Brute-force (brute-force attack) is a method for solving mathematical problems, the complexity of which depends on the number of all possible solutions. The term brute-force itself is usually used in the context of hacker attacks, when an attacker tries to guess a login/password for an account or service.
Let's look at the tools that can be used to perform brute-force attacks on SSH and WEB services available in Kali Linux (Patator, Medusa, Hydra, Metasploit), as well as BurpSuite.
Conclusion
In this article, we have scratched the surface of some popular tools. You can reduce the risk of password guessing by following the following recommendations:
- use passwords that are resistant to guessing;
- do not create passwords using personal information, for example: date of birth or name + date of birth or mobile phone;
- change your password regularly;
Use unique passwords for all accounts.
Few people follow such recommendations (as well as recommendations on secure web development), so it is necessary to use various software solutions that allow you to:
- limit the connection by IP address, or, if this is not possible, limit the simultaneous number of connections to the service (using iptables, nginx and others);
— use two-factor authentication;
- detect and block such attacks using SIEM, WAF or others (for example, fail2ban).