1
00:00:01,310 --> 00:00:07,610
Now let's assume you tried all the attacks that we learned so far on your target website you tried all

2
00:00:07,610 --> 00:00:12,830
of them on the Web site on the same server and none of these Web sites is vulnerable.

3
00:00:12,830 --> 00:00:18,510
You went and you tried to hack into that server using the applications installed on the server using

4
00:00:18,510 --> 00:00:19,880
the server side attacks.

5
00:00:20,030 --> 00:00:25,060
So you use the port scanner and you determine the programs and the open ports.

6
00:00:25,190 --> 00:00:28,960
And he tried to hack into the server based on these services.

7
00:00:28,970 --> 00:00:32,010
And again you still didn't find any way to get in.

8
00:00:32,180 --> 00:00:38,240
And let's assume that you try to attack the data center itself which contains all the servers and again

9
00:00:38,240 --> 00:00:44,140
you still didn't manage to gain access and you try to hog the users that use the Web sites all the Web

10
00:00:44,140 --> 00:00:46,640
sites on the same server as your target web site.

11
00:00:46,640 --> 00:00:52,020
So you try to hug the users you try to hack the admins and you try to hide the support people using

12
00:00:52,040 --> 00:00:54,490
social engineering attacks and all these attacks.

13
00:00:54,620 --> 00:00:57,650
And again you still didn't manage to gain your access.

14
00:00:57,790 --> 00:01:02,200
Then I'd usually go down to brute force attacks.

15
00:01:02,220 --> 00:01:07,860
Now a lot of people would actually try brute force attacks before that but I just don't really like

16
00:01:07,860 --> 00:01:08,990
brute force attacks.

17
00:01:08,990 --> 00:01:14,490
Not because they're not useful or because they're not effective they're actually very effective but

18
00:01:14,520 --> 00:01:22,690
it's just that I don't really feel satisfaction when I gain access to a system using a brute force attack.

19
00:01:22,840 --> 00:01:27,230
So what we mean by brute force attacks is we're going to go to the logon screen.

20
00:01:27,250 --> 00:01:33,310
Most web sites have logon screen to allow the admins to log in and we're going to try to determine all

21
00:01:33,430 --> 00:01:36,720
possible combinations of the password.

22
00:01:36,790 --> 00:01:41,380
So there's two flavors of brute force attacks or I should say guessing attacks.

23
00:01:41,470 --> 00:01:48,340
There is brute force attacks and dictionary attacks so brute force attacks would try to cover all possible

24
00:01:48,340 --> 00:01:51,630
combinations of the password for example on your phone.

25
00:01:51,730 --> 00:01:57,370
The pain can only be made out of numbers so you can actually cover all possibilities very easily because

26
00:01:57,370 --> 00:02:03,490
the pin only has four digits and there is only nine possibilities when this comes to passwords especially

27
00:02:03,490 --> 00:02:04,980
when it comes to Web log ins.

28
00:02:05,080 --> 00:02:12,370
You have lowercase characters uppercase characters symbols and digits which makes the brute force attack

29
00:02:12,370 --> 00:02:17,290
really unfeasible because it'll take years to cover all possibilities.

30
00:02:17,290 --> 00:02:23,480
This leads us to the dictionary attack where do you actually cover all possibilities in a list.

31
00:02:23,540 --> 00:02:25,320
So we're going to have a list of passwords.

32
00:02:25,390 --> 00:02:32,080
These can be made of common passwords or based on the research that you did on your target in the dictionary

33
00:02:32,080 --> 00:02:32,760
attack.

34
00:02:32,800 --> 00:02:36,870
You only covered the passwords that exist in the wordlist.

35
00:02:36,910 --> 00:02:41,710
So unlike the brute force attack it's not guaranteed because with the brute force we're going to cover

36
00:02:41,710 --> 00:02:45,160
all possible combinations in the dictionary attack.

37
00:02:45,160 --> 00:02:46,990
We're only going to cover the passwords.

38
00:02:46,990 --> 00:02:51,200
There are in our warrantless or in the dictionary.

39
00:02:51,260 --> 00:02:56,660
So the next few lectures we're going to see how you can create your own dictionary and we're going to

40
00:02:56,660 --> 00:03:03,020
see how we can relaunch a brute force attack to gain access to a system without exploiting any vulnerabilities.

41
00:03:03,020 --> 00:03:08,600
All we're going to do is just try a large number of passwords until one of them works.

42
00:03:08,600 --> 00:03:13,160
And this is the reason why I don't really like brute force because there is no smart way you're not

43
00:03:13,160 --> 00:03:14,600
actually exploiting anything.

44
00:03:14,600 --> 00:03:17,920
You're literally just guessing the password until it works.

45
00:03:17,930 --> 00:03:21,870
Keep in mind though just because I don't like it doesn't mean that it's not effective.

46
00:03:21,870 --> 00:03:28,790
I've actually in many cases I spent days trying to break into a system and at the end one of the times

47
00:03:28,790 --> 00:03:35,420
I still remember the password was one two three four five six ABC which you'd probably if you had a

48
00:03:35,420 --> 00:03:40,940
word list of common passwords you'll probably gain access to that system within an hour or two.