> For the complete documentation index, see [llms.txt](https://red.infiltr8.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://red.infiltr8.io/redteam/credentials/passwd/brute-force.md). # Brute-Force A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. We may use brute-force techniques to gain access to accounts when passwords are unknown (online) or when password hashes are obtained (offline). Although this section is entitled "Brute-Force", there are various types of password attack, which we will be concentrating on: * **Brute-force attacks**: every possibility for a given character set and a given length (i.e. `aaa`, `aab`, `aac`, ...) is sent to the target service or hashed and compared against the target hash. * **Dictionary attacks**: every word of a given list (a.k.a. dictionary) is sent to the target service or hashed and compared against the target hash. * **Rainbow table attacks**: use pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash. Note that this attack cannot work if the hashed value is salted. {% content-ref url="/pages/4DaUknqC4mGDGXe0lWBp" %} [Online - Attacking Services](/redteam/credentials/passwd/brute-force/online-attacking-services.md) {% endcontent-ref %} {% content-ref url="/pages/2uejUgedS6LaZPX2mxnL" %} [Offline - Password Cracking](/redteam/credentials/passwd/brute-force/offline-password-cracking.md) {% endcontent-ref %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://red.infiltr8.io/redteam/credentials/passwd/brute-force.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.