How I Performed Brute Force attacks on Information Technology devices and systems.

This is my first article based on practical knowledge what I have learned. You may found this a bit long, I hope you will love this. I will appreciate your feedback and comments so that I can improve myself on next part. I will be uploading article progressively.

This article mainly focuses on the procedures that I performed brute force attack on IT devices and system.

The origins of cybersecurity began with a research experiment. This was created mainly due to the development of viruses. In 1969, the first electronic communication from a UCLA SDS Sigma 7 Host Machine was sent to Bill Duvall, programmer, by Leonard Kleinrock, professor at the University of Cologne (UCLA) and student Charley Kline. This is a famous tale and a landmark moment in a modern age. The UCLA response submitted was the word login, which came after the first two letters were written "lo." By then, this tale was thought to be the beginning response of the programmer "lo and see." The way we interact with each other was modified in those two letters of communication. (Matthews, 2020) The first electronic worm (virus), developed in Massachusetts in the 1970s by Robert (Bob) Thomas, a researcher at the University of BBN technology in Cambridge. He discovered that a machine program might travel around a network and leave a little trace (series of signs) everywhere. He called the Creeper system and configured it to fly through Tenex terminals on the early ARPANET with the printed message, "I'M THE CREEPER: IF YOU CAN CATCH ME." (Management, 2018)

Cyber-crimes become more effective after Creeper and Reaper. Security breaches often growing as computer applications and hardware evolve. A dimension of weaknesses or a way for hackers to cope with security methods was created for any new creation. In 1986 the first Russians to use cyber power as a tool were Russia. A German person, Marcus Hess, has infiltrated 400 military machines, including Pentagon processors. He tried to trade information for the KGB, but before that could happen, an American scientist, Clifford Stoll, arrested him. (SentinelOne, 2019)

Nowadays, viruses were deadlier, more invasive, and harder to control. We have already had significant security attacks, and 2018 is not finished. That is to only a handful, but such assaults are adequate to show that information defence is a must for enterprises and small firms. Cyber security primarily includes people, systems and technology that function together to cover the full spectrum of threat management , risk mitigation, prevention, foreign participation, accident response and resilience strategies and practices like computer network activity, cyber security, law enforcement and others. (Kaspersky, 2020) Cybersecurity is the protection of devices connecting to the internet, including equipment, applications, and cyber-attack records. It consists of two terms, one cyber and another protection. Cyber is connected to the device, network, and software or data-containing technologies. Security-related to infrastructure, including protection of devices, the security of networks and operation, and security of knowledge. (Matthews, 2019) Cyber attacks pose a growing threat to companies, workers, and customers. You may control or kill confidential data or ransom assets. It will potentially ruin businesses and harm your financial and personal lives, especially if you experience identity theft. (Johansen, 2020) Cybersecurity precautions should be provided by people and companies alike. For instance, an individual may install anti-virus software and keep cybercriminals up-to-date. An organization may install intelligent technologies for variable network traffic control and alert IT professionals to take a closer look.

Types of Cybersecurity

The area of cybersecurity is a big one. There are various specific styles, and they have numerous purposes. The nature of new Internet-based threats typically involves the simultaneous deployment of multiple protection strategies, depending on needs and risks. It contains:

1. Information security: Protection from unlawful exposure to information and false convictions.
2. Network security: Protecting a Network and its archives and applications from unregulated remote connections to firewalls and VPNs.
3. Endpoint security: Securing all network-connected products such as smartphones, web-enabled apps, and computers by eliminating or reducing their relevant vulnerabilities. Professionals and lovers of technology do not ignore Internet-based apps like surveillance monitors, activity tracking systems, and wireless Wi-Fi whiteboards.
4. Cloud security: Cyber protection related to both web-based software and processed content in a server.
5. Website security: Avoid attacks that could keep a website from functioning as planned or from being offline. Malware scanning is a vital aspect of website protection, in particular, because it can corrupt machines and cause a website to lose search engine rankings if it is found.
6. Application security: Prevention of Internet-connected systems by cybercriminals from targeting vulnerabilities proactively. This also provides improvements to fix known bugs through patches. (Kaspersky, 2020)

Why is cybersecurity important?

