Take a Virtual, Interactive Tour 

Cyber Security, Technology News

  |  
4 Min Read

Brute Force Attacks

What does brute force mean?

Brute force attacks are a method by which many login attempts are made to gain access to a system. WordPress is a free and open-source content management system that is used by 41.4% of the top 10 million websites on the internet. The two go together perfectly and attackers regularly target WordPress based websites using brute force methods.

Most websites running WordPress follow some simple rules. One of those rules is that the login page can be located at the "domain.TLD/wp-login.php" URL and that many of the setups are poorly configured without much in the way of security or preventative maintenance. Therefore, you can use some commonly available tools to quickly attack these sites to gain access to the underlying administration panel beneath.

There exist tools such as WPForce that can be ran in combination with a Username List as well as Password List to brute force these sites. While some individuals will rightfully state that this type of attack is also referred to as a Credential Stuffing attack, they cannot argue that it is not effective and simple. You simply load up your application, pass on your credentials, and wait for confirmation—or pivot—if you discover your method is not going to work on that site.

Once you have gained access to the website, you can next use the tool Yertle to attain persistence, activate meterpreter, load a keylogger, dump all of the hashes for the current passwords, and get the database credentials. This is a one stop shop for attackers and the tools themselves are simple to use. Yertle and WPForce are written in 96% Python and 4% JavaScript.

How do you fight it?

Individuals interested in protecting their webservers, developing defenses against these attacks, and preventing brute force or credential spraying attacks must understand the tools used to conduct the attacks themselves. By familiarizing yourself with these tools and their use, you can strategize how to defend yourself from the danger they pose.

7-2

Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

Comment

A Network Security Degree: Requirements, Expectations and Applications

It’s no secret that the more technologically advanced our world gets, the more we have to participate in it. This is great for connecting people worldwide and maximizing availability, but it ...

Meet Hunter Autrey, Cyber Security Alum

Well Deserved #TechRespect When students graduate, it's always a bittersweet moment. It's sad to no longer see them around campus working, on projects, and hanging with friends, but we are so proud ...
Picture of Erin Sullivan Erin Sullivan 4 Min Read

Message from the Provost: July 2022

TBT: Throwback Tech  Lately, I have been chain-watching For All Mankind. As a childhood fan of the space program growing up in the 70s, 80s, and 90s, I love what Ronald D. Moore has done, keeping the ...