If you don’t know, Brutus Password Cracker is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free to download Brutus. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future.
Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 1.6 Million visitors to this page. Development continues so new releases will be available in the near future.
What is Brutus Password Cracker For?
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
Read more here.
Brutus was written originally to help me check routers etc. for default and common passwords.
Features
Brutus version AET2 is the current release and includes the following authentication types:
- HTTP (Basic Authentication)
- HTTP (HTML Form/CGI)
- POP3
- FTP
- SMB
- Telnet
Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.
The current brutus password release includes the following functionality :
- Multi-stage authentication engine
- 60 simultaneous target connections
- No username, single username and multiple username modes
- Password list, combo (user/password) list and configurable brute force modes
- Highly customisable authentication sequences
- Load and resume position
- Import and Export custom authentication types as BAD files seamlessly
- SOCKS proxy support for all authentication types
- User and password list generation and manipulation functionality
- HTML Form interpretation for HTML Form/CGI authentication types
- Error handling and recovery capability inc. resume after crash/failure.
There are other options to check out too such as:
– JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY
– Bruter 1.0 Released – Parallel Windows Password Brute Forcing Tool
Brutus Password Cracker download here (the password is darknet123):
DDDDDDDDDDDDDDDDDDDDDDDD
bebo has been blocked at out school. wats a website that we can get onto it at school?
So why did you have to remove the file due to Homeland Security?
alex: Because my host pulled the plug on the server until all the files were deleted because they got notifaction that it was malware and contrivined the homeland security act or something like that.
Brutus is a really old tool that hasn’t been updated since 2000. It has always been buggy and slow. The best remote password cracker has to be Hydra, there’s even Windows port.
There are other alternative too don’t forget..
Jack the Ripper is still king
Medusa is good
Ophcrack for Rainbow Tables
LCP for a good free alternative to L0phtcrack
Agreed all great tools but your not comparing apples with apples, only Medusa is a *remote* password cracker. Also check out LMCrack for fast offline Windows password cracking.
Great site, keep up the good work!
Yah I would agree, thc-hydra probably is the best when it comes to remote, Medusa is looking good though. Will check out LMCrack, will write about it if it’s cool :)
I am from myanmar and I used Dial-up connection to Bagan (ISP)
And I connect from Chin Land (Falam)
My connection was 30 Kps.
Thanks
And Pls advice me… I want to learn more and more about Computer.
hey..
i downloaded brutus-aet2.zip from hobbie.net, but the zip dosen’t contains any exe or something. It contains some .doc files and .bad file.
How Iam I supposed to make it work ?… I mean from where can I get the UI part as it is not included in download package..
Any help on this will be greatly appreciated…
Thanks.
I just downloaded the file again as a test and the EXE is there named BrutusA2.exe within the brutus-aet2.zip from hobbie.net. Maybe your net connection is scanned and it was removed as malware?
hello there…where can i get from an very efficient password stealer? please help
Does anyone know how to hack hotmail accounts ?
I’m looking for a TOP hacker, to hack a few yahoo screen names. $$ “rewarded” if names are recovered.
E-mail: x_beautiful_illusion_x@yahoo.com
screen name is also the same, or oh_so_fancy
Does anyone have any info on being able to steal facebook passwords?
Please help me. Can you refer me to someone who can obtain my cheating husbands email password? I need help badly.
Thanks
L
I get Brutus
i downloaded some prog from your site but whene i extract the files it always askes me for a password can i know what the password is or how to avoid this. (i am subscribed)
The password would be darknet123
thanks man and because i am a newb at hacking how could i penetrate into my friends e-mail? (just a practical joke) nothing evil
what is this for???
to spam all of his friends
thanks
Need help cracking facebook password. Will pay for help.
hehehe hom much? i just want to learn how to not have somebody do it 4 me? is there any way u can tell me for free? pleaz :)
can brutus be used for hacking email – yahoo & hotmail? or even friendster?
brutus is far from the fastest and most flexible remote password crackers….imo.
also need help with cracking password for email from cheating husband. :-( please contact me.
I tried to download Brutus from hobbie.net (the master image)and Avast found a Trojan in the .zip file:
http://i162.photobucket.com/albums/t276/carmatt59/Trojan.jpg
So much for wanting to try a software that suppose to crack passwords… “Hack to learn” is the motto, eh?
Nice “touch” inserting a trojan into the zip file just to fuck up with people’s computers, eh ….darknet?
Good thing Avast rocks and douche bags like you are stopped every now and then.
Oh, by the way….. specify in the stupid box with “please add 5 and 8” or whatever numbers that what the system requires is not to just write those numbers in the box, but requires a mathematical operation… Who said that all the hackers are smart?
hi i need help getting a facebook password. can anyone help??? i am willing to pay!
Hi all, I need some help… I need to hack into my ex-girlfriends e-mail account but have no idea how to go about it as i am a complete newbie at this hacking… She is using a freeserve/orange account if that helps and i am willing to pay a reward if anyone has any luck… Cheers
can u please tell me how too crack my bebo password.. i have forgotton it and REALLY dont want to set up a new one. thanks!
ok i already have the brutus thing. but can anyone pls tell me how to use it to steal a password from a yahoo mail account? i have the username, i want to know the password… pls help… (good intentions)
yea ok… i’ve got the Brutus, but how do i use it crack yahoo/hotmail passwords? can u plz help?
Being a programmer myself, getting software for free even with a trojan is worth it. I used to add keyloggers into my programs to see what people did with them and I could know every word they typed on their computers, you wouldnt believe how dumb ppl are.
Hacking yahoo and other emails accounts are fairly hard but if you know what to do might as well give it a shot.
my keylogger doesn’t work with a penson im trying to get a password. i’ve got the Brutus too, but how do i use it crack yahoo/hotmail/gmail passwords too? can u plz help?
trying to get girlfriends facebook password….willing to pay for quick replys!!!
how do i hack bebo accounts? (some freak is bulling my little sister)
can any one tell me how to install hydra coz i cant do it
situatuion: someone some how hacked into my bebo and changed my password.. so i tried to reset the password. buut, i cudnt get into my hotmail account, as they changed this password aswel. soo i tried to rest my hotmail password.. but they changed my secret question and i have no idea wat the answer is… any ideas of what to do?
Just out of curiocity.. what is Hacking means
IS It just going on other ppl computer? Or just reading some one’s else email and conversation?
hello,this is a good site for learing crack, thank you all.
I am looking for some tools for cracking encrypted proxy(proxy need username and password), I need it very much.
would you please tell me?
thanks in advance
Please can someone tell me why Brutus will tell me there is ‘positive authentication’ with a certain user name but it will not tell me the password. I’ve tried it in ‘brute force’ mode but it does exactly the same. Thanks in advance.
Also, Bastard, I tried your link for the tutorials but it doesn’t seem to work.
Thanks again.
Now it keeps giving me a one letter password (different each time), or telling me the password is academia (sometimes academic).
None of them are right. I don’t understand.
Am I doing something wrong?
Please get back to me.
wow didn’t know you could hire a hacker on this site. anyways brute crackers are great if you can’t get the pass any other way. there is always a chance of being detected though. that is if someone is paying attention or setup a tries limit. otherwise it requires password files or hashes or something of the nature to use some of the other progs mentioned.
Can anyone tell me what program would be best to retrieve a password to a blog/message board? Thank you so much.
Marie,
You will notice that your previos message was deleted by the moderators as you were asking for advice as to how to perform an illegal act.
I sympathise with your situation but breaking the law will not help you. As you have little knowledge of Information Security, etc, you would get caught and I’m sure you and your daughter would not benefit from that.
If you are concerned with what your daughter is doing online, might I suggest that you monitor her activities, physically, by locating your computer into a shared area in your house.
There are other methods which will fall into greyer areas of the law depending on ownership of the computer system, the country you are in, the age of your daughter, etc.
