Take a Virtual, Interactive Tour 

Cyber Security, Technology News

  |  
4 Min Read

Brute Force Attacks

What does brute force mean?

Brute force attacks are a method by which many login attempts are made to gain access to a system. WordPress is a free and open-source content management system that is used by 41.4% of the top 10 million websites on the internet. The two go together perfectly and attackers regularly target WordPress based websites using brute force methods.

Most websites running WordPress follow some simple rules. One of those rules is that the login page can be located at the "domain.TLD/wp-login.php" URL and that many of the setups are poorly configured without much in the way of security or preventative maintenance. Therefore, you can use some commonly available tools to quickly attack these sites to gain access to the underlying administration panel beneath.

There exist tools such as WPForce that can be ran in combination with a Username List as well as Password List to brute force these sites. While some individuals will rightfully state that this type of attack is also referred to as a Credential Stuffing attack, they cannot argue that it is not effective and simple. You simply load up your application, pass on your credentials, and wait for confirmation—or pivot—if you discover your method is not going to work on that site.

Once you have gained access to the website, you can next use the tool Yertle to attain persistence, activate meterpreter, load a keylogger, dump all of the hashes for the current passwords, and get the database credentials. This is a one stop shop for attackers and the tools themselves are simple to use. Yertle and WPForce are written in 96% Python and 4% JavaScript.

How do you fight it?

Individuals interested in protecting their webservers, developing defenses against these attacks, and preventing brute force or credential spraying attacks must understand the tools used to conduct the attacks themselves. By familiarizing yourself with these tools and their use, you can strategize how to defend yourself from the danger they pose.

7-2

Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

Comment

What is a Text Editor?

How to Do Serious Systems Admin Work The Word Processor is an amazing piece of technology that has enhanced the creation of documents and formatted text the world over. If you are seeking a desktop ...
Picture of Aaron Jones Aaron Jones 4 Min Read

NFTs and UAT

Non-Fungible Tokens (or NFTs) Have Two Big Problems. The first is the name. Non-fungible sounds like fungus, which is gross. So, there’s a branding issue, which I’m sure is why people try to refer to ...

Surveillance Capitalism: The Cost of Data

Watching for a Pay Day Surveillance capitalism is the act of earning money from surveillance in the simplest terms. Large companies who have access to massive data sets can reduce uncertainty and ...
Picture of Aaron Jones Aaron Jones 4 Min Read