requests, the HTTP referrer field to send (if any) and of course the authentication response strings that Brutus uses to determine the outcome of an authentication attempt.
If Brutus can successfully read forms of the fetched HTML page then each form will be interpreted and the relevant fields for each form will be displayed. Any cookies received during the request will also be logged here. Brutus handles each authentication attempt as a series of stages, as each stage is completed the authentication attempt is progressed until either a positive or negative authentication result is returned at which point Brutus can either disconnect and retry or loop back to some stage within the authentication sequence.
Brutus is a generic password guessing tool that cracks various authentication.
Brutus can perform both dictionary attacks and brute-force attacks where passwords are randomly generated from a given character.
Brutus can crack the following authentication types:
HTTP (Basic authentication, HTML Form/CGI); POP3; FTP; SMB; Telnet
Available for users only
Message edited by sanket_rocker - Sunday, 2012-01-29, 12:42 PM