Variables involved in calculating passwords per second for brute force?

When using a brute force password guessing software, what are the variables involved in calculating the amount of passwords per second that software can process?

More specifically in relation to tsgrinder I thought of:

-number of threads
-computer processing power
-medium used?!
cgruberAsked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
tsgrinder is a bruteforce password connection maker, not a password bruteforcer in the more traditional sense. TSGrinder is going to be slowed down by the network and the server it's attacking as opposed to JohnTheRipper or HashCat weak password finders.

TSgrinder expects a list of plain-text wordlist/dictionary, and then tries them against a Terminal Server. john and hashcat work against hashed passwords, and use dictionary/wordlist and rules that change those wordlists to match the same hash.

The only medium used is a TCP connection, the processing power of the tsgrinder is probably not much of a factor. TSGrinder is also less effective now since 2003 first introduced a lockout mechanism for this kind of attack against the administrator account. It used to be the administrator could not be locked out, now they can.
-rich
0
 
McKnifeCommented:
Hi all.
@Rich
>  since 2003 first introduced a lockout mechanism for this kind of attack against the administrator account
It did? Never heard that. I only know passprop from the NT4/win2k resource kit can be used for that purpose.
@cgruber: what's the context you are asking the question in?
0
 
cgruberAuthor Commented:
So can one say that tsgrinder can process X passwords per second, without knowing all the variables involved?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
cgruberAuthor Commented:
Arguing with a fellow worker who says tsgrinder can process 6 password per second at the most, where as I say that this figure is dependable on many factors.
0
 
McKnifeCommented:
Try it out.
You will not find people with experience with that tool, I am afraid. As there is a switch -n that can be altered, at least that suggests that it depends on the computing power of the machines that are involved. I don't know but I can't imagine only 5 pw/s are possible.
0
 
Rich RumbleSecurity SamuraiCommented:
It used to be just having a "connection banner" would be enough to get TSgrinder to lock up as it wasn't expecting that, not sure if it's been improved.
I guess I was wrong about the 2003 feature introduction, I must of been thinking about IPSEC's default exemptions.
You can however deny logon through TS for the administrator account
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/618.mspx?mfr=true

While you cannot lock the administrator out via TS/RDP you can disable the account which effectively will do the same thing.

TSGrinder is very old school, thought I'd never hear that name again :)
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.