Brutus Help [Good Intentions, not malicious!!]

[tenseikenz]

ok I see theres nothing here for me, delete this thread whoever the moderators are.
so I tread...

[|The|Specialist]

Hit edit, look around the top of the page, click the checkbox, then delete it yourself. And im sorry you were expecting all of us to spoon feed you.

[cheyenne1212]

Don't get the wrong idea about us here. If you ever need help with networking, networking security etc then this definitely is the place to come. We just don't do anything related to cracking, hacking.

[MemorY]

actually we are so called white-hat hackers ....we like to explore systems and find/fix bug and error in them and we like to create a secure better OS then the one we buy .....

BTW: tenseikenz : im interested ...what was the URL of the other security site you visited ...>?

[|The|Specialist]

Originally posted here by tenseikenz
well dont be narrow minded that just because brutus IS used by CRACKERS and malicious HACKERS that it cant be used to test your own vulnerabilities and hey, help you remember passwords instead of waiting like 2 weeks for that email to come with the password, but oh wait, you also forgot your email password!

Dude you just don't listen very well do you. You might own a site or email address but you don't own the things hosting this stuff. Each time your browseing a site or doing whatever on the web your sending out requests to some other guy's server. So unless you own these servers or domains or whatever how the hell is this testing "your own security". And if you have the time to waste on playing with some tool... then why can't you seem to find another two weeks to waste? P.S. like I said you can always do a whois seach and find alot of peaple to contact through both email, phone, fax, & (ect).

Originally posted here by tenseikenz
just like what society thinks today of ethical-hackers, and that which they cannot understand.

You downloaded a tool which you cannot understand... and now you feel the need to preach to all of us about ethics? And if you really wanted to fully learn from other peaples tools why not go for something more open source? I mean atleast then you know how it works, what it does, and why... that would sure as hell be alot better than mindlessly downloading something then mashing random buttons like some kinda monkey or something.

[Amnoangel02]

I am new here and have seen many website with Brutus. I usually never sign up for forums, but I have seen to many people flaming others for asking questions regarding to cracking web mail passwords. Everyone says the same thing...ask the sys admin. or your local ISP. Uhhh? Has anyone ever tried to contact someone at yahoo? If so then you know that it is next to impossible to contact anyone from Yahoo.

I know because I have lost my password and can't even retrieve it because when the system asks me for my personal info regarding what is in my profile? I can't seem to match any of it up. Now I signed up with that exact email on 1/01 I believe. I never changed my password, I am guessing someone got in and changed my info. So before you judge everyone for comin in here and asking for ways to crack our own passwords try to be a little understanding. God forbid it happen to anyone besides yourselves.

I am not a cracker or hacker, I would like the knowledge that you all have. I am willing to learn but since a lot of you seem to have the god complex I doubt I will be asking any questions. To the rest that were kind enough to answer the original question. I am glad that there are still people out there who are helpful.

My only question is, how can I resolve this problem, get into my original email account and retrieve all my info and change my password and profile? Thank you.

[sickyourIT]

if it is legitimate, and you want to speed up your brutus endeavors, make a list of the passwords you commonly use as the possible pass list. Don't email this list to your friends or anything, but if your brutus is just checking for the 20 or so password combos you tend to use instead of the 1000000 or so in it's list, then you're a little better off.

you also have a better chance of people believing you. if you honestly don't know if your password was "D0ntU53C4n0n2K1llSkitos" or "apple" then you may want to pay a little more attention to what you are doing.

just my two cents...
-sick

[slarty]

#1 is using brutus illegal

Only if you use it on other people's systems without their authorisation. But you wouldn't be wanting to do that, right?

#2 I want to reveal a password I forgot on my website/email

That isn't a question, that's a statement

#3 when i use brutus it only gives me the wrong password or a password from the top of my possible pass list

That doesn't make sense either.

Seeing as it's your own system or you have permission from the admin, why don't you just go in and reset it?

If you're trying a security test on your own webmail system, be sure to tell the sysadmin that's what your doing otherwise you may create excessive load and/or trigger IDS rules on the system.

I'd recommend using it only out of hours on a non-production (for instance, internal development) system.

Using a password brute-forcer on a production or external system is likely to:

1. Trigger off IDS rules
2. Trigger automatic detection lockout (most large systems have this)
3. Create a lot of load on the client, server and the network
4. Really, really piss people off.
5. Oh yes, and you might get arrested and put in prison.

[Maestr0]

Brutus is no more illegal than a crowbar, which is to say: not at all. However, using Brutus OR a crowbar to break into something that doesnt belong to you IS. And Brutus works fine, I also reccomend CrackWhore 2. I will say this, if you try to brute force a web mail account you will probably crack the password around the same time you get out of prison, roughly 5 years or so.(This assuming a PW of 8 char) Have Fun!

-Maestr0