A complete search (or the “brute force” method, English brute force) is a method for solving mathematical problems. Refers to a class of methods for finding solutions exhaustion of all sorts of options. The complexity of a complete search depends on the number of all possible solutions to the problem. If the solution space is very large, a complete brute force may not produce results for several years or even centuries.
Any problem from the NP class can be solved by exhaustive search. At the same time, even if the calculation of the objective function of each specific possible solution of the problem can be carried out in polynomial time, depending on the number of all possible solutions, a complete search may require exponential operating time.
In cryptography, the evaluation of the cipher strength is based on the computational complexity of complete brute force. In particular, a cipher is considered cryptographic, if there is no “hacking” method that is significantly faster than a full search of all keys. Cryptographic attacks based on the brute force method are the most versatile, but also the longest.
In English, the term “brute-force” considered in this article usually refers to the class of hacker attacks. At the same time, a more general concept, a mathematical method of exhausting all sorts of options to find a solution to the problem, corresponds to the term “Proof by exhaustion”.
In order to get a password to the site, of course, without the help of a credit card ,we need
a program that will perform a brute force, a list of logins and passwords, that is, a word list or
combo list, and to ensure anonymity and something else for something - we need a list of anonymous
proxy servers ... In order:
The general principle of the program - the program takes the address of the members of the zone,
then from the word list it takes the login-password combination, creates a request from it, sends a request
actually to the server, but it does this through a proxy server, preferably an anonymous ... Then the program
receives the server's response and analyzes it ... The purpose of the program is to screen out for us those answers that
match the correct login-password combination and save them ... This is in a primitive ... As a rule
similar programs have many additional functions that are used during operation
(change of proxy servers, execution of specified actions in case of error, different autopilots, well, etc.)
used in preparation (proxy checking, sorting of Word sheets, checking found
passwords, etc.) ... The program, of course, can send many requests at once, which reduces
time to search for a certain number of passwords, that is, your word list ... Simply speaking -
the task of the program to form requests, to ensure their quick dispatch, to maintain the correctness
and anonymity of these requests, track server responses and save the statistics we need ...
In order to do this, it was necessary for us to give the program: a word list, a proxy list, the address of the members of the zone.
Consider what it is and where to get it.
The Word List is a text file containing login options.
and their corresponding passwords ... As a rule, programs for brute force use combo sheets, which
contain the same data separated by a colon, for example:
firstname.lastname@example.org : 1937fl
and so on...
If you read from left to right all that is before the colon is the login, all that is after this is the password.
The colon is used only as a separator ...
Where do such sheets come from? They can be found in the section all about bruteforce and scan-lists, download on
other sites, compile yourself, generate the appropriate programs ... General requirements for
good Word sheets: sheets should not be too large, opinions differ, but on average it is from
1 to 10 thousand combinations (of course, if you do not intend to scan the site, for example, with a small number of
of the members and in alphabetical order, this is not going anywhere) ... There should be real passwords in the list, that is,
this sheet should be made up of actually used passwords for sites ... Of course, they should
be correctly composed (syntax), it is desirable not to have repetitions (at least
increases in this case) ... Sheets are desirable to be updated all the time, sheet productivity is often
falls with his "age" ... It's all at a minimum, but in general a lot depends on the sheet, for example
I had cases when one sheet of 30,000 did not give passwords at all, and another sheet of 1000 did not give
dozens of passwords, so make your conclusions ... Consider the ways in which Word lists are divided:
Thematic sheets are sheets that contain passwords only for sites of a certain subject, for example
fetish ... Why is it needed and what does it give? The fact is that members, that is, users who have committed
mistake in life and through his credit card bought access to porn site often
get access to several sites of interest to them, with the likelihood
that they use the same login-password combination is quite high ... Accordingly, having
Thematic Word list and using it to scan the corresponding site, we dramatically increase
your chances of finding a password, or passwords ... Thematic sheets are usually smaller in size than regular ones,
at the same time more productive, it is therefore highly recommended to collect, compile and
use such sheets.
