If you’ve ever lost your site’s password, you know how irritating it can be to try to guess the password for one of the well-known usernames. Brutus is a free password cracker that has the ability to crack a wide variety of passwords. Brutus is also a handy utility if you’ve ever wondered how secure your website or server is. Brutus runs from a remote location, which means there are no large files stored on your computer, and it offers an easy-to-use interface.
Step 1
Download the Brutus executable to your computer. Go to hoobie.net (see Resources) and download the Brutus ZIP file. After downloading, unzip the file and double-click the Brutus executable, called BrutusA2.exe.
Step 2
Enter your protocol (IP) address in the text box at the top of the Brutus interface. If you don’t know your IP address, there are many free IP address checkers on the web. (See Resources).
Step 3
Set the input type to the type of cracker you are trying to create. Brutus has the default input type set to HTTP and should be left that way. Other advanced cracking options include FTP, POP · and NETBus.
Step 4
Enter the port number in the “Port” text box on the Brutus interface. There are 65,535 possibilities for port numbers, but the default port for web traffic is 80, so you can safely use this option. You should leave the sliders for connections and timeouts and port entry as they are predefined.
Step 5
Set HTTP (Basic) options. The HTTP (Basic) options vary depending on the type of cracker you are creating. Set the (Basic) option entries to “Head” (Main) and click the “Keep Alive” text box to ensure there is a tag.
Step 6
Configure authentication options. If your system does not require a username, but simply a password or PIN number, click the “Use username” (use username) checkbox. If you have a username and you know it, click the “Single User” checkbox and enter the username in the text box below. Brutus defaults to user.txt as an input, which automatically checks usernames against common users such as Admin and Administrator. If your username is commonly used, leave user.txt in the login box.
Step 7
Set the Passthrough Mode and Passfile options. Brutus has a default setting that will run the password cracker on all words in the dictionary. The default setting for Approval Mode is Word List and the default setting for Approved File is words.txt. These input fields can be left as is.
Step 8
Press the “Start” button and look at the progress bar as Brutus tries to crack your passwords. Once the program has cracked a password, it appears in the Positive Authentication Results (Possible Authentication Results) at the bottom of the Brutus interface.
