Brute-force in c++
As far as the logic about brute force goes it is just all possible combinations within a char-set and range. For example, brute forcing all combination of lower (a - z) and upper (A - Z) case alpha and also numeric (0-9) with a minimum and maximum length of 5 would be around 916 million combinations (aaaaa, aaaab, …, aaaaA, aaaaB, etc..) If you are using Linux then the program "crunch" is great for generating all combinations in a given char-set and range.
$ crunch 5 5 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Crunch will now generate the following amount of data: 5496796992 bytes 5242 MB 5 GB 0 TB 0 PB Crunch will now generate the following number of lines: 916132832 ^CCrunch ending at
Here is a bit of code I have handy on my computer that brute-forces all 4 digit possibilities (0-9).
pass_code[0] = a + '0';
for(b = 0; b < 10; b++) {
pass_code[1] = b + '0';
for(c = 0; c < 10; c++) {
pass_code[2] = c + '0';
for(d = 0; d < 10; d++) {
pass_code[3] = d + '0';
strcpy(send_data, "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ ");
strncat(send_data, pass_code, 4);
strcat(send_data, "\0");
printf("%s\n", send_data);
/*len = strlen(send_data);
printf("\n%d\n", len);
sent_data = send(sockfd, send_data, len, 0);
printf("%s", "i sent it...");
recvd_data = recv(sockfd, server_reply, 500, 0);
recvd_data = recv(sockfd, server_reply, 500, 0);
printf("%s\n", server_reply);
*/
}
}
}
}```
http://pastebin.com/djk4Rb5K
This was for a war-game type thing at http://overthewire.org/wargames/
Hii skeet !
strcat is inefficient. http://pastebin.com/srD3t6e4
spartax wrote: Hii skeet !
strcat is inefficient. http://pastebin.com/srD3t6e4
cheers mate more efficient and better looking :D
Sorry to hijack this thread but I thought this was interesting…
//spartax baldjewishnazi@ubuntu:~/code/hbh$ time ./t
real 0m0.002s user 0m0.000s sys 0m0.000s baldjewishnazi@ubuntu:~/code/hbh$ time ./t
real 0m0.002s user 0m0.000s sys 0m0.000s baldjewishnazi@ubuntu:~/code/hbh$ time ./t
real 0m0.002s user 0m0.000s sys 0m0.000s //skeet baldjewishnazi@ubuntu:~/code/hbh$ time ./t2
real 0m0.001s user 0m0.000s sys 0m0.000s baldjewishnazi@ubuntu:~/code/hbh$ time ./t2
real 0m0.001s user 0m0.000s sys 0m0.004s baldjewishnazi@ubuntu:~/code/hbh$ time ./t2
real 0m0.001s user 0m0.000s sys 0m0.000s
It appears for some reason my code runs/executes fast… this is with your put() commented out and my printf() commented out (yours is t mine is t2).
Compiled with gcc -Wall -o t test.c
When I let the program output to stdout (yours with put() and mine with printf()) mine is still fast then too. I have no idea why and it isn't by much…
with output.. $time ./t … … … real 0m0.070s // <– other run times: 0m0.068, 0m0.057 user 0m0.000s sys 0m0.020s
$time ./t2 … … … real 0m0.054s // <– other run times: 0m0.053, 0m0.057 user 0m0.000s sys 0m0.020s
no clue why this is if you have any idea let me know
edit:size of the executable's
baldjewishnazi@ubuntu:/code/hbh$ size t
text data bss dec hex filename
1491 568 8 2067 813 t
baldjewishnazi@ubuntu:/code/hbh$ size t2
text data bss dec hex filename
1625 568 8 2201 899 t2
your is 8712 bytes and mine is 8720
Fuck c++, fuck java, fuck crunch.
PYTHON. (Ignore the php tags)
[php] import itertools import argparse
parser = argparse.ArgumentParser() parser.add_argument('–min',help="minimum characters used / Default is 2", type=int, default=1,dest='min') parser.add_argument('–max',help="maximum characters used / Default is 20", type=int, default=20,dest='max') args = parser.parse_args()
characters = [chr(i) for i in range(ord('a'), ord('z')+1)] + [chr(i) for i in range(ord('A'), ord('Z')+1)] + [str(i) for i in range(0, 10)] + ['@', '!', '$', '%', '^', '&', '*', '(', ')', '-', '_', '+', '=']
for j in range (args.min,args.max+1): for i in itertools.product(characters, repeat= j): print ''.join(i) [/php]
spartax wrote: Its okay python has so many libraries. But Nothing beats C/C++
From my experience scripting languages come handy in our industry, especially Python which has tones of modules+it's syntax is easy to read.
My actual script is 5 lines (you don't really need the parser). What I can do know is add 4 more lines and BOOM I can brute force a login/directory or whatever I want. Try that in C and you'll realise it's not efficient, since it takes me 3-5 min and it will take you 30+
Bear in mind that when you're on a big project (pentest or whatever) you might have a colleague or two with you. Obviously you need to be at the same page and probably confirm each other's findings. You can't spend hours just for a tool. You need to be agile and make changes to your scripts on the fly. P Y T H O N thumbs up
I've made a code and it worked on lower and uppercase letter..but i don't know how to handle the numbers..can someone help me with a hint or something?? newbie here..
string password;
cout << "Enter a string password = ";
cin >> password;
string alphabetslow = "abcdefghijklmnopqrstuvwxyz" ;
string alphabetsup = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
string numerics = "123456789" ;
string bruted;
int counts = 0;
int i;
do {
cout << "Brute-forcing... \n";
for ( i = 0; i < 26; i++) {
if (password[counts] == alphabetsup[i]) {
bruted += alphabetsup[i];
counts++;
} else if (password[counts] == alphabetslow[i]) {
bruted += alphabetslow[i];
counts++;
}
}
} while (password != bruted);
cout << "Brute-Forced password is = ";
cout << bruted << endl;
You could also add special symbols to the charset eg: "!@#$%^&*()_+=-~`" etc..