Sheets that meet the requirements of different billing systems are sheets containing passwords that are compiled
according to the rules imposed on the user by a certain payment system ... For example, a certain system
requires that the e-mail address be used as the login and the numbers in the
Number of not less than 4 ... If we want to get a password to this site, that is, to the site on which
this billing is used, it is more logical for us to scan with such sheets, otherwise we just
we lose time and we risk not finding anything, for example, if we scan it with a sheet in which in the login
words are used, not e-mail. Requirements of different billing systems were in school.
Sheets, separated by some special features - such as with a login in the form of e-mail, or in the form of
19375843: 1054706, or containing only names, for example janet: janet, bill: bill, containing
for example, the names of players or actors ... There are lots of options, they are simply divided according to different characteristic
featured ... Why is it necessary? For example, you scanned the site and saw that among the passwords there is
combinations name: name ... It would be logical to launch a sheet with names, chances to find more passwords in this
case is more than just a sheet to scan, with different passwords and logins ...
Well, probably enough for now, as the sheets can be divided and sorted to infinity
How to make effective Word sheets? Good results are obtained by collecting passwords on the forum ...
The main reason for this is the passwords are fresh and almost all of the living, working, well, or were such
quite recently ... Collect thematic sheets on the forum - for example, collecting the sheet in the section
fetish-bdsm will give a uniquely better sheet than the one downloaded from nowhere ... Of course, such
sheets should be used for its intended purpose, that is, if it fetish-bdsm then they need to scan
similar sites, and not, for example, on the topic amateurs ... Periodically it is useful to make sheets
from the history of its program for brute force, unless of course there is something ))
In general, you need to try to update the sheets more often, it is better to collect them yourself, pay attention
on from which sheets you find more passwords, from which less ...
In any case, before you start to scan the site, you need to think about what the requirements for passwords are,
which topic and whether you have a thematic sheet such ... What password can you often find out
using, for example, a search on the forum or in Google to type the address of the members zone of the site and see
all pages containing this word (by the way, so a live password can be found) ... The best option is
This is when you thought, checked the compliance of your sheet with those passwords that are on the site,
took or made a thematic sheet, and if it is fresh and the site is not protected from brute force -
your chances of finding a password are very high ...
Proxy server list
Work through a proxy is necessary for many reasons ... To protect your loved one eg,
to preserve the vitality of the found passwords, as on some sites the password you found
will work only through a proxy, using which you found it, more precisely when entering from another
or without a proxy server, the password will immediately be blocked ... In order to deceive defensive
server programs, since on many sites no one will let you sort through passwords from one
IP addresses ... In general, you need to work through a proxy, there are many reasons for this ... The essence of the work of the proxy:
In short, we are mainly interested in the ability of the proxy to change your IP address ...
When connecting via a proxy server does not determine your IP, of course, if the proxy is anonymous ...
The address is replaced with the IP of the proxy itself, or is not determined at all ... There are a lot of subtle points,
It’s important for a beginner to know the basic proxy settings. The level of anonymity is from 1 to 5 ...
It is recommended to use only proxies with level 1 (highest) and up to level 3 ...
The rest just delete. Speed - well, everything is clear, like ... if you don’t hurry,
then do not pay attention, and if yes, remove the slow proxies ...
You can take proxy lists at school, the All about proxy and self-defense section, or you can download it from others.
sites ... You can also search for yourself, but this is not for beginners It is important to take a list of proxies
after which you need to check and filter out your servers that are not needed ... You can check,
for example, Access Diver'om ... The task is to remove not the working proxies first, then check for
anonymity and remove the proxy with a low level of anonymity, well, save it to a file
and use ... You need to know that proxies tend to die, change the level of anonymity,
change the speed ... It is necessary to check periodically, the fact of a one-time check after a few
will not say anything for hours ... I know from my humble experience that using a proxy
Level 1 and 2 I have to download a new list almost every day and check it ...
