Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Brute force?

  1. #1
    Guest

    Brute force?

    Can anyone help me? I'm trying to extend my UNIX cracker program to use brute force if dictionnary method doesn't work. But I can't think of a way to generate stuff.

    I will have a list of chars (letters + numbers) and I want to test all (this means infinite) possible combinations.

    e.g:
    a
    b
    c
    d
    e
    :
    :
    z
    aa
    ab
    ac
    ad
    ae
    :
    :
    az
    ba
    bb
    bc
    bd
    be
    :
    :
    :
    You get the idea. Anyone has an idea how I could do it without coding the loops for each number of characters?

  2. #2
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re: Brute force?

    I may be of some help, but to make an honest call - I need one piece of data -- what is the ascii for dead space -- $00 ??

    If so, then you can nest up to the char length a bunch of loops doing an ascii brute force. *for example start with the deadspace for each (assuming it is $00) and go from $00 to $ff in each loop incrementing by one, like a counter.

    That makes it possible to grab all possible charaters the most easily, *As for speed concerns -- asking the wrong guy. *I havent coded anything "optimized" for 4 years now. *The simple prgrams are like this, and may run about as slow as snot compared to somebody who can brag about his talent

    I dont as of yet (lunchtime is soon and I can think about it then more) have a way to not use nested loops. Ill get back to ya on that.

  3. #3
    Guest

    Re: Brute force?

    The problem is not about creating the list fo characters, that's easy

    Code:
    import string
    
    chars = string.lowercase()
    chars += string.uppercase()
    chars += string.digits()
    My problem are the loops.

  4. #4
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re: Brute force?

    I am at work so I dont have the time to do a sample chunk of c/c++ code for you, however I can offer the previous tip and this one I came up with over lunch until I get home tonight.

    How about this approach. We know that if we count from 0-255 we got the ascii char set, right. If we continue counting and keep modulusing it by powers of 256 we can make a base-256 number where each char is the ascii number for the digit. For example ( I am not sure what letter it really is off hand) if A starts at 100 and a is 74, 4875338 could be interpreted as being 74 - 100 - 74 (or aAa). Thiswould be achieved by modulus 256^2 then that 256 then the remaining is the "ones".

    Follow. Possibly easier loops to code.

  5. #5
    Guest

    Re: Brute force?

    Python code.

  6. #6
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re: Brute force?

    okay, python. I can do that. May not be as clean as c/c++ but I never made claims of my python skills

  7. #7

    Re: Brute force?

    perl can do that so easily.

    Code:
    #!/usr/bin/env perl
    
    $str='a';
    
    while (1==1)
    {
     print "$str\n";
     $str++;
    }
    It might get a bit trickier if you want it to be upper and lowercase, but that will count up, exactly as you describe, from 'a' to pretty much infinity.

  8. #8
    Guest

    Re: Brute force?

    perl can do that so easily.

    Code:
    #!/usr/bin/env perl
    
    $str='a';
    
    while (1==1)
    {
     *print "$str\n";
     *$str++;
    }
    It might get a bit trickier if you want it to be upper and lowercase, but that will count up, exactly as you describe, from 'a' to pretty much infinity.
    Yeah, but my program is in Python and I expect to go beyond 100 lines.

    EDIT: And like one of my teacher once said, there are two ways to program: the good way and the Perl way. I'd like to get the good way.

  9. #9

    Re: Brute force?

    What? You know, I'd like to know what the hell is wrong with perl. All I ever hear from you is dislike for real programming languages, and praise for obscure, never-heard-of languages (never seen ruby or O'Caml before you started talking about them).

    I've asked you before, but you always dodge. Are you just jealous because you can't grasp perl/C++/whatever or something?

  10. #10
    Guest

    Re: Brute force?


    What? You know, I'd like to know what the hell is wrong with perl. All I ever hear from you is dislike for real programming languages, and praise for obscure, never-heard-of languages (never seen ruby or O'Caml before you started talking about them).

    I've asked you before, but you always dodge. Are you just jealous because you can't grasp perl/C++/whatever or something?
    Let's start with Perl:

    Code:
    @P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{
    
    @p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++
    $p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord
    ($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
    
    close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print


    This is a valid Perl program. *Yes it is an extreme example, but why in the world does it work? *I also do not like the fact that variable need to be preceded by signs ($'s, @'s, %'s) to denote their type. *This adds to the general obfuscation fo the entire program. *Perl's default variables can also be weird:

    Code:
    sub write_to_screen
    {
     *print "$_[0]\n";
    }
    
    write_to_screen("Hello");
    How does the default variable $_[0] help? *In no way, it just makes the code more obscure to understand. *Consider this Bloobot module:


    Code:
    use strict;
    
    package Insult;
    
    sub Insult {
     * *my ($insultwho) = @_;
     * *return unless &::loadPerlModule("Net::Telnet");
    
    
     * *my $t = new Net::Telnet(Timeout => 3);
    
     * *$t->Net::Telnet::open(Host => "insulthost.colorado.edu", Port => "1695");
     * *my $line = $t->Net::Telnet::getline(Timeout => 4);
     * *$line = "No luck, $::who" unless (defined $line);
     * *if ($insultwho ne $::who) {
     *$line =~ s/^\s*You are/$insultwho is/i;
     * *}
     * *&::pSReply($line);
    }
    1;
    Which insults a given user by fetching an insult on a server. *Here's the same thing in Python:



    Code:
    def insult(**args):
    
     *"""gets an insult"""
    
     *from telnetlib import Telnet
    
     *connection=Telnet("insulthost.colorado.edu", 1695)
     *connection.write("\n")
    
     *text = connection.read_all()
    
     *import string
     *who = args["text"]
     *print who
     *who = who[string.find(who, " ")+1:]
     *print who
     *who = who[string.find(who, " ")+1:]
     *print who
     *text = string.replace(text, "You are", who + " is")
     *from irclib import Event
     *target = args["channel"]
     *if args["type"] == "privmsg":
     * *from irclib import nm_to_n
     * *target=nm_to_n(args["source"])
     *result = Event("privmsg", "", target, [ text ])
     * * * *return result


    This is from Moobot (#moobot on irc.openprojects.net). *I think it's pretty clear that the Python code is much clearer. *Something I haven't personnally seen, but heard a lot is that Perl's OO model is the crappiest thing one can find. *But I haven't seen it, so I won't comment. *Also, Eric Raymond explains why he likes Python better than Perl. *As a recognized advocate of the Open Source movement as well as a very good computer hacker, I think his opinion isn't really all subjective.

Similar Threads

  1. Ssh brute force
    By Outlaw in forum Linux - Software, Applications & Programming
    Replies: 11
    Last Post: 09-11-2004, 07:37 PM
  2. Delta Force!
    By johnqpublic in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 04-01-2003, 03:56 AM
  3. G-force card
    By friskydrifter in forum Linux - Hardware, Networking & Security
    Replies: 9
    Last Post: 07-19-2002, 10:42 AM
  4. snmp brute force
    By elovkoff in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 04-29-2002, 07:04 PM
  5. Where to get Strike-Force?
    By in forum Linux - Software, Applications & Programming
    Replies: 7
    Last Post: 12-04-2001, 07:38 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •