[Query] Bruteforce Tool

swatterhat · 08-29-2016, 07:59 PM

Hi guys, I just want to pick your brains about bruteforce tools.

How effective are these Instagram/Email/Facebook Bruteforce Tools. I've seen Netflix/Hulu Bruteforce tool worked but considering Google's and Facebook security, is it advisable to use these? Has anyone been successful in using these?

Ex094 · 08-29-2016, 08:05 PM

All of em are bullshit without a good WordList tbh

pvnk · 08-30-2016, 02:15 AM

Good work list and an automated proxy and weak passwords make for a high success rate for bruteforce tools.

Wildfire · 08-30-2016, 03:36 AM

If you have an API that doesn't rate limit or alot of proxies, it's okay.

mothered · 09-03-2016, 03:04 PM

It all comes down to the complexity of the password.

If someone has a 12 character alphanumeric password, mixed with special chars with variation and not In any sequential order, set aside a few years for your bruteforce tool to "possibly" crack It (perhaps never).

Uncle · 09-03-2016, 11:11 PM

(09-03-2016, 03:04 PM)mothered Wrote: It all comes down to the complexity of the password.

If someone has a 12 character alphanumeric password, mixed with special chars with variation and not In any sequential order, set aside a few years for your bruteforce tool to "possibly" crack It (perhaps never).

yeah brute forcing a specific account as opposed to using a more powerful tool such as SentryMBA which has a lot more features to utilize anyways has many flaws, you may as well try a turboer if any still exist but those are bunk also unless you have a spare machine you can afford to run it on 24/7.

hint: crack extra RDPs/VPS

mothered · 09-04-2016, 03:31 AM

(09-03-2016, 11:11 PM)Uncle Wrote: yeah brute forcing a specific account as opposed to using a more powerful tool such as SentryMBA which has a lot more features to utilize anyways has many flaws, you may as well try a turboer if any still exist but those are bunk also unless you have a spare machine you can afford to run it on 24/7.

Agree.

The good news Is, the majority of online users are not security-minded and a complex password Is not on their list of priorities. I've compromised literally hundreds of websites (I can provide proof on request), whereby the admin's password Is only 6 chars and very easy to guess, let alone crack. That all comes down to a "password complexity requirement" not being Implement server side resulting In poor security configurations.

Ex094 · 09-04-2016, 10:48 AM

@mothered Did you use any specific word list? Or you just guessed some from the obvious ones?

mothered · 09-04-2016, 12:11 PM

(09-04-2016, 10:48 AM)Ex094 Wrote: @mothered Did you use any specific word list? Or you just guessed some from the obvious ones?

I've used word lists based on user Input generated by myself via the word list generator named "Crunch".

I'm sure you know Crunch quite well.

Ex094 · 09-04-2016, 12:12 PM

(09-04-2016, 12:11 PM)mothered Wrote:
(09-04-2016, 10:48 AM)Ex094 Wrote: @mothered Did you use any specific word list? Or you just guessed some from the obvious ones?

I've used word lists based on user Input generated by myself via the word list generator named "Crunch".

I'm sure you know Crunch quite well.

Yep, used it for some time. Quite a useful tool

[Query] Bruteforce Tool
Author Message