|
|
The theory behind such an attack is that if you make an infinite number of attempts to guess the password, you will eventually succeed in finding the correct password. In this type of attack, which is mostly carried out on a large scale, the attacker aims to gain access to a user account by trying to guess the username/email and password. Usually, the main motivation for an attack is to steal sensitive data, shut down the system, or a combination of the three. There are many tools readily available for hackers to perform brute force. These attacks are easy to execute, depending on the length and nature of the password and the computing power used, attacks can take days, weeks or even years to succeed. Before going into how to detect and prevent attacks, you should know some other terms that may be related to this topic.
Mask brute force attacks Considering the length of the brute force process, if the hacker knows the phone numbers list number of characters or part of the password, this method is considered the most efficient way. For example, the hacker knows that the password chosen by the user starts with passwords and quickly checks the range of Password000 to Password999 with the available tools. Due to the flexibility of this type of attack, any pain and character that the hacker gives possible can be checked . Combination brute force attacks In this method, the hacker uses two dictionaries at the same time and combines and tests the terms of each dictionary by considering signs, spaces, etc. Certainly, in this method, the hacker has more choice and the use of character range is very flexible. Hybrid brute force attacks This method is one of the most common forms of brute force and uses a list of words in a dictionary for passwords. There are other types of attacks that use a list of common passwords.
For example, if your password is "password", a bot can guess your password in seconds. Some server managers think that if they use a number after their name, the security of the server is guaranteed, while if it doesn't work, the hacker tries to use the dictionary method and a certain number range and combination. Signs and symbols continue to check the correctness of passwords. Reverse brute force attack In this method, the hacker does not target a specific username, but uses a common password group or a specified password for a wide range of users on his list. This method is used a lot when a site or service has many users and thus targets them. Credential stuffing In this method, the hacker uses the breached username and password pairs. In this way, if a username and password is detected by a hacker, he uses it to access other sites and user panels.
|
|
發表於 2024-2-18 17:45:06