Brute force attack

Table of Contents

What is a brute force attack?

Behind the term "brute force" (brute force) hides a cryptographic attack. The attacker guesses by systematically trying all possible combinations of a given set, you are likely to eventually arrive at the right value for a password, username, hash, or web path. In this sense, the procedure is comparable to a lottery draw.

A classic brute force attack can be a very time-consuming process, depending on the method used and the computing power required by the attacker.

If the targeted victim uses a long, complex, and unique stat, and mechanisms are in place that impede continuous trial and error, it becomes nearly impossible to succeed in a reasonable amount of time.

Intentions behind a brute force attack

Brute force attacks appear in the early phases of a hacker attack and can be classified according to the "kill chain" model (a model to describe the stages of cyber attacks), among other things, in the first phase of information gathering.

The aim of a brute force attack is not only the possible access to further information, the identity or rights of the target, but the value itself in the form of a password, pin, hash or username. In this way, they can possibly be used on other systems and also resold to third parties.

For example, in a brute force attack on a web server, the attacker focuses on finding hidden sub-pages in order to exploit any security gaps that may exist there.

In addition, the behavior of a target during a brute force attack can allow conclusions to be drawn about other possible attack vectors for the attacker. The possibility of a buffer overflow or remote code execution would be conceivable here.

Because of this, brute force attacks not only take place during hacker attacks, but also during stress tests of hardware and software to check robustness and correctness.

Do you want to get started as a penetration tester?
Qualify for your dream job with our practice-oriented intensive course!
To the Junior Penetration Tester certificate course

Appropriate protective measures

Always use passwords with the following conditions:

  • lowercase and uppercase letters
  • special character
  • numbers

Remember: the more characters your password contains, the harder it is to crack. You can find more information in our Password cracking series of articles.

Newsletter form (#7)

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
OTHER CONTRIBUTIONS

Table of Contents

Do you have any questions or additions? bring it on!
Write a comment and we will reply as soon as possible!

Your email address will not be published. Required fields are marked with *.

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.