Opacity: zIndex: Get 100000 0FP0EXP Token to input your own list (json format) or insert json link:

Get 80000 0FP0EXP Token to input your own list (json format) or insert json link:

My Playlist:

JSON Ready: Not Ready

Ready State:

Network State:

Name:

Album:

Reference:

Background Color

General HTML background color:

Header background color:

Menu background color:

Content background color:

Widget background color:

Footer background color:

Font Size

Get 150000 0FP0EXP Token to unlock this feature.

Heading 1 font size:

Heading 2 font size:

Heading 3 font size:

Heading 4 font size:

Heading 5 font size:

Heading 6 font size:

Header font size:

Header Widget font size:

Menu font size:

Widget font size:

Footer font size:

Content font size:

Font Color

Get 200000 0FP0EXP Token to unlock this feature.

Heading 1 font color:

Heading 2 font color:

Heading 3 font color:

Heading 4 font color:

Heading 5 font color:

Heading 6 font color:

Header font color:

Header Widget font color:

Menu font color:

Widget font color:

Footer font color:

Content font color:

Font Shadow

Get 250000 0FP0EXP Token to unlock this feature.

Heading 1 font shadow:

Heading 2 font shadow:

Heading 3 font shadow:

Heading 4 font shadow:

Heading 5 font shadow:

Heading 6 font shadow:

Header font shadow:

Header Widget font shadow:

Menu font shadow:

Widget font shadow:

Footer font shadow:

Content font shadow:

Other Styles Coming Soon



Source Code

Click the above image for basic sourced and click following button for processing token source code.

Ethereum Virtual Machine

Ethereum and EVM (ETC, BSC, AVAX-C-Chain, Polygon, etc).

Telegram Open Network

Telegram Open Network (TON) decentralized application.

Solana

Solana decentralized application.

Tron

Tron decentralized application.

Near

Near decentralized application.

Wax

Wax decentralized application.

Myalgo

Myalgo wallet for Algorand decentralized application.

Sync2

Sync2 wallet for Vechain decentralized application.

Scatter

Scatter wallet for EOS decentralized application.

Ontology

Ontology decentralized application.

Rabbet

Rabbet wallet for Stellar Lumen decentralized application.

Freighter

Freighter wallet for Stellar Lumen decentralized application.

Hivesigner

Hive Signer for Hive decentralized application.

Hivekeychain

Hive Key Chain for Hive decentralized application.

Zilpay

Zilpay wallet for Zilliqa decentralized application.

Neoline N2

Neoline wallet for Neo N2 decentralized application.

Neoline N3

Neoline wallet for Neo N3 decentralized application.

Keplr

Keplr wallet for Cosmos and other decentralized application.

Keeper

Keeper wallet for Waves decentralized application.

IWallet

IWallet for IOST decentralized application.

Simple Password Bruteforce Demonstration Using Hydra

Get 60 0FP0EXP Token to remove widget entirely!

source code



source code
old source code

get any 0FP0EXP Token to automatically turn off or 10 0FP0EXP Token to remove this JavaScript Mining.

Get 50000 0FP0EXP Token to remove my NFTS advertisements!

Get 40000 0FP0EXP Token to remove this donation notification!

get 30000 0FP0EXP Token to remove this paypal donation.

View My Stats

Need referral links?

get 20000 0FP0EXP Token to remove my personal ADS.

word number: 875

Time: 2024-06-16 04:28:44 +0000

Background

Have you ever forgotten your pin for your baggage then search on Youtube? Generally they advice “set everything to 000, try to click the lock, turn to 001, try to click the lock again, keep doing this until 009, then try 010, try to click the lock, turn to 011, try to click the lock again, keep doing this until 019, then try 020, repeat and eventually you will open the lock”. Wait a minute isn’t the same as trying every combination from 000-999? That is just brute force! What a spin around just to get views!

Figure 0. three numerical pins for luggage lock.jpg

Figure 0. three numerical pins for luggage lock.

Story aside, in this article I will introduce you to a simple demonstration of brute forcing a password using Hydra on Linux. This is no advance tutorial but only to give people who never heard of brute force illustration. I can define password brute forcing in just one sentence which is trying every single character combination to crack a password.

Program Concept

As a human is a heavy labor, which is why we create programs to do them for us. The application or programming concept is actually simple.

  1. Generate a dictionary of possible combinations.
  2. Inject those combinations in account login interfaces.

The previous two steps are the basics and enough to run as an application. The next steps are the complicated ones because system nowadays became smarter in detecting and handling brute force. For example, you have limited tries and the account will be lock for certain duration or even permanent or you can be blacklisted. Like the cat and mouse game, the brute force application must be adapted every time to the existing defense system. As I wrote that this article is simple demonstration only, so I will not dive into these complicated and adaptive parts.

Hydra Demonstration

It was a long time ago before 2015 that I was interested in penetration testing tools and operating systems. Back then I was using Backtrack, now it is Kali Linux, then there is Parrot OS. Back then I wrote an article about brute force demonstration using Hydra tool which was eventually lost. Now, I found the screenshot backups and decided to rewrote again. The demonstration is brute forcing my own test server where I activated telnet service for login. The brute force is on both username and password.

Figure 1. example of a very simple username dictionary.png

Figure 1. example of a very simple username dictionary. The first thing you need is a dictionary. It is just collection of words in form of a file. I put the correct username amongs those words.

Figure 2. example of a very simple password dictionary.png

Figure 2. example of a very simple password dictionary. I decide to separate the username and password dictionary, but you can put them in one file if you want. I put the correct password amongs those words.

Figure 3. scanning server with NMAP.png

Figure 3. scanning server with NMAP. Before the exploitation phase is the scanning phase and here is just to show that the telnet port is open on port 23.

Figure 4. hydra gui is available on Backtrack 5.png

Figure 4. hydra gui is available on Backtrack 5. The menu is in BackTrack > Privilege Escalation > Password Attacks > Online Attacks > hydra-gtk. If you don’t have Hydra, try getting one from your package manager or go to its Github.

Figure 5. hydra command line help.png

Figure 5. hydra command line help. I prefer to use the command line. Type “Hydra” or “Hydra –help” to show the help texts.

Beyond this is at your own risk if targeting other’s server because it will be count as a hacking attempt. Get permission for penetration testing or do only on your own servers.

Figure 6. hydra brute force execution.png

Figure 6. hydra brute force execution. Based on the help texts on Figure 5 the “-L” points to the username dictionary, “-P” points to the password dictionary, “-F” to stop when successful, “-V” for verbose, then followed by the server’s IP address and service. After trying possible combinations username “purnama” and password “testhack” is found as a matching pair.

Figure 7. telnet to server.png

Figure 7. telnet to server and here I laughed because I just remembered that I was trying to brute force my own Windows desktop many years ago.

Final Notes

If you follow the process completely you will realize how resource consuming it is to perform a brute force. Which is why among all exploitation method, brute force is the last resort. A dictionary can size to over many gigabytes and to try all of the combinations, you need a fast network and computing power. Lastly, now you now that accounts can be brute forced, it is important to have a strong password.

Mirror