Technology, Information Technology

SolutionBase: Verify the strength of passwords with the hacker tool Brutus

Olivia Bradley0 Comments1836 Mins Read

Administrators can audit password security by learning how to use Brutus, one of the most popular password cracking tools that hackers use to compromise servers and Web sites.

If you have ever needed to break into one of your Web

sites or servers (or just wanted to see how easy it would be for a hacker to

break in) then you’re probably aware that one of the quickest ways to break in

is by guessing or cracking a password for a known username. One of the easiest

ways of doing this is with a utility such as Brutus, a remote password cracking

tool that is designed to decode a variety of password types. I’m

going to show you how to use it.

Getting Brutus

Like most hacker tools, Brutus is available for free download from the

Internet. The download consists of a small ZIP file. After downloading Brutus,

there is no installation required. You can run Brutus immediately after

downloading it by simply double-clicking the executable file (BrutusA2.exe).

Using Brutus

The user interface is shown in Figure A. Most of the options in the user interface are pretty self-explanatory. At the top, there are fields for you to input the IP address of

the system that you are trying to crack and the port number. There are also a

couple of slide bars that allow you to choose how many simultaneous connections

you want to make to the remote host and what the timeout period is for a nonresponding

connection. Both of these options are already set to optimum values and should

not be changed under most circumstances.

Figure A

The other main option in the top portion of the user

interface is a drop-down list that allows you to choose the type of crack that

you want to perform. By default, Brutus is set to perform an HTTP crack using

basic authentication. Other built-in options include HTTP (Form), FTP, POP3,

Telnet, SMB (NetBIOS), Custom, and NetBus.

The next section of the user interface changes

based on what type of crack you have selected. For example, as you can see in Figure

A, if you are performing an HTTP crack then Brutus will allow you to select the

HTTP method that you want to use (Head, Get, or Put). There is also a check box

that you can use to try to keep the session alive as you attempt to crack the

password. However, if you were to select SMB (NetBIOS) instead, the HTTP Method

and Keep Alive options disappear and are replaced by a field that allows you to

input a Windows NT domain name.

The third portion of the user interface consists of the

authentication options. This section needs a little explaining. As shown in

In Figure A, there is a Use Username checkbox. This check box exists because some

systems simply require a PIN or a password without a username. If you do

need to enter a username, then make sure that this check box is selected. The

next check box is the Single User box. Select this check box if you already

know the username for the account that you want to crack. You can then enter

the username into the text box below. In Figure A, this text box is labeled

User File, but when the Single User check box is selected, the name of the text

box changes to the User ID.

You will notice in the figure that the User File text box is

filled in with the file name USERS.TXT. USER.TXT is a file that comes with

Brutus and contains a list of several common user names such as Administrator,

Admin, and root. If this file is specified, then Brutus will attempt password

cracks against each user name specified by the file. Best of all, since the

USERS.TXT file is just a text file, you can add usernames to the file as needed.

The other half of the Authentication Options section

consists of a Pass Mode and a Pass File option. As you can see in the figure,

the default option is to use a word list. This is a standard

dictionary crack. The Pass File is set to WORDS.TXT by default. WORDS.TXT is a

text-based dictionary file. For a full-blown dictionary-based crack, this file

leaves a lot to be desired because it only has about 800 words within it.

However, there are places on the Internet where you can download more

comprehensive dictionary files. Besides, the Pass Mode option can be set to use

the word list, a brute force crack, or a combination of the two techniques.

Once all of the cracking options have been set, just click

the Start button. The progress bar at the bottom of the screen will show you

how far along Brutus is, and the text box just above the progress bar will give

you an occasional status report. The Positive Authentication-Results section

will display any passwords that you have managed to crack.

Normally, this would be the end of the story, but in this

case, there is a lot more that you need to know. When I was preparing to write

this article, I tried to use Brutus to crack some of the Web sites that I own,

but didn’t have any luck. I then tried setting up some sample Web sites on test

servers in my lab and tried again. Brutus was able to pick up on several

accounts with blank passwords, but was only able to crack two of the passwords

that I had set up to test. At first this might not sound so bad, but keep in

mind that I tested Brutus on four separate servers. I used two Windows 2000

Servers, a Windows Server 2003 machine, and a Linux system. I tried every crack

type that Brutus had to offer, and I even manually put my passwords into the

dictionary file in an effort to make sure that Brutus would have every

opportunity to decipher my passwords. In the end though, Brutus proved itself

to be ineffective.

In most of my password cracking attempts, I received a

message stating that Brutus was unable to verify the target system and to check

my connection settings. This would be a perfectly valid message if a firewall was

blocking me, but these were internal systems that I was trying to crack on my

LAN. There was no firewall to contend with. As I wondered why Brutus was so

ineffective, I noticed that the user interface showed that Brutus was released

in January of 2000. Obviously, there have been a lot of security enhancements

in the last four years. The cracking techniques that were so effective four

years ago simply don’t work today.

Before I gave up on Brutus, I went to the Web site where I

had downloaded Brutus to see if an update was available. While there were no

new versions of Brutus, I did discover that Brutus is expandable. The Web site

contains about a dozen “.BAD” files that you can download in order to

make Brutus aware of newer types of password cracks. There are .BAD files

available that will allow Brutus to crack Shiva LANRover, NNTP servers, SMTP

accounts, and Cisco consoles. Additionally, the Web site contains an example

file that you can download. This example file shows you how you can attack the

root password from the current user account within a Telnet session.

End sum

In the end, I started to get a better feel for how Brutus

really works. In doing so, my password cracking became much more effective, and

with enough patience I was able to crack most of the passwords on my system.

Most hackers and script kiddies are probably fairly adept at

using tools such as Brutus, so you should be, too. Download it and learn how to

use it. Then use it to test the ease with which your most important system can have its passwords cracked.

By Olivia Bradley

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like
Like Us
Follow Us
Subscribe Us
Follow Us