Brute force (derived from the English phrase: brute force) is a type of hacker attack - a method of hacking accounts in computer systems, payment/banking services and websites through the automated selection of password and login combinations.

Brute force is based on the mathematical method of the same name (brute force), in which the correct solution - a finite number or symbolic combination - is found by searching through various options. In fact, each value from a given set of potential answers (solutions) is checked for correctness.

How brute force works

A hacker writes a special program for guessing passwords or uses a ready-made solution from his colleagues. It can be targeted at a specific email service, website, social network (i.e., it is intended for hacking a specific resource). Next, preparations for hacking are carried out. It consists of the following stages:

1. Preparation of a proxy list

In order to hide the true IP address of the computer from which the attack will be carried out, and to prevent blocking from the site where the account needs to be hacked, an Internet connection is configured through a proxy server.

The search for proxy addresses/ports is carried out in the Proxy Grabber. This utility independently retrieves all the data for connecting to intermediary servers from sites that provide proxies (they are specified in the list). In other words, a proxy is collected.

The resulting database is saved in a separate text file. And then all the server addresses contained in it are checked for functionality in the proxy checker. Quite often, programs designed for automated proxy mining combine the functions of both a grabber and a checker.

As a result, you get a ready-made proxy list in the form of a list of IP/port, saved in a txt file. (You will need it when setting up the brute force program).

1. Search for bases for Brute

You need to connect a dictionary to brute force - a certain set of combinations of passwords and logins - which it will substitute in the login form. It, like the proxy list, has the form of a list in a regular text file (.txt). Dictionaries, also known as databases, are distributed through hacker forums, websites and file hosting services. More experienced “craftsmen” create them on their own and provide them to everyone for a fee. The larger the base (number of combinations, logins, accounts), the better (for the hacker) - the greater the likelihood of hacking success.

1. Setting up brute force

The proxy list is loaded; the selection program will automatically change the proxy so that the web server does not detect the attack and, accordingly, the source (host) of the attack.

A dictionary of password/login combinations is connected. The number of threads is set - how many combinations brute force will check at the same time. A powerful computer with high Internet speed can confidently handle 120-200 streams (this is the optimal value). The speed of the brute directly depends on this setting. For example, if you set only 10 threads, the selection will be very slow.

1. Running brute force

The program records successful hacking attempts: it saves the linked accounts (password/login) to a file. The duration of the selection procedure ranges from several hours to several days. However, it is not always effective due to the high cryptographic strength of the login data or the implementation of other protective measures by the attacker.

Types of brute force

Personal hacking

Hunting for a specific account - on a social network, on an email service, etc. Through or in the process of virtual communication, the attacker extracts from the victim a login to access a website. Then he cracks the password using brute force methods: he uses brute force to indicate the address of the web resource and the obtained login, and connects the dictionary.

The chances of such a hack are small, for example, compared to the same XSS attack. It can be successful if the account owner used a password of 6-7 characters with a simple symbol combination. Otherwise, “solving” more stable variants of 12, 15, 20 letters, numbers and special characters will take years - tens and hundreds of years, based on the calculations of the mathematical search formula.

Brut/check

A database with logins/passwords from mailboxes of one mail service (for example, mail.ru) or different ones is connected to brute force. And a proxy list - to mask the node (since email web services quickly detect an attack based on multiple requests from one IP address).

The brute's options indicate a list of keywords (usually site names) - landmarks by which he will search for login information on hacked mailboxes (for example: steampowered, worldoftanks, 4game, VK). Or a specific Internet resource.

When registering in an online game, social network or forum, a user, as expected, indicates his email (mailbox). The web service sends a message to the specified address with login information and a link to confirm registration. It is these letters that brute force is looking for in order to extract logins and passwords from them.

Click “START” and the cracking program begins brute force. It operates according to the following algorithm:

1. Loads the login/password for the email from the database.
2. Checks access, or “checks” (automatically logs in): if it is possible to log into the account, it adds one in the good column (this means another work email has been found) and begins to view it (see the following points); if there is no access, it is listed as bad.
3. In all “beeps” (open emails), brute force scans letters according to the request specified by the hacker - that is, it looks for logins/passwords to the specified sites and payment systems.
4. When the required data is found, it copies it and writes it into a separate file.

Thus, a massive “hijacking” of accounts occurs – from tens to hundreds. The attacker disposes of the obtained “trophies” at his own discretion - sale, exchange, data collection, theft of money.

Remote computer hacking

Brute force, in conjunction with other hacker utilities, is used to gain remote access to a password-protected victim’s PC via an Internet channel.

