Cain & Abel - Step 5: Brute Force Attack
A free video tutorial from Muharrem AYDIN
Computer Engineer, Ethical Hacking, Cyber Security Expert
4.5 instructor rating • 27 courses • 61,493 students
Learn more from the full courseEthical Hacking with Metasploit: Exploit & Post Exploit
Learn Ethical Hacking from scratch with Metasploit , exploit vulnerabilities and become a white hat hacker
05:14:43 of on-demand video • Updated May 2021
- You will become an expert in using Metasploit for ethical hacking and network security.
- Set up a lab environment to practice hacking
- Install Kali Linux - a penetration testing operating system
- Install Windows & vulnerable operating systems as virtual machines for testing
- Learn Linux commands and how to interact with the terminal
- Discover vulnerable applications
- Vulnerability scanning, Exploit, Post Exploit, Payload
- Gain control over computer systems using server side attacks
- Exploit vulnerabilities to gain control over systems
- Gathering password hashes, cracking passwords, taking screenshots, logging keystrokes etc.
- Using backdoors to persist on the victim machine
- The very latest up-to-date information and methods
- During the course you will learn both the theory and how to step by step setup each method
- Social Engineering Toolkit (SET) for Phishing
English So in the previous lecture we couldn't crack the password of the user 'siberlab'. So let's try to crack it with the Brute-Force attack. Brute-Force attack means a lot of time because it tries all the possibility. So if you choose the correct character set, the success rate of cracking a password by Brute-Force attack is theoretically 100 percent. But how long will it take. If the password length is more than 8 it will take months years or thousands of years to try all the password possibilities for any ordinary computer. So as you see in the table the LM password is not empty for siberlab. A tip here, the hash of an empty password starts with AAD and ends with 4EE. Look at the LM hash of the Guest User. Split the hash into two identical parts. You'll see two hashes that start with AAD and end with 4EE. As I mentioned before, the LM method splits the password into two seven character passwords and then takes the hash which means we have to crack to seven character passwords. Well fair enough. LM method converts a password to all caps so the character set is not so big. We can crack an LM hash in an acceptable time interval. So right click on the siberlab line and Brute-Force attack select LM hashes. The Brute-Force attack window is a bit different from the dictionary attack window, as expected no dictionary list now. Instead we have a character set combo box. The default character set or just uppercase letters and numbers. No alphanumeric characters in the set. So to keep the demo fast let's just go with the set. It says two hash is loaded and as you know the hash value is split into two identical parts. On the upper right hand corner we can choose the minimum and the maximum length of the passwords. For LM method, max length for the password is 7. So this configuration is perfect. Now I press the Start button to start the attack. Wow! It found the value of one of the hashes in milliseconds. So let's look at the hash file. Yeah it's the second part. So that means that the password ends with Q. I think the password of a siberlab user is the same with the passwords of the administrator except the '.' at the end. But we'll see. So let's look at the key rate. Cain tries more than 10 million passwords in a second. Now that's pretty fast. In the time left frame we can see that the trying all possible passwords will take about two hours, unless Cain cracks it. So let the Cain run for a while. All right. And we're back. It took more than an hour and here's the result. We're lucky because no alphanumeric character is in the password and we succeeded to crack it. The first part is 1234QQQ.