Fwd: Generate passwords by bruteforce
- From: "Tomas Zellerin" <zellerin@xxxxxxxxx>
- Date: Fri, 11 Jan 2008 08:22:53 +0100
[OT reaction]
This is how vulnerabilities get into code. Anything suspicient in
str = (char*)malloc( passlen*sizeof(char) );
str[passlen]='\0';
? Yes, it probably works in most cases.
Actually, from my experience it is perfectly reasonable to use higher
level language than C for password generation, because password
*generating* will not be the part that takes high percentage of time -
storing it to disc or hashing it with any decent hash function will
take much longer, not even talking about sending it to some other
machine to try to log on.
Tomas
On 1/10/08, pentestr <pentestr@xxxxxxxxx> wrote:
Hi,
I got the following brute forcing program. This is excellent
This will give all possible passwords.. Go through the code
/* Brute Force Engine , by koby ( koby@xxxxx )
*
* http://www.codecraft.tk
* Finds every possible combination of ASCII
* characters, which are between 33 - 126. The
* characters between 33-126 are all of the
* possible chars allowed on our keyboard
* including special chars.
* If you want to print those strings on screen,
* remove the // on line 81 and notice the
* difference with the time elapsed ...
* Copyright (c) 2003
* koby and www.CodeCraft.tk. All rigths reserved
* Redistributions of source code must retain the above copyright
* notice and the following disclaimer.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS
IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
* ARE DISCLAIMED.
*/
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#define MINCHAR 33
#define MAXCHAR 126
#define WLENGTH 2
char *bruteforce(int passlen, int *ntries);
int main(int argc,char *argv[]) {
int i, wdlen, counter,length;
char *str;
clock_t start, end;
double elapsed;
wdlen=WLENGTH;
start = clock();
bruteforce(wdlen, &counter);
end = clock();
elapsed = ((double) (end - start)) / CLOCKS_PER_SEC;
printf("\nNum of tries... %d \n",counter);
printf("\nTime elapsed... %f seconds\n",elapsed);
return counter;
}
char *bruteforce(int passlen, int *ntries) {
int i;
char *str;
*ntries=0;
passlen++;
str = (char*)malloc( passlen*sizeof(char) );
for(i=0; i<passlen; i++) {
str[i]=MINCHAR;
}
str[passlen]='\0';
while(str[0]<MINCHAR+1) {
for(i=MINCHAR; i<=MAXCHAR; i++) {
str[passlen-1]=i;
(*ntries)++;
puts(&str[1]);
}
if(str[passlen-1]>=MAXCHAR) {
str[passlen-1]=MINCHAR;
str[passlen-1-1]++;
}
for(i=passlen-1-1; i>=0; i--) {
if(str[i]>MAXCHAR) {
str[i]=MINCHAR;
str[i-1]++;
}
}
}
return NULL;
}
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- RE: Generate passwords by bruteforce
- From: pentestr
- RE: Generate passwords by bruteforce
- Prev by Date: Re: perl2exe compiled perl
- Next by Date: Re: SQL Injection: Issue with UNION SELECT ALL
- Previous by thread: RE: Generate passwords by bruteforce
- Next by thread: Testing ORACLE application
- Index(es):
Relevant Pages
|
