Free program for hacking vkontakte. A detailed overview of the VKontakte brute force application What is VK brute force

Brute force (derived from the English phrase: brute force) is a type of hacker attack - a way to hack accounts in computer systems, payment / banking services and websites through automated selection of combinations of passwords and logins.

Brute force is based on the mathematical method of the same name (brute force), in which the correct solution - a finite number or a symbolic combination - is found by sorting through various options. In fact, each value from a given set of potential answers (solutions) is checked for correctness.

The principle of operation of brute force

The hacker writes a special program for guessing passwords or uses a ready-made solution of his colleagues. It can be focused on a specific mail service, website, social network (i.e., designed to hack a specific resource). The next step is preparation for hacking. It consists of the following steps:

1. Compiling a proxy list

In order to hide the true IP address of the computer from which the attack will be carried out, and to prevent blocking from the site where it is necessary to hack the account, the Internet connection is configured through a proxy server.

The search for proxy addresses/ports is carried out in the proxy grabber (Proxy Grabber). This utility independently extracts all data for connecting to intermediary servers from sites that provide proxies (they are specified in the list). In other words, the proxy is collected.

The resulting base is saved in a separate text file. And then all server addresses available in it are checked for operability in a proxy checker. Quite often, programs designed for automated proxy mining combine the functions of both a grabber and a checker.

As a result, we get a finished proxy list in the form of an IP/port list, saved in a txt file. (You will need it when setting up the brute force program).

1. Search bases for brute

It is necessary to connect a dictionary to brute force - a certain set of combinations of passwords and logins - which it will substitute in the login form. It also, like the proxy list, has the form of a list in a plain text file (.txt). Dictionaries, they are also databases, are distributed through hacker forums, sites and file hosting. More experienced "craftsmen" create them on their own and provide them to everyone for a fee. The larger the base (the number of combinations, logins, accounts), the better (for a hacker) - the greater the likelihood of hacking success.

1. Brute force setup

The proxy list is loaded; the selection program will automatically change the proxy so that the web server does not detect the attack and, accordingly, the source (host) of the attack.

A dictionary of password/login combinations is connected. The number of threads is set - how many combinations brute force will check at the same time. A powerful computer with high Internet speed can confidently handle 120-200 streams (this is the optimal value). The speed of the brute directly depends on this setting. For example, if you set only 10 threads, the selection will be very slow.

1. Launching a brute force

The program captures successful hacking attempts: it saves hacked accounts (password/login) to a file. The duration of the selection procedure ranges from several hours to several days. At the same time, it does not always turn out to be effective due to the high cryptographic stability of the login data or the implementation of other protective measures on the part of the attacked.

Types of brute force

Personal hack

Hunting for a specific account - in a social network, on a mail service, etc. Through or in the process of virtual communication, the attacker elicits a login from the victim to access a site. Then he cracks the password using the brute-force method: he specifies the address of the web resource and the extracted login in brute force, connects the dictionary.

The chances of such a hack are low, for example, compared to the same XSS attack. It can be successful if the account owner used a password of 6-7 characters with a simple character combination. Otherwise, it will take years - tens and hundreds of years, based on the calculations of the mathematical search formula, to "unravel" more stable options of 12.15, 20 letters, numbers and special characters.

Brutus/Check

A database with logins / passwords from mailboxes of one mail service (for example, mail.ru) or different ones is connected to brute force. And a proxy list is used to mask the host (because email web services quickly detect an attack by multiple requests from the same IP address).

The brute options include a list of keywords (usually site names) - the reference points by which he will look for login data on hacked mailboxes (for example: steampowered, worldoftanks, 4game, VK). Or a specific Internet resource.

The user, registering in an online game, social network or forum, as expected, indicates his email (mailbox). The web service sends a message to the specified address with login data and a link to confirm registration. It is these letters that brute force is looking for to extract logins and passwords from them.

