Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Variables involved in calculating passwords per second for brute force?

When using a brute force password guessing software, what are the variables involved in calculating the amount of passwords per second that software can process?

More specifically in relation to tsgrinder I thought of:

-number of threads
-computer processing power
-medium used?!
0
cgruber
Asked:
cgruber
  • 2
  • 2
  • 2
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
tsgrinder is a bruteforce password connection maker, not a password bruteforcer in the more traditional sense. TSGrinder is going to be slowed down by the network and the server it's attacking as opposed to JohnTheRipper or HashCat weak password finders.

TSgrinder expects a list of plain-text wordlist/dictionary, and then tries them against a Terminal Server. john and hashcat work against hashed passwords, and use dictionary/wordlist and rules that change those wordlists to match the same hash.

The only medium used is a TCP connection, the processing power of the tsgrinder is probably not much of a factor. TSGrinder is also less effective now since 2003 first introduced a lockout mechanism for this kind of attack against the administrator account. It used to be the administrator could not be locked out, now they can.
-rich
0
 
McKnifeCommented:
Hi all.
@Rich
>  since 2003 first introduced a lockout mechanism for this kind of attack against the administrator account
It did? Never heard that. I only know passprop from the NT4/win2k resource kit can be used for that purpose.
@cgruber: what's the context you are asking the question in?
0
 
cgruberAuthor Commented:
So can one say that tsgrinder can process X passwords per second, without knowing all the variables involved?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
cgruberAuthor Commented:
Arguing with a fellow worker who says tsgrinder can process 6 password per second at the most, where as I say that this figure is dependable on many factors.
0
 
McKnifeCommented:
Try it out.
You will not find people with experience with that tool, I am afraid. As there is a switch -n that can be altered, at least that suggests that it depends on the computing power of the machines that are involved. I don't know but I can't imagine only 5 pw/s are possible.
0
 
Rich RumbleSecurity SamuraiCommented:
It used to be just having a "connection banner" would be enough to get TSgrinder to lock up as it wasn't expecting that, not sure if it's been improved.
I guess I was wrong about the 2003 feature introduction, I must of been thinking about IPSEC's default exemptions.
You can however deny logon through TS for the administrator account
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/618.mspx?mfr=true

While you cannot lock the administrator out via TS/RDP you can disable the account which effectively will do the same thing.

TSGrinder is very old school, thought I'd never hear that name again :)
-rich
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now