This type of attack consists of the following stages:

1. A search is performed for IP networks in which the attack on user computers will be carried out. Address ranges are taken from special databases or through special programs, such as IP Geo. In it you can select IP networks for a specific district, region, and even city.
2. Selected IP ranges and selection dictionaries are set in the settings of the Lamescan brute force (or its analogue), intended for remote brute force login/password. Once launched, Lamescan does the following:

• makes a connection to each IP from a given range;
• after establishing a connection, it tries to connect to the host (PC) via port 4899 (but there may be other options);
• if the port is open: tries to gain access to the system, when prompted for a password, performs guessing; if successful, it saves the IP address of the host (computer) and login information in its database.

1. The hacker launches the Radmin utility, designed to manage remote PCs. Sets the victim’s network coordinates (IP, login and password) and gains full control over the system - the desktop (displayed visually on the display of the attacker’s computer), file directories, settings.

Programs for Brutus

Classic brute force, one of the very first. However, it does not lose its relevance and competes with new solutions. It has a fast brute force algorithm and supports all major Internet protocols - TCP/IP, POP3, HTTP, etc. It can forge cookies. Brutes the dictionary and generates passwords independently.

Powerful brute checker. Equipped with an expanded arsenal of functions for working with databases (checking, sorting by domain). Supports various types of proxies and checks their functionality. Scans letters in mailboxes based on settings such as date, keyword, address, unread messages. Can download letters from Mail.ru and Yandex.

Appnimi Password Unlocker

A program for brute-forcing a password for a file on a local computer. A sort of workhorse. The free version of the program allows you to select passwords of no more than 5 characters. You can read about how to install and use Appnimi Password Unlocker

Each member of the ][ team has their own preferences regarding software and utilities for
pen test. After consulting, we found out that the choice varies so much that it is possible
create a real gentleman's set of proven programs. That's it
decided. In order not to make a hodgepodge, we divided the entire list into topics - and in
This time we’ll touch on utilities for guessing passwords for various services.

Brutus AET2

Platform: Windows

The last release of the program was in 2000. Toolza has not had an official one for a long time
site. But at the same time Brutus AET2 is still one of the fastest and
advanced brute forcers for basic Internet protocols. If you need to pick
password for HTTP (on those pages where authorization by
login/password), arbitrary web service with authorization through a form, email
account, file or Telnet server, know: Brutus- an excellent option.

In general, to select a password, you need to specify the host and port of the service, select
protocol, set the number of threads used (maximum 60), and
time-out. For anonymity purposes, you can connect SOX or a proxy. Depending on the
The protocol also specifies a number of additional parameters. For example, to select
password on some site (brute force type - HTTP Form), you must specify the method
(POST or GET), specify form parameters (Brtus has a built-in simple tool
to analyze them), and if necessary, fake cookies by enabling
the corresponding option.

Selection is carried out in two ways: according to the dictionary, and the program has
several built-in utilities for working with large lists of passwords, or with
using stupidly generated passwords. In the latter case it is necessary
designate the symbols that will be used to compose the pass.

Program features:

Support for working with proxies. Firstly, this functionality allows you to select the necessary passwords in several threads, without fear of VK’s protective functionality against actions of this kind.

Secondly, the program has its own proxy checker. The operating algorithm of this checker is extremely simple, but at the same time it allows us to fully guarantee the selection of truly efficient proxies with the required timeout. The program alternately tries to log in to VK using each proxy. Those proxies that have passed the test are considered good. There is no doubt that the program will work with them with a bang.

By the way, authorization on VKontakte is required to check proxies. If for some reason (and who knows, maybe we steal your password :)) you don’t want to use your own account, just register a temporary one for the first time. And then, as you understand, VKFucker owners never have difficulty finding fraudulent accounts;) In addition, there are several more functions where authorization is offered as an option. The fact is that VKontakte is much more loyal to authorized requests. This provides both a reduction in the necessary pauses between requests and access to that part of the information that is not available to unregistered users.

Multithreading support.

This allows you to speed up the search process by 20 times or more (the speed significantly depends on the response speed of your proxies and the speed of your Internet connection). These aspects are detailed in the user manual.

Search VKontakte e-mail by id.

For many people, one of the most difficult tasks is to find out the login for a brute. The latest version implements a beta version of searching for an e-mail login by VKontakte account id. The key word here is beta. So far the program successfully finds somewhere around 70-75% of addresses. So, we cannot yet guarantee the full functionality of this function. However, further work on this feature is our priority goal.

Extra dictionaries!

However, the highlight of this program is that it comes with a set of special dictionaries. These dictionaries have been collected and formed over the past year. They were obtained based on decrypting a large number of hashes from the databases of large Runet sites. Speaking at the everyday level, probably the person whose password you are trying to find out was probably registered on one of those sites whose passwords are already in our database. Surely you, reading these lines, have to constantly download something from various Varezniks, most of which use broken, leaky DLE, and you probably had to register with many of them, like many millions of other RuNet users. Now think about how many users carry their password across all services at once. In our experience, using these databases it is possible to guess more than 87% of passwords within 36 hours.

