If you have ever lost the password to your website you know how big of a pain it can be to try to guess the password from one of the known user names. Brutus is a free downloadable password cracker that has the ability to decode a wide array of password types. Brutus is also a handy utility if you have ever wondered how secure your website or server is. Brutus runs from a remote location meaning there are no large files to store on your computer and offers an easy-to-use interface.

  • If you have ever lost the password to your website you know how big of a pain it can be to try to guess the password from one of the known user names.
  • Brutus is also a handy utility if you have ever wondered how secure your website or server is.

Download the Brutus executable file onto your computer. Go to hoobie.net (see Resources) and download the Brutus ZIP file. Once downloaded, unzip the file and double-click on the Brutus executable file, which is named BrutusA2.exe.

Enter your Internet Protocol (IP) address into the Target box at the top of the Brutus interface. If you do not know your IP address there are many free IP address checkers available on the web. (See Resources.)

Set the Type input to the type of crack you are trying to perform. Brutus has set the Type input to HTTP by default and should be left alone. Other options include FTP, POP3 and NetBus for advanced cracking.

Enter the port number in the port box on the Brutus interface. There are 65,535 port possibilities, but the default port for web traffic is 80, so that is a safe option to use. The slide bars for Connections and Timeout next to the Port input are preset and should be left alone.

  • Enter your Internet Protocol (IP) address into the Target box at the top of the Brutus interface.
  • The slide bars for Connections and Timeout next to the Port input are preset and should be left alone.

Set the HTTP (Basic) Options. The HTTP (Basic) Options will vary depending on what type of crack you are performing. Set the HTTP (Basic) Options input to "Head" and click on the "Keep Alive" box to ensure there is a check mark.

Set the Authentication Options. If your system does not require a username, but simply a password or PIN number click the "Use Username" checkbox. If you have a username and know it, click the "Single User" checkbox and enter the known username in the input box below it. Brutus uses user.txt as the default input, which automatically checks against common usernames, such as Admin and Administrator. If your username is commonly used, simply leave user.txt in the input box.

  • Set the HTTP (Basic) Options.
  • If your system does not require a username, but simply a password or PIN number click the "Use Username" checkbox.

Set the Pass Mode and Pass File options. Brutus has a default setting that will run the password crack against all the words in the dictionary. The default setting for Pass Mode is Word List and the default setting for Pass File is words.txt. These input fields can be left alone.

Press the "Start" button and watch the progress bar as Brutus attempts to crack your passwords. Once the program has cracked a password it will appear in the Positive Authentication Results box at the bottom of the Brutus interface.

TIP

The Brutus dictionary has only 800 words in it but extensions are available for free download. Download .BAD files from the HoobieNet website to make Brutus aware of new password cracks.

WARNING

Hacking into other peoples websites is illegal.