Press "START" and the cracker starts brute force. It operates according to the following algorithm:

1. Loads the login/password to the email from the database.
2. Checks access, or “checks” (automatically authorizes): if you manage to log into your account, plus one in the good column (it means another working email has been found) and starts viewing it (see the following paragraphs); if there is no access, it puts it in bad (bads).
3. In all "guds" (open emails), brute force scans letters according to the request set by the hacker - that is, it looks for logins / passwords to the specified sites and payment systems.
4. When the required data is found, it copies them and enters them into a separate file.

Thus, there is a mass "hijacking" of accounts - from tens to hundreds. The attacker disposes of the obtained "trophies" at his own discretion - sale, exchange, data collection, theft of money.

Remote computer hacking

Brute force in conjunction with other hacking tools is used to obtain remote access to the victim's password-protected PC via an Internet channel.

This type of attack consists of the following steps:

1. A search is performed for IP networks in which an attack on user computers will be carried out. Address ranges are taken from special databases or through special programs, such as IP Geo. In it, you can select IP networks for a specific county, region, and even city.
2. The selected IP ranges and selection dictionaries are set in the settings of the Lamescan brute force (or its equivalent), intended for remote login/password brute force. Once launched, Lamescan does the following:

• performs a connection to each IP from the specified range;
• after establishing a connection, it tries to connect to the host (PC) through port 4899 (but there may be other options);
• if the port is open: attempts to access the system, brute force when prompted for a password; if successful, it saves the IP address of the host (computer) and login information in its database.

1. The hacker launches the Radmin utility, designed to manage remote PCs. Sets the network coordinates of the victim (IP, login and password) and gets full control over the system - the desktop (displayed visually on the cracker's computer display), file directories, settings.

Programs for brute

HASHCAT

For 2020, one of the most powerful programs for brute. Uses more than 200 enumeration algorithms. Widely used to crack WPA/WPA2 passwords, as well as passwords for MS Office, PDF, 7-Zip, RAR, TrueCrypt documents.

Classic brute force, one of the very first. Nevertheless, it does not lose its relevance and competes with new solutions. It has a smart brute-force algorithm and supports all major Internet protocols - TCP / IP, POP3, HTTP, etc. Can fake cookies. Brute with a dictionary and generate passwords on its own.

Powerful brute-checker. Equipped with an extended arsenal of functions for working with databases (checking, sorting by domains). Supports various types of proxies, checks their performance. Scans mailboxes based on settings such as date, keyword, address, unread messages. Can download letters from Mail.ru and Yandex.

Brut VK is software that automatically selects passwords for any VKontakte accounts. The full name of such applications is Brute force (brute force). They are designed to hack the profiles of a user on a social network site. There are quite a few such programs, but most of them are absolutely ineffective. However, with the right utility, you will get any hidden information. The functionality here is quite simple and hacking is easy.

What is brute "VK"

Brutus is a special software that selects passwords for logins by typing various combinations of letters and numbers, e-mail etc. If you have set a complex password, the program will take a long time to guess it and eventually may not be able to cope with the task. The result of a brute is largely influenced by how powerful the technique used for hacking and what is the stability of the Internet connection. The hacking process can last a few minutes or a whole day. If you set a password of high complexity, for example: RKGJH4hKn2, then special software may not crack it at all.

What is a base

For the Bruteforce program to work, it must have data; if she doesn't have a choice of codes, she won't do anything. The base is a set of different code combinations and logins. If the list is huge, then sooner or later you will hack your account using the application. Combinations come in the smallest length of three letters and numbers. The longest is 16 characters. It depends on the version software. The selection of the code begins with the letter "A", ends with the last letter in the alphabet. Letters can be Russian or English. This is the main useful information about the database.

Who needs it

All users have their own reasons for hacking other people's VK profiles. Someone does it for fun, others want to read the correspondence. Also, some wish to send invalid messages. Keep in mind - Brut is illegal. You will always have to answer for theft. It's better not to do this. Any hacked account is easily recoverable. Especially if during its registration it was indicated real information. It is more difficult with profiles created quickly, with false data, but they are usually not needed by hackers.

