Scribd Logo
Upload

Welcome to Scribd!

  • Exp 11

    Uploaded by

    bexid78084
    3 views3 pages
    SQL Injection

    Original Title

    Exp11

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SQL Injection

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views3 pages

    Exp 11

    Uploaded by

    bexid78084
    SQL Injection

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Department of Computer Engineering

    Experiment No.11

    Aim : To implement a program for password cracking by brute force attack.

    Theory:
    A brute force attack is a popular cracking method: by some accounts, brute force attacks accounted
    for five percent of confirmed security breaches. A brute force attack involves ‘guessing’ username
    and passwords to gain unauthorized access to a system. Brute force is a simple attack method and
    has a high success rate. Some attackers use applications and scripts as brute force tools. These tools
    try out numerous password combinations to bypass authentication processes. In other cases,
    attackers try to access web applications by searching for the right session ID. Attacker motivation
    may include stealing information, infecting sites with malware, or disrupting service. While some
    attackers still perform brute force attacks manually, today almost all brute force attacks today are
    performed by bots. Attackers have lists of commonly used credentials, or real user credentials,
    obtained via security breaches or the dark web. Bots systematically attack websites and try these
    lists of credentials, and notify the attacker when they gain Access.

    Types of Brute Force Attacks


    ● Simple brute force attack—uses a systematic approach to ‘guess’ that doesn’t rely on
    outside logic.
    ● Hybrid brute force attacks—starts from external logic to determine which password
    variation may be most likely to succeed, and then continues with the simple approach to
    try many possible variations.
    ● Dictionary attacks—guesses usernames or passwords using a dictionary of possible
    strings or phrases.
    ● Rainbow table attacks—a rainbow table is a precomputed table for reversing
    cryptographic hash functions. It can be used to guess a function up to a certain length
    consisting of a limited set of characters.
    Department of Computer Engineering

    ● Reverse Brute Force Attack uses a common collection of password against against many
    possible usernames.Targets a network of users for which attackers have previously
    obtained data
    ● Credential Stuffing uses previously known password username pairs try them against
    multiple websites.Exploits the fact that many users have common username and password
    across different systems
    Hydra and Other Popular Brute Security analysts use the THC client systems. Hydra
    quickly runs through a large number of password combinations, either simple brute force
    or dictionary more than 50 protocols and multiple operating systems. Hydra is an open
    platform; the security community and at modules.

    Brute force attack tools include password-cracking applications, which crack username and
    password combinations that would be extremely difficult for a person to crack on their own.
    Commonly used brute force attack tools include:

    1. Aircrack-ng: A suite of tools that assess Wi-Fi network security to monitor and export
    data and attack an organization through methods like fake access points and packet
    injection.
    2. John the Ripper: An open-source password recovery tool that supports hundreds of
    cipher and hash types, including user passwords for macOS, Unix, and Windows,
    database servers, web applications, network traffic, encrypted private keys, and
    document files.

    How to prevent bruteforce attack


    To protect your organization from brute force password hacking, enforce the use ofstrong
    passwords. Passwords should:
    ● Never use information that can be found online (like names of family members).
    ● Have as many characters as possible.
    ● Combine letters, numbers and symbol
    ● Avoid common password patterns
    Department of Computer Engineering

    ● Program :

    import random

    target_password = str(input("Enter the password you wish to test:\n"))


    password_length = len(target_password)
    characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l',
    'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
    status = "ongoing"

    def crack():
    global target_password, status, password_length
    count = 0
    while status == "ongoing":
    guess = ""
    while len(guess) < password_length:
    guess += random.choice(characters)
    if guess == target_password:
    print("Password cracked!: " + str(guess))
    status = "finished"
    count += 1
    print(str(count) + " guesses")
    break
    else:
    count += 1

    while target_password != "":


    status = "ongoing"
    crack()
    target_password = str(input("Enter the password you wish to test (or
    press enter to exit):\n"))
    Output :

    Conclusion : Thus we have implemented password cracking using brute force

    You might also like