Mar 26, 2011

Btutus - The Brute Forcing Tool

- Intro -

1.What is Brutus?

Brutus is a well known and smart brute forcing tool.It is used by hackers/cr@(kers to brute force login passwords

2.What can you do with it?

We can use it to bruteforce password for HTTP, FTP, POP3, Telnet, SMB (Netbios), Netbus, etc ...

Download from = 
password  - hackingclass

Password List - Google It or go here

Understanding Brutus

 Time For some cr@ckin ,,,

==HTTP form==

This is the option you would use if you want to cr@(k into a website that has a field for a username and a pass

First thing you wanna do is open Brutus, and select http form. Then click the modify sequence button. Once there we put
the above link into the Target form field, then click Learn Form Settings
From here, you click the field name that is for the username, in this case it is userid, once you have selected it,
click the username button that is shown above the cookie information. That tells brutus that that field is for the username.
Then you select the password field and click the password button, then click accept. Next, in the HTML Response field you
need to fill that in with the response you get when you try to enter a password into your site. In this case the response is
"You have entered a wrong Password or username." For this target we will put that into the Primary response field Once this
is done, we click ok, add the IP into the Target Field and start our cr@(k.

For cr@(king an FTP server, the default settings should remain how they are,  make sure that the "Try to stay
connected for unlimited attempts" box is ticked. nce you have selected your options, enter the IP and
being the cr@(k.

The default Settings will work .. no modifying

Net Bus is a trojan. Sometimes this asks for a username and password to connect to the host.
This option is used for, cr@(king a password protected Netbus server.

==SMB (Netbios)==

If you happen to find yourself a target that has the netbios port open{139)and has sharing enabled, but it needs a password, this option what you would use. default settings should work.


Same as FTP ... Same settings will work use the "Try to stay connected for unlimited attempts" option.  


This is what you would use to set up a cr@(k for anything else that you could think You need to find out what you need to put in each field once you click "Define sequence" These options will vary from target to target and victim to victim . 

note - All information here is only for educational purposed. I am not responsible if it is used for illegal work.

Happy Hacking


Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More