Brute Force Attack for Cracking Passwords using Cain and Abel

Hello friends, Welcome again!

We are discussing about Penetration Testing Tutorial and this article under section cracking passwords and hashes cracking.

Brute force attack with cain and abel

In my previous post Cain and Abel software for cracking hashes tutorial you have learnt about basic features or cain and abel. In the last of post I wrote about cracking passwords and how you dump NTLM hashes from local PC. After getting passwrod hashes our next task to crack password by using difference techniques, Brute Force attack one of them. In this tutorial you will learn how to perform brute force attack for cracking hashes by Cain and Abel

Brute Force Attack Definition

From Wikipedia: “In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.”

Cracking password by brute force attack using Cain and Abel:

  1. Right click on the desired user.
  2. Brute-force Attack
    Right click on the user
  3. Click on NTLM Hashes: A new window will be open, Here you need to set following things
    1. Charset: under this section there are two option first predefined charset or custom, where you can use character, numbers and sysmbles according yourself.
    2. Password length: Define minimum and maximum length of password
      brute force attack
  4. Click and start.
  5. You will get result.
    password cracked

Leave a Reply

Your email address will not be published. Required fields are marked *