.

Length of time for bruteforce

<<

cochese86

User avatar

Newbie
Newbie

Posts: 10

Joined: Wed Jun 08, 2011 6:43 pm

Post Mon Jun 20, 2011 1:21 pm

Length of time for bruteforce

Hello,

I was wondering what the most amount of time you would allocate during a pen test to bruteforcing?  As an example, if you discover a vpn router and are able to catch the handshake, what's a reasonable amount of time to spend bruteforcing the PSK?  What about if you get ahold of the hashes on a box?

Thanks in advance.
<<

abgenius

Newbie
Newbie

Posts: 1

Joined: Sun May 22, 2011 9:28 am

Post Thu Jun 23, 2011 3:35 pm

Re: Length of time for bruteforce

<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 2:20 am

Re: Length of time for bruteforce

just turn on the brute forcer and continue with other things. it it comes up with a password focus on it again, if not report that you tried and did not come up with results within the allocated time. Remember to state that it is not a guarantee that the VPN is safe from bruteforcing, and recommend to always use a strong password.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

cochese86

User avatar

Newbie
Newbie

Posts: 10

Joined: Wed Jun 08, 2011 6:43 pm

Post Sun Jun 26, 2011 12:56 pm

Re: Length of time for bruteforce

Cool, thanks for the replies.  I'm also looking into gpu cracking as the calculator posted said it would take 58 years to crack and 8 character password with caps, lower case, and special characters.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Sun Jun 26, 2011 3:13 pm

Re: Length of time for bruteforce

but you take the gamble what they didn't use a strong password.
CCENT, A+, Network+, Security+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Mon Jun 27, 2011 2:37 am

Re: Length of time for bruteforce

cochese86 wrote:Cool, thanks for the replies.  I'm also looking into gpu cracking as the calculator posted said it would take 58 years to crack and 8 character password with caps, lower case, and special characters.


lol, thats pretty oudated, even if you do it with your CPU, assuming you use a multi-code. for more information about GPU cracking, read up on this:
http://www.backtrack-linux.org/documents/BACKTRACK_CUDA_v2.0.pdf
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

cochese86

User avatar

Newbie
Newbie

Posts: 10

Joined: Wed Jun 08, 2011 6:43 pm

Post Mon Jun 27, 2011 2:33 pm

Re: Length of time for bruteforce

El33tsamurai wrote:but you take the gamble what they didn't use a strong password.


I ran a dictionary attack first and then let a bruteforcer go for 5 days.  I'm thinking it's not a simple password.  I was just originally curious what would be an acceptable length of time.


lol, thats pretty oudated, even if you do it with your CPU, assuming you use a multi-code. for more information about GPU cracking, read up on this:


Yeah, I'm new I guess, just looking at better ways to work.  Thanks for the link!

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software