Stealing information from the page social network"VK" only if it is of interest to someone. Typically, hackers sell stolen accounts to customers in large numbers. Those can then resell them again to the owners, if there is important information. Hackers always try to protect themselves and use a proxy server. With it, no one will notice them, because the IP address will be unknown.

If you want to protect yourself from intruders, make your password long and complex. Don't use your own account"VK" on a network where other people have access to a computer. Also, do not save the password in the browser, it can be easily intercepted. If you received an SMS on your phone about logging into your VK profile, but you didn’t do it, change your password immediately. Try to do it as quickly as possible. So you protect yourself from losing important personal data.

Brute force - brute force, brute force hacking
In the article "" it was said that it was impossible to hack VK with a brute force (program).
This is not entirely true, there are still loopholes ...
Below is a working script, but first…

At the bottom of the article - a free program for generating a brute dictionary and a listing of "top loch passwords"

I make a reservation in advance that we are talking about the classic "brute force" without any PBKDF2 algorithms, without parsing the sha hash, because At the household level, this is an overwhelming task.

There are many programs “for hacking VK by brute force” on the network

Which one to choose? What will help (without harm to me)?
- None

Each VK account requires a personal approach and template programs from the network are all crap, divorce, bullshit.

Now you will understand why. Mathematical part briefly.

The minimum length of a VK password is 6 characters.

The password must contain:
numbers(0-9 - 10 options),
letters(a-z - 26 in Latin),
capital letters(A-Z is also 26)

Total for each symbol - 10+26+26=62 (!) options, so the number of combinations for:
6 character password - 56,800,235,584 (56.8 billion)
7 character password - 3,521,614,606,208 (3.5 trillion)
8 character password - 218 340 105 584 896 (218 trillion)
9 character password -13 537 086 546 263 600

We do not know the length of the password, so we will have to brute a range of at least 6-8 characters
Total: 6+7+8 characters = 221,918,520,426,688 (222 trillion) options

Let's say you have a fairly good computer, but the question arises - how many requests to the VK server can it make?
How fast is your home computer?

Let's calculate. To do this, open a command prompt (Start - Accessories - Command Prompt or run the cmd.exe process)
We drive in the command, we get the server response

"Response from .....time 134ms" (this is mine, your time may differ)

Ping time is the time it takes for a signal to travel from our machine to the server and back

There are 1000 milliseconds (ms) in one second, so
The rate of brute from your machine (requests / sec) will be = 1000 / response time
In my case 1000/134ms = 7.4 requests (password) per second

How long will it take to sort out passwords for VK?

Let me remind you that we are iterating over 221,918,520,426,688 (222 trillion) password options.

Therefore, in order to find out how much we will crack the VK password by brute force, we divide the number by the speed, i.e.

221918520426688 passwords / 7.4 passwords per second = 29737081737176sec = 495618028953 min = 8260300483 hours = 344179187 days = 942957 years

Conclusion:a real program for hacking VK could pick up a password by brute force for 94 thousand years.

Question: But what about the videos on YouTube, in which miracle programs brute the VK page in a few minutes / hours?
I answer: This is a scam created to infect your computer to steal your own data. No more no less.

You can significantly speed up the search process!
For this you need:
1. Increase computing power. For example, infect 1,000,000 other people's computers and simultaneously brute VK from all of them (already funny)
2. Shorten the brute dictionary to, for example, a couple of thousand (according to the principle of social engineering)

How to make a brute dictionary?
1. Pens in the notepad program (notepad.exe)
2. Prog “brute generator” (link at the bottom of the article)

This brute - the dictionary is filled with real options.

