Dictionary
attack & Bruteforce
Manual version: 5 May 2014
Manual version: 5 May 2014
Introduction
User
Interface
Pre-image resistant For any given Y, it is
difficult to find an X such that H(X)=Y.
In here given Y, which means hash value, we
try to find X. By using [Dictionary attack & Brute-force]
There are six parts in Dictionary attack
and Brute force
1.
Configuration
We have four type attack in the
configuration:
l Dictionary attacks:
A dictionary file might contain words, we
try to find H(word) == Y, if H(word) = Y, the word is X.
[Default dictionary] User can choose the default
dictionary. The default dictionary is come from Ubuntu system.
[Customize dictionary] User can choose a customize
dictionary, the dictionary format is *.txt
l Search attacks:
Random string instead of a list of
dictionary file, random string characters include number 0~9, English letters
a~z or A~Z, other symbols like %*$..., covers all possible combinations of a
character set, but password length is fixed by user.
[Charset] The random message character option
[Message length] The message length choose
from minimal length to maximal length. In this section, minimal length is less
than or equal to the maximal length
[Number of generation] The maximal time for
the string generator
l Rule-based search attacks
If user know a part of fragment of X, and
((fragment of X) + random string) as key word, try to find the whole value X
[Charset] The random message character option,
it is the same as search attack
[Length of string text] The length of message
text is fixed, not like the search attacks, it is role-based.
[String fragment] The fragment of message.
For example, the whole message is “apple”, so “app” is a fragment of message
[Fragment position] There are two option,
[fragment put first] and [fragment put last], for example, the whole message is
“apple1991”, we know fragment “app” at the beginning of the message, so the
fragment need to put first. Otherwise, if we know the fragment is a year “1991”
at the end of the message, so we can choose fragment put last.
l Brute-force attacks
Try all possible combinations (no selection
by user), the password length is not fixed, a range of password length can be
setup by user. Actually it is similar as search attacks, but the random range
is much bigger than search attacks. It might take long time to run because of
the large number of possible combinations.
2. Hash format
Hash format is an option to choose hash
function. MD5 and SHA1 are two option for user easier to test. The advance
option which is customized algorithm, user can choose external hash function,
the external hash function format is *.exe
3. Hash value
Hash value section is for user inputting hash
value for analyzing. The hash value must base on Hex.
The bit size is for select a part of hash
value. For example, the hash value “1f3870be274f6c49b3e31a0c6728957f”, if user
choose 36 bits, the hash value could be “1f3870be2”. If user choose whole bit
size, so the analyzer will analyze all the bit from the user input.
4. Attack control panel
The control panel got four button.
[Start] start analyzing
[Pause] pause analyzing
[Resume] resume analyzing
[Stop] stop analyzing
[Result table]: will show the result:
Message and Hash value
[Attack found]: will show the result number
5. Attack statistics
[Total hash]: the total number of hash, the
unit is Key.
[Average speed]: the average speed in
analyzing, the unit is keys per second
[Used time]: the total used time for
analyzing, the unit is seconds
[Time remaining]: the remaining time for
analyzing, the unit is seconds
6. Detail result
The detail result is include message, fragment
of hash value, and the whole size of value
[Save result]
Save result function is used to save the
result. Currently, the save file support *.txt, *.pdf, *.html
The
demo progress:
