Warning All information provided in this article is published for informational purposes and in no case is a guide to action.
A fairly popular tool among computer crackers is a brute force attack or dictionary attack. This method is suitable for those cases when all other methods to penetrate the remote system are exhausted. Therefore, it is so attractive for kiddis scripts (novice crackers) who are unable to study the system in detail for vulnerabilities. These go to the “frontal attack” and at first they don’t even know how to use brutus aet2, even such an elementary program.
But it happens that there really is no other way available (such as, for example, in popular email services or ssh shells) to get into your account. Then really such an attack is acceptable. To conduct it, you will need a fairly wide Internet channel, specialized software, and preferably a good dictionary. There are not so many good programs - one of them is brutus aet2, the configuration of which is very simple. We will consider it in this article.
The utility interface is extremely concise and pragmatic. Let's see how to use brutus aet2. First, you need to specify the server on which the attacked account is located, and the type of protocol (all the basic necessary protocols are present). You can also set a non-standard port for the service to which the password is selected. Next we set the number of threads (simultaneous attempts) - the more there are, the faster the search will work. Focus on the bandwidth of the Internet channel and the power of the channel leading to the server whose account is being hacked. Then it will be necessary to set a timeout - this parameter determines how many milliseconds to wait for a response from the server after the next attempt. The lower this value, the faster the search will work, but it is not worth setting the minimum (the connection can be completed even before the server answers - and then the attack will be completely meaningless).
We warn you that it is imperative to find a "good" dictionary that implies the Russian or English mentality when setting a password, the path to which should be set in the next step. The file format should be this: one password - one line. You can download it at any forum where computer hooligans or venerable experts in the field of information security gather. Without a database of ready-made passwords, the question of how to use brutus aet2 is simply meaningless, since for our purposes it is a "gun without cartridges." Enumeration without a dictionary can last for years, since the number of possible variations is in the billions (just raise the number of possible characters to the same degree. If you consider only the English alphabet in lowercase and numbers, then this is 34 to 34 degrees!) If you plan to only enumerate passwords by one account, create a users.txt file with one account. You can also set the number of attempts (unlimited by default). If there is an opportunity (access to a high-speed and anonymous proxy server), you can take care of your own security and set a proxy. After all, the statistics on connections are kept in the server logs - and your real IP address will be visible. An alternative solution is to run the program on a remote server, which is in no way connected to you via the RDP protocol.
So, everything is ready. To start, press the "Start" button. At any time, an attack can be completed or paused using Stop. The set parameters can be reset using the "Clear" button. Now you know how to use brutus aet2. We warn you! The process can last a single week, and the result is not at all guaranteed. Therefore, it is recommended to allocate a separate server for this experiment and just wait. Do not forget that the method of primitive enumeration of passwords is effective only when all other methods have been exhausted. Today, many users are skilled at using password managers and setting passwords in dozens or more characters. Therefore, do not lose sight of the methods of social engineering that allow you to find out a password using human psychology. But from the very beginning it is worth wondering if you really need to deal with hacking. It should be remembered that this is also illegal (272 and 273 of the Criminal Code of the Russian Federation). And if for legitimate purposes (you forgot the password from the email account) you will use the brutus aet2 program, instructions on how to master this utility will not take much time. Just read and try. This is the best way for a beginner to understand information security to learn something new.