Routine of course, but otherwise it will not work ... More about the proxy can be read at school,
beginner importantly understand that you need to use a proxy, you need to check them constantly,
update their list ...
The format of the proxy sheets is a text file that contains the address of the proxy and the port that is written after the colon:
Address of members zone
Everything is simple - this is the page on which a window pops up for entering a login and password ...
You can take it by going to the site and copying the label (right-click on the members and
selecting copy shortcut) ... If the right button is blocked, you can see the address below
in the browser, hover the cursor on the appropriate link, or click on it and in the appeared
In the window, click "cancel", in this case, the url of the members of the zone most often remains in the address bar ...
The school has ready lists of member zones of sites, you can take it there ... The main thing is to give the program
the correct address, otherwise it will swear and write that there is no such address, or such an address
not protected by a password (this happens when, for example, on the main page of the site there is an inscription
members, but when you click on it, it is redirected to another page, intermediate, and on it
there is already another link to the real members of the site zone) ... There is nothing more to write, like
Some tips for beginners
At this stage it is assumed that you have installed the program Access Diver,
about installing and configuring which in school is written a lot and different, there is a list of proxies,
which is checked and sorted, there are wordlist (well, or a sheet) plus time, patience and
the desire to try brute force in business ... To begin with, some psychological aspects ...
It is required to understand that brute force takes time, sometimes not a short time and, accordingly
patience ... At first attempts it is rather difficult to resist and not stop the program
at the first 10.20 or I don’t know how many minutes there (depending on desire and patience)
unsuccessful work ... In order not to be disappointed (wrongly and unknowingly) in brute force
Immediately, but to be disappointed in him later, going to the next step, would advise
from the simple ... You should not immediately grab the site, which passwords are not on the forum, but you
I want to see ... Draw conclusions, since there are none, then everything is not so simple there, and quite
it is possible that you will fail at once ... In general, you need to start with a simple one, it’s rather
just give the result in the form of passwords, and that is not unimportant - it will dramatically add you patience and
confidence in the action ... Where can I get this simple? Also, everything is easily solved - walk around
on the forum, see which sites surfers post, which sites have a lot of passwords from different surfers
and conclude that if others succeed, why are you worse? Take these sites and try ...
At the very first attempts it is important to get at least some result, preferably at a price that is not very
big time ... If you're lucky, you can add the same posts where you took the address
(just search do not forget to use, so as not to repeat) ...
There is another option, the school has, for example, Tolstoy's post (stress on the first syllable, Tolstoy in
brute force for us is not authority ))) where lists of relatively simple sites are given, as well as
Word List ... It’s quite possible to get a hundred passwords for the evening, I tried it myself, and only then go to
more serious sites.
In general, the main thing at the initial stage is to prove to yourself that it is
it works, it gives a real result, and it’s not so difficult, and to develop further,
not to try, not to get anything, because of a wrong choice, turn off
and quit this business ... And passwords to good sites will not disappear from you, you have to wait a bit ...
It should be borne in mind that there are sites on which passwords are streamed from Access Diver ...
If you see this - just look at what kind of site, it is quite possible that there are two or three dozen
pictures, and the value of this site is only for its creator and the fact that it has
links to other, normal sites ... It's all so cleverly conceived You do not need a dozen pictures,
turn off immediately ... You can find 500 passwords on such a site, they are simply written there, the most
common, so there are so many And even more so you should not post them, who needs this?
Out of inexperience, I post it a couple of times like that, it still hurts my conscience
Probably enough for a start ... I don’t see any sense in describing a program for brute force, everything is in school,
and manuals, and tips, and a video file, even by Access Diver ... Everything is not so difficult there, download, read,
and try ... But first, read a little at school to do the right thing and get a result
and there it goes
Everything, I hope someone at least one of the written proposals will help in the development of brute force