I apologise if I am coming across as a bit preachy but there is no substitute for proper parenting.
Bogwich,
I’m sorry, but you may be confused. I posted right above your last post (my post is still there and hasn’t been removed) and I do not have a daughter. I have no idea what you’re talking about. The same message was also sent to my private email, so I think you accidentally answered me but meant to answer someone else. Please see my post above. Thank you.
My apologies,
Someone using the exact same name posted a message onto this thread asking the same question as you, although with a bit more detail, that message was deleted by the moderators. I assumed that Marie and Marie were the same person.
Easy mistake to make!
No problem at all. I should have used a symbol after my name but didn’t notice the other user. BTW, is my question one that you can answer or does it fall into the same category as the other Marie? Thank you
I’ll try.
If you want to retrieve a password for a blog or message site, there is usually a link to follow entitled ‘Forgot password?’ or similar, that would be the way to go.
Ummm….Okay it goes like this. I really wanna learn some what of hacking just to get to know what I might deal with in the future with me getting more indepth with computers. I’ve tried to download Brute Force but for some reason everytime I go to hoobie.com -or what ever it is- the web page doesn’t load. Could anyone give me another site or something, I’m new to this but I really wanna learn.
common guys google-it and you find plentiful downloads
Can I also suggest something: Why not move this website some on a Russian server? At lease no homeland narrow-minded idiots will interfere :)
Johnny you so right haha i love ? ????? ??? ???????? ????? lol
brutus was pretty awesome back in the day, its still a great program for someone taking their first steps in to password auditing.
If a new version came out I’d personally love to see it be able to compete with hydra as far as performance, and effectiveness.
Has anybody found that brute force hacking is highly ineffective?
The best way is to find some vulnerability on the page and exploit it.
I think brute force should be the last thing tried.
FOr one thing, it is highly suspicious in the logs as having one IP address go through a couple hundred, or even thousand, tries to log in unsuccessfully!
@ phantom, it’d depend on the type of “login” used to hook onto the MMORPG server
@grav obviously man, and now some servers prevent multiple login attempts from a given ip to prevent such attacks…. thats the reason phishing is preferred….most skiddies go for it and succeed coz us humans are after all the dumbest species in the universe!!The percentage of people who know even a bit about ARP poisoning or BlindSQL attacks is miniscule outside the security professional world
Well, thanks for that gem of wisdom there hikup.
I’d agree with grav there too – even if you sit behind an fortress doing brute attacks, you’re going to get seen by someone. Maybe not the people who are meant to be the network admin on the sites or servers being bruted – but someone is going to see that traffic, and they’ll certainly be taking all kinds of interests in you or at the least, your own hardware / network / etc.
I think brutes are best used – in testing, cause you need to account for the possibility of someone else (or their botnet) using such methods, and not-online brutes, eg – decrypting a drive or some such that you have actually with you. Which is also of course, why they are legit apps also.
The best way to get a password – or for that matter any personal information is social engineering. A system can be impenetrable, but there is always one flaw, and that is the human element. Social engineers run the most risks (there is no proxy string to hide behind)
but in the long run, they are the ones that get the most out of anything with the least amount of actual “hacking”
A really good example is with the “hacking” of Paris Hilton’s SideKick. The ppl who stole all of her photos and stuff were pretty much hacking amateurs, but they were able to convince one of the T-Mobile personnel to give them the correct access codes and such to allow them to pull off the “heist”
Its the same thing with brute forcing, either you can try to brute force a website or ftp server or whatever, or with a quick phone call, you can find out everything you wanted to find out.
? – the personnel shouldn’t ever have anyone’s actual passwords and details to give away, they’re only allowed to reset passwords.
And that shouldn’t ever happen over a phonecall, unless you can verify the number calling and say they use a videophone and then you can see it’s them too.
Mind you T-mobile are off their heads so that doesn’t surprise me anyway.
Interested in getting as much info on this program as possible. Im trying to bruteforce or dictionary attack a router login, and keep getting timeout/throttle and no results (allready have password and login) ….just curious