Real ones are those that are at least somehow connected with the hacked person:

-phones(him, his relatives, friends)
Example- numbers with + 7s, 8s, without 8s - rarely come across

- dates of birth(him, his relatives, relatives)
Example- (of the same date) 010118, 01012018, 20180101, 180101 - comes across often

- Names of loved ones
Example- SashaMaria, MariaIvanova, SaNoMaIv - average

Site name (or last name) on a different layout
Example, if you type the word "vkontakte" on the Russian layout, you get - "mlshtefleu" - such a scheme is very often found on all sites.

- Loch's list of passwords for brute(list of the most common passwords on the network - link at the end of the article)

How long does it take to write a dictionary? Well, not really - half an hour is enough for the eyes. Who said it would be easy?

Let's say we have a dictionary created by brute and a working program for selecting a VK password (or manual entry in a dictionary).

There is one important problem - the server protection system.

Actually, its interference lies in the fact that with too frequent requests, the server stupidly blocks (temporarily) your IP. In addition, if you work with VK through the standard input form (HTML \ FORM), then after 3 unsuccessful attempts, VK will ask you to enter a captcha.

V old version VK could just switch to the mobile version - m.vk.com, now mobile version as such, no - in 2016 they made a single adaptive design.

How to bypass VKontakte captcha?

VK requires entering captcha after 3 unsuccessful attempts (rebooting F5 does not help), but how does he know that it's you making multiple login attempts?

By IP
- Cookies, cache and JavaScript

There are no problems with cookies, cache and JavaScript - you can simply disable them in your browser settings.

IP can be changed by installing a program to change IP - there is nothing tricky in this, there are a lot of them on the network (Google to help)

You can use the TOR browser (who doesn’t know - this is a browser for anonymous surfing the net, it also changes IP addresses with each new session, a useful thing especially for those who surf or work in the SAR)

But almost completely negates all attempts to enumerate GEOlocation.

The VK server remembers where (geographically) the last login was made.

And if your IP is from another locality, then (possibly) an inscription will pop up:

"You are trying to log in as Ivan Ivanov from an unusual location."

To confirm that you are indeed the owner of the page, please provide all the missing digits of the phone number to which the page is linked.

Script for brute web forms (like VK hacking program)

Important! On the VK server there is a script that tracks the frequency of sending packets, i.e. if you hammer at a speed of N times / sec, you will automatically be sent to the ban list by IP.
VK also uses GEOtracking.

Without a dynamic IP, you should not brute and try, a VPN can help.
Personally, I consider brute force VK passwords to be unpromising, but for connoisseurs I will post an old Pearl script borrowed from 5p4x2knet a.k.a. Apocalyptic "s and a little fixed.

The script works by the POST method with only two parameters - login and password.

If the login is known (for example, a phone number), then simply fill in the corresponding fields with a value without using a dictionary.

Hidden fields - captcha, the script will not send pictures, hide the source of requests (yourself) as described above.

This is where the sane brute dictionary that we compiled at the beginning of the article comes in handy. (Let's call it, for example, brut.txt )

We also need a file from which our program will receive information.

The program will brute force all scripts specified in this file.( infa.txt). If there is only one script, then you can replace

Naturally, the file for recording the results ( result.txt)

So,
{
#connect object
$usagent = LWP::UserAgent
#open the file with information (if we can't open it, exit);
# throw the file into the @infa array and close it. (if there is only one script, then it can be specified immediately)
open(INFA, ";
close(INFA);
#open brute dictionary
open(BRUT, ";
close(BRUT);
#opening the file with the results (appends to the end).
open(RESULT, ">>$ARGV");
#start loop
foreach $name (@infa)
{
#separate URL, login, variables and error information
($url, $login, $log_vr, $pwd_vr, $failed) = split(//, $name);
#show URL
print "$url...n";
# start another loop
foreach $brut (@brut)
{
#kill spaces and newlines
$pss =~ s/ //;
$pss =~ s/n//;
#connect a new object
$usagent = LWP::UserAgent->new();
#create queries.
$req = HTTP::Request->new(POST=>$url);
$req->content_type("application/x-www-form-urlencoded");
$req->content("$log_vr=$login&$pwd_vr=$pss");
#and sending it
$result = $usagent -> request($req);
#write results to a variable
$res = $result->content;
#if it fails, an error message is generated
if($res!~ /$failed/i)
{
#output message with password; record in results;
print "brutword found. It isn$pssnn";
print RESULT "URL: $urlnLOGIN: $loginnBRUT: $pssnn";
#otherwise continue selection
last;
}
}
}
#closing result.txt file
close(RESULT);

Yes, there is. Generally speaking, there are many such programs.

