Hackernoon logoGreat Methods To Create A Password File To Prevent Brute-Force Attacks by@morpheuslord

Great Methods To Create A Password File To Prevent Brute-Force Attacks

Morpheuslord Hacker Noon profile picture

@morpheuslordMorpheuslord

I am an ethical hacker who learned hacking from youtube. I like to help people with the learning of necessary skills.

Brute-forcing a really important method that a hacker or a pentester must be aware of and he will use in various places.

Password files are the files which contains various passwords and random symbol combination that can be potential password to an account or an server admin login. who knows?

the main problem faced by any hacker is how to make this password file more efficient and more productive and he will be having the question that is the password i am searching for is in this file and is he using a weak password

to tackle this issue there is a logical way create a password file that has all the combinations available for it between 4-30 i am taking 4 as it is the minimum the websites will ask and 32 is the maximum anyone can remember so lets talk about various methods and there outcomes:-

PROGRAMES:-

you need to know basic python to do this and some command line knowhow see for random password generating the generators which go in a systematic order are the best like

1111,1112,1113,1114

after the last letter it goes to the next Colom and for this there are hundreds of programs u can refer or if u want u can code it on ur own

if u are a pro and u have done a complete OSINT (opensource intelligence) on your target so u can use cupp its a password generating tool in python based on opensource intelligence but the passwords may work only for one person not everyone.

Generator Requirements

the pass generator requires characters to choose the letters and take the combinations out of it the characters are

a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,1,2,3,4,5,6,7,8,9,0,!,@,#,$,%,^,&,*,(,),_,+,-,=,/,,,\,',",;,:,?,.,>,<

with special characters and all in total it comes to 91-95 if u wish to exclude some characters

to convert the output of the file to a txt file some programs will have inbuilt but if it is not there and prints out the combinations when executed then u can do this in the command prompt or terminal.

python main.py >> password.txt
Size and amount of passwords

for a perspective rockyou.txt contains 14341564 passwords and its size in the compressed state is 134mb now if we calculate how many passwords can i store in 1 mb we get

1MB=
14341564/134
=107026 PASSWORDS

1GB=1MB*1000
=107026000 PASSWORDS

but due to high compression rate which my pc offers i get 1073741824 passwords and i will consider this for the future

i am considering size of the file as the combination will give us numbers in trillions and it is difficult to understand so i am thinking the size of the file will be an accurate representation coming back to the file i am using a 32 GB pen-drive for certain reasons and at last in it i get 28 GB of storage and in that space i have my password file now if i calculate the passwords i can fit in it with the compression and all it will like this:-

1GB=107026000
28GB=107026000*14
=3006475107000 PASSWORDS

its a lot of passwords and after a lot of brain-storming i got to know the last combination was of 30 length and it was nearing the end of all combinations if i provided some more space.

PROCESSING-TIME-CONSUMED

each password cracking and brute-forcing tool have there own specific speed of password cracking i will be discussing about 5 tools they are :-

  • medusa
  • hydra
  • hatch
  • aircrack-nghashcat

MEDUSA & HYDRA

medusa and hydra are one of the fastest ssh and telnet brute-forcers it can process about 1000 passwords in an hour so if i could increase it to 2000 with better upgrades the time consumed to complete the task will be

1000 P/HR = 30064755072 HOURS = 12000 DAYS 
2000 P/HR = 1503235536 HOURS = 6000 DAYS

i guess by then u will find the password by that time :) .

HATCH

Hatch is a web-brute-forcer it can basically hack any login page and can hack into any social media accounts the nullbyte article and YouTube video it is efficient but can process about 100 passwords with an high internet speed and we can achieve that by upgrading our Wi-Fi-cards and our service providers and increase the rate to 200 per hour

100 P/HR = 300647550720 HOURS = 120000 DAYS 
200 P/HR = 15032355360 HOURS = 60000 DAYS

i recommend u to use a dedicated raspberry pi 4 8-gb ram device with a really fast sd card for this purpose only .

AIRCRACK-NG

this is a capture brute-forcing tool to brute-force handshake captured for WIFI pentesting and for an 8 gb ram device it runs at a max speed of 2000 pass per hour in 4 gb ram u can achieve an increase it by upgrading it to 4800 pass per hour then the time calculation for this will be

4800 P/SEC = 3006475536000/4800 
= 626349070 SEC = 10439151 MIN = 
173985.85 HOURS = 7249 DAYS 

yep even this takes a lot of time but i suggest the same to use a dedicated raspberry pi 4 8-gb ram for this also

HASHCAT

HASHCAT is a password cracking tool which uses GPU and CPU to fast crack password handshakes and if u use a god pc u can easily complete the whole thing within a day it complete this whole thing in a day but u need the best configs to do it like RTX-3090 graphics card and i9 extreme processor with full watercolling and 64 gb of ram and 1TB of ssd storage these are best specification for this pc .

NOTE

i suggest u have the passfile in ur pendrive as for the following reasons

  • fast
  • moble
  • efficient
  • can be used with two or more pc's

and u can find various videos in youtube on how to increase the compression rates and how to make pendrives communication fasterand these numbers are the numbers i got after i personally experienced and and roughly calculated it might not be accurate but is worth a notice

follow me

i am very active in my twitter and if u want to appreciate like this artical

Morpheuslord Hacker Noon profile picture
by Morpheuslord @morpheuslord. I am an ethical hacker who learned hacking from youtube. I like to help people with the learning of necessary skills.Read my stories

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.