Take a Virtual, Interactive Tour 

Cyber Security, Technology News

  |  
4 Min Read

Brute Force Attacks

What does brute force mean?

Brute force attacks are a method by which many login attempts are made to gain access to a system. WordPress is a free and open-source content management system that is used by 41.4% of the top 10 million websites on the internet. The two go together perfectly and attackers regularly target WordPress based websites using brute force methods.

Most websites running WordPress follow some simple rules. One of those rules is that the login page can be located at the "domain.TLD/wp-login.php" URL and that many of the setups are poorly configured without much in the way of security or preventative maintenance. Therefore, you can use some commonly available tools to quickly attack these sites to gain access to the underlying administration panel beneath.

There exist tools such as WPForce that can be ran in combination with a Username List as well as Password List to brute force these sites. While some individuals will rightfully state that this type of attack is also referred to as a Credential Stuffing attack, they cannot argue that it is not effective and simple. You simply load up your application, pass on your credentials, and wait for confirmation—or pivot—if you discover your method is not going to work on that site.

Once you have gained access to the website, you can next use the tool Yertle to attain persistence, activate meterpreter, load a keylogger, dump all of the hashes for the current passwords, and get the database credentials. This is a one stop shop for attackers and the tools themselves are simple to use. Yertle and WPForce are written in 96% Python and 4% JavaScript.

How do you fight it?

Individuals interested in protecting their webservers, developing defenses against these attacks, and preventing brute force or credential spraying attacks must understand the tools used to conduct the attacks themselves. By familiarizing yourself with these tools and their use, you can strategize how to defend yourself from the danger they pose.

7-2

Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

Comment

You Snow the Drill, UAT's Techmas Gift Guide is Here!

Sleigh the Holidays with UAT's 12 Days of Techmas 'Tis that time of year again where our wishlists are growing long but the time until Christmas is running out. University of Advancing Technology ...
Picture of Erin Sullivan Erin Sullivan 4 Min Read

What is Kali Linux?

Kali Linux, formerly Backtrack Linux, is a Debian-based and open-source operating system distribution with the intention of making penetration test and auditing tools available to the average user. ...
Picture of Aaron Jones Aaron Jones 4 Min Read

Running Your Own Email Server

What is MIAB? Running your own email service provider sounds like a daunting task but it can be made easier by using an array of tools that have been combined into a self-hosted service called "Mail ...
Picture of Aaron Jones Aaron Jones 4 Min Read