We exist in a modern world that recognizes that we are more open to our private details than ever. We all live in an environment linked between internet banking and public services, where computers and other tools store data. A component of this data may include confidential details, including intellectual property, financial records, personal details, or some other information that may have a detrimental impact on unwanted access or disclosure. Cyberattacks are an international issue and have raised several fears that hacks and other security attacks can hinder the global economy. Organizations transfer confidential data across networks and other tools, and cyber safety explains how to secure knowledge and the technologies used to access or archive it. Kaspersky / B2B's newly released report reveals that the total expense of cyber threats at the business level is 1,41 million dollars. It also revealed, however, that 34% of firms employing an information protection officer had no cyber-related incidents, which caused the monetary loss. Furthermore, the expense of their malware accidents declined by more than half as businesses set up on site protection operations. (Matthews, 2019) In order to protect information from being stolen, compromised or attacked Cybersecurity can be measured by at least one of three goals:

1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These priorities are focused on the triad of confidentiality, integrity, availability (CIA) of security programs. The CIA triad is a security model that controls information protection policy inside an agency or company's premises. This CIA triad is often widely considered the three security foundations because the bulk of the organization's security strategies are focused around these three concepts. Let me, therefore, remind you of all three elements:

Confidentiality: Confidentiality Ensures that only an authorised individual accesses sensitive information and stops the unauthorized person. Sensitive information It is implemented with security mechanisms like usernames, passwords, ACLs and encryption. It is also common that information should fall into the unintentional hands to be categorized according to the extent of damage that could happen.

Integrity: Integrity maintains the information is correct and relevant to the original purpose in a format. The receiver of the information must be informed by the creator. Only authorized persons can edit the information and remains in their original condition when they rest. Integrity is carried out using a security mechanism, like encryption and manipulation of records.

Availability: Availability Ensure that those who need them have access to information and resources. Methods like hardware maintenance, software patching, and network optimisation are used. Clusters such as stability, instability, RAID and high-availability are used to mitigate severe consequences in the case of hardware problems. Dedicated hardware tools may be used to defend against failure or unreliable data attributable to malicious acts such as DDoS attacks. (GEEK UNIVERSITY, 2019)

Current scenario

A brute force attack is the trial and error approach utilized for software to decrypt protected data such as passwords or Data Encryption Standard (DES), rather than utilizing analytical techniques. Much as a thief might hack through or "crack" a protection system by attempting several different variations, a brute force that targets a request continues in a succession of each conceivable lawful combination. (Rouse, 2019) The bulk of cyber attackers specialized in brute force exploits are utilizing bots for bidding. Attackers usually provide several valid or widely used passwords to attack websites using such passwords. Cracking brute force by hand requires time and several attackers have applications and resources for assisting them with a brute force assault. The remedies available to attackers enable attackers to attempt to scan for, among other items, various variations of passwords and access web applications. (TUCAKOV, 2020)

For years the Web has been afflicted with brute attacks with intimidation. The frequency and strength of assaults by physical force – including those launched by the UK and Scottish parliament last year – has increased significantly throughout the first half of the year. Analysis undertaken by Foregenix Ltd on over 500 websites worldwide indicates that, despite a fall in February, there is little distinction between words/numbers. It is effortless to grasp. Four attacks occurred per day in May and June when more than one attack a day was reported in the three previous months. The frequency of very high attacks by brute forces – over 30 000 malicious requests identified in 10 minutes – has also stepped up with an incredible peak of more than 1,50 attacks every day since half of this point was launched in 2010. Cyber attackers utilize malware, such as botnets, to allow several guesses of potential passwords for accessing data or personal information in a brute violence attack. (Dennys, 2018)

Problem Statements

Users still have several identities and passwords. People are frequently vulnerable to brute force attacks with a few basic passwords. Moreover, several uses that give an attacker access to several accounts with the same password. E-mail accounts secured by bad passwords may be linked and used to recover passwords. This makes them particularly crucial for hackers. The critical problem caused by brute force attack on Information Technology devices and systems is Account Takeover. Account Takeover is a process in which an attacker tries to take over the victims account by brute-forcing the passwords or through the password reset link to crack the 4 to 6-digit OTP code. Also using the brute-force attack the attacker performs the SMS bomber which means repeatedly can send the message for unlimited times using the simple software or scripts also, it is applicable for sending the unlimited spam e-mails. Further use of brute-force attack is also used for User enumeration. It is where a malicious agent may either invent or validate a legitimate user in a network utilizing brutal powers. User listing is sometimes a limitation to a web application, which can also be used with any program that requires user authentication. In a web login page and its 'Forgot password feature,' there are two of the most popular places where app reporting takes place.

Some common problems are shortly listed below:

• It Works against many computer protocols (like FTP, MySQL, SMPT, and Telnet)
• This allow the hackers to crack wireless modems.
• Identify weak passwords
• Decrypt passwords in encrypted storage.
• Run all possible combinations of characters.
• Operate dictionary attacks.

Aims and Objectives

The primary aim of this article is to demonstrate and gain control of Damn Vulnerable Web App (DVWA) bypassing the authentication by using Brute-force attack and mitigating the problems caused by it.

The objective of a brute force attack is to obtain access to an otherwise user resource. This may be an office server, a secure login page or generally for displaying valid emails on a specific website. Access to a legitimate account will compromise the entire platform, which weak people will use as part of their compromised websites' network.

Part 2

Will Upload Soon !!!!!