And we are against such programs.

But since there is some demand for such programs, let's take a look at which of them are “relatively” legal, and which ones are better not to use at all.
Initially, there are, from the very creation of VKontakte, for example, programs such as brute force applications.
Such programs are engaged in enumeration of all passwords that exist. For this, both conventional algorithms with step-by-step enumeration, and the so-called. Rainbow tables with values ​​scattered randomly across the best distribution- as conceived by the authors of the latest programs, random distribution can reduce the password search time, because the search will not go from the very beginning, but randomly, and on average the path to the desired letter will be shorter.
We do not recommend using brute force programs at all. There are a variety of programs for hacking VKontakte, and therefore it is better not to use rude "breaking" into the page, in addition, the user himself may suspect something and delete the page by starting another one, or change its address. And besides, the VK administration will block you by IP and may initiate legal proceedings for an attack on the login servers and violation of their stability, as well as an attempt to penetrate someone else's correspondence.

So, programs for hacking VKontakte using brute force are illegal. What else are there?

In general, you will always have time to download the program for hacking VKontakte for free. There are actually many of them. Let's look at what are the legal ways to penetrate someone else's page.
First of all, these are applications. Applications have a huge amount of information about the user. Typically, users do not read prompts that are issued before the application is launched. And there, just the application is given full access to personal data, a list of friends, a wall, and so on. Private messages, of course, remain unknown to the application, but knowing the colossal amount of personal information that was previously hidden behind privacy settings, you can pull off social engineering scams and engage in “luring” information about the user from his closest friends.
However, this is not entirely legal either - problems may arise due to the fact that if the user guess that it was the application that “leaked” the data, then, of course, he will file a complaint against him, and the application will be blocked. In general, the method is good, but quickly falls under suspicion. Yes and making an application is still a hassle.
Go ahead.

Where can I normally download a program for hacking VKontakte pages, which will be legal?

First of all, let's define - we are satisfied only with social engineering. In principle, when used properly, social engineering will help us get all the data we need from the user without hacking his page. Although you can also get full access to the page.
So, what are the social programs for hacking VKontakte that you can download for free?
First of all, it is worth noting the Brobot bot.
Using it for hacking is, of course, a rather strange method of managing this program, but in principle, functionality there is necessary and sufficient for hacking.
We can "set" the bot on the user himself, on his friends, using the possibility of adding friends and personal correspondence. Let's connect the bot III for conversations, setting it to the most friendly tone. And after that, you can already reap the benefits, learning a lot of interesting things about the user in the history of correspondence that Brobot saved.
After that, you can send to the user, for example, keylogger, and catch what he writes to other users- in fact, you won’t have to download special programs for hacking VKontakte after that. It will be enough just to follow the user. However, you can also do without a keylogger!

How can VKontakte hacking programs like Brobot help us?

First of all, let's define what Brobot does not hack pages. All our activities are absolutely legal, no one will be able to sue us, no one will be able to block us - everything is absolutely fair (to the extent that we need it).
We just, in fact, start several pages (It’s better to buy unlimited right away, this is guaranteed to increase the amount of information obtained), and we already communicate with the user from them, which allows us to know his attitude to a variety of personalities, as well as to get a portrait of himself, his friends, his relatives, and so on - and this, in essence, is what we need. And in the future, you can crank out even more interesting and complex actions, and here it all depends on your desires and imagination.
The Brobot program will become your good assistant, and the Brobot support team, available almost around the clock, will answer all your technical questions.