Thegrideon Software. One less reason to worry.
Home » Password Recovery Tools » Brute-force Attacks

Brute-force attacks

Brute-force attack setup

Brute-force (BF) attack is a basic password recovery attack. Password candidates are generated sequentially based on a charset and length selected. The easiest way to imagine it is a 4-digit pin-like password. Brute-force attack with the "0..9"="0123456789" charset and the length of 4 includes 10000 combinations from "0000" to "9999". Attack length can be set as a range (e.g. 2-4) or as a fixed value (e.g. 4-4).
BF[2-4]"0..9" = "00", "01", "02", ..., "99", "000", ..., "999", "0000", ..., "9999"
BF[4-4]"0..9" = "0000", "0001", "0002", ..., "9999"
Attack charset can be selected from the preset groups ("0..9", "a..z", etc.) or the "Final charset" field can be filled / edited manually with up to 250 Unicode characters. Filtering options are available to limit number of equal chars in total or in sequence (one after another). Simply, by filtering numbers with equal digits we can limit search range from 10000 down to 5040 combinations for the 4 digits pin example above. "AaAa" is counted as 2 'A' + 2 'a' by default or as 4 'A=a' with "Use case-insensitive count" option enabled. The following two options are available for brute-force attacks that are part of mixed attack setup: "Start with an empty output" allows you to set any brute-force part as optional (check with and without the part). "Shorten output to keep overall size no longer than N" is set to a maximum password length allowed by default and thus ignored, but can be employed to combine two variable-length parts and keep output length fixed:
BF[2-3]"0..9" + BF[2-2]<4"a..z" = 00aa, ..., 99zz, 000a, ..., 999z.
Long brute-force attack with a very wide charset can be used to recover virtually any password, but the time required for this attack is beyond any reasonable timeframe, thus it is important to use all known additional details. For example, a person's birth year can be guessed with a full brute-force search from "0000" to "9999", but it is obviously not the best way to do it. Mixed attacks are available, multi-position modifications can be used to mix in 1 or 2 capital letters or special chars, etc.

© 2003-2019 | Privacy | Terms of use.
All trademarks are the property of their respective holders.