The Effect of Various Brute Force Attacks on Online Accounts in Damn Vulnerable Web Application
School Name
Spring Valley High School
Grade Level
10th Grade
Presentation Topic
Computer Science
Presentation Type
Non-Mentored
Abstract
Online security is becoming an ever important topic in the modern social climate. People often create many online accounts and use insecure passwords which can easily be divulged by malicious attackers using various hacking methods. One of these methods, such as brute force attacks, requires an attacker to input every possible password into an account in hopes that one is correct (Wanjau et al., 2021). The purpose of this study was to test the effectiveness of different brute force attacks on online accounts in DVWA, such as dictionary attacks, random character attacks, and bulk-guessing attacks. It was hypothesized that if different brute force attacks were used on online accounts in DVWA, then dictionary attacks would have the most accounts gained-access-to due to the attack taking advantage of human error in password creation. This experimentation was started by adding a database of online accounts to DVWA and each brute force attack being run on DVWA with password and username word lists. 30 trials were run with 1 trial lasting 1 hour. The dictionary attack was found to gain access to the most accounts at 21 accounts over the 30 trials. The bulk-guessing attack had 9 accounts and the random character attack had 0 accounts. With a population of 3, and a significance level of 0.05, the data was significant(p<0.001) and the null hypothesis of there being no difference in the effectiveness of the various brute force attacks was rejected.
Recommended Citation
Garraux, Hudson, "The Effect of Various Brute Force Attacks on Online Accounts in Damn Vulnerable Web Application" (2023). South Carolina Junior Academy of Science. 34.
https://scholarexchange.furman.edu/scjas/2023/all/34
Location
ECL 105
Start Date
3-25-2023 11:30 AM
Presentation Format
Oral and Written
Group Project
No
The Effect of Various Brute Force Attacks on Online Accounts in Damn Vulnerable Web Application
ECL 105
Online security is becoming an ever important topic in the modern social climate. People often create many online accounts and use insecure passwords which can easily be divulged by malicious attackers using various hacking methods. One of these methods, such as brute force attacks, requires an attacker to input every possible password into an account in hopes that one is correct (Wanjau et al., 2021). The purpose of this study was to test the effectiveness of different brute force attacks on online accounts in DVWA, such as dictionary attacks, random character attacks, and bulk-guessing attacks. It was hypothesized that if different brute force attacks were used on online accounts in DVWA, then dictionary attacks would have the most accounts gained-access-to due to the attack taking advantage of human error in password creation. This experimentation was started by adding a database of online accounts to DVWA and each brute force attack being run on DVWA with password and username word lists. 30 trials were run with 1 trial lasting 1 hour. The dictionary attack was found to gain access to the most accounts at 21 accounts over the 30 trials. The bulk-guessing attack had 9 accounts and the random character attack had 0 accounts. With a population of 3, and a significance level of 0.05, the data was significant(p<0.001) and the null hypothesis of there being no difference in the effectiveness of the various brute force attacks was rejected.