Of course, it may turn out that the password you are looking for is not in the list, or with your Internet connection speed it will take a little longer than ours. But the order of the numbers is the same in any case.

To purchase this product you need:

Option 1. More convenient and faster.
1). Download the program from the link at the end.
2). Use it immediately after launch.
Cost – I all know that Happy software is never paid for, this software is no exception.

Option 2. More complex (for labor crackers)
1). Download the archive from the link at the end
2). according to the crack of this brute
3). Repeat what was described in my article
4). Use your own broken software.
The cost of the option is 10 minutes of time.

If suddenly you come across a tempting description somewhere - Hacked VKFucker - know that this is a scam. At best, you will end up with an archive full of garbage and possibly viruses. And it's good if it's free. The same applies to the trial period of the program. The program's operating time is tracked on the server, so it is useless to change the clock in your Windows or BIOS. It won't help.

Unfortunately, I just disproved this theory. Proofs below.

Yes, it exists. Generally speaking, there are many such programs.

And we are against such programs.

But since there is some demand for such programs, let’s look at which of them are “relatively” legal, and which ones are better not to use at all.
Initially, from the very creation of VKontakte, there were, for example, programs such as brute force applications.
Such programs are engaged in searching all the passwords that exist. For this, both conventional step-by-step algorithms and so-called algorithms are used. Rainbow tables in which the values ​​are scattered randomly according to the best distribution - according to the authors of the latest programs, random distribution can reduce the time of searching for a password, because the search will not start from the very beginning, but randomly, and on average the path to the desired letter will be shorter.
We do not recommend using brute force programs at all. There are a variety of programs for hacking VKontakte, and therefore it is better not to use crude “breaking into” a page; besides, the user himself may suspect something and delete the page, create another one, or change its address. And besides, The VK administration will block you by IP and may begin legal proceedings for attacking login servers and violating their stability, as well as attempting to penetrate someone else’s correspondence.

So, programs for hacking VKontakte using brute force are illegal. What others are there?

In general, you will always have time to download the VKontakte hacking program for free. There really are a lot of them. Let's look at what legal ways there are to penetrate someone else's page.
First of all, these are applications. Applications have a wealth of information about the user. Typically, users do not read the prompts that are presented before launching the application. And there the application is given full access to personal data, the list of friends, the wall, and so on. Personal messages, of course, remain unknown to the application, but Knowing the colossal amount of personal information previously hidden behind privacy settings, you can carry out scams in the field of social engineering and engage in “luring” information about the user from his closest friends.
However, this is not entirely legal - problems may arise due to the fact that if the user guesses that it was the application that “leaked” the data, then he, of course, will file a complaint against it, and the application will be blocked. In general, the method is good, but quickly falls under suspicion. Yes and making an application is still a hassle.
Go ahead.

Where can I normally download a program for hacking VKontakte pages that will be legal?

First of all, let's be clear - we are only satisfied with social engineering. Basically, if used properly, social engineering will help us extract all the data we need from a user without hacking their page. Although you can also get full access to the page.
So, what social programs are there for hacking VKontakte that you can download for free?
First of all, it is worth noting the Brobot bot.
Using it for hacking, of course, is a rather strange method of controlling this program, but in principle, The functionality there is necessary and sufficient for hacking.
We can “pit” the bot against the user himself, against his friends, using the capabilities of adding friends and personal correspondence. Let's connect bot III for conversations, setting it to the most friendly tone. And after that, you can already reap the benefits by learning a lot of interesting things about the user in the history of correspondence that Brobot saved.
After this you can send the user, for example, keylogger and catch what he writes to other users– in fact, after this you won’t have to download special programs for hacking VKontakte. It will be enough just to monitor the user. However, you can also do without a keylogger!

How can VKontakte hacking programs like Brobot help us?

First of all, let's be clear about what Brobot does not hack pages. All our activities are absolutely legal, no one can sue us, no one can block us - everything is absolutely fair (to the extent that we need it).
We simply, in fact, create several pages (It is better to immediately buy unlimited, this is guaranteed to increase the volume of information extracted), and from them we already communicate with the user, which allows us to find out his attitude towards a variety of personalities, as well as get a portrait of himself, his friends, his relatives, and so on - and this is, in essence, what we need. And in the future you can perform even more interesting and complex actions, and here everything depends on your desires and imagination.
The Brobot program will become your good assistant, and the Brobot support team, available almost around the clock, will answer all your technical questions.