Penetration Testing mailing list archives
Fwd: Generate passwords by bruteforce
From: "Tomas Zellerin" <zellerin () gmail com>
Date: Fri, 11 Jan 2008 08:22:53 +0100
[OT reaction] This is how vulnerabilities get into code. Anything suspicient in str = (char*)malloc( passlen*sizeof(char) ); str[passlen]='\0'; ? Yes, it probably works in most cases. Actually, from my experience it is perfectly reasonable to use higher level language than C for password generation, because password *generating* will not be the part that takes high percentage of time - storing it to disc or hashing it with any decent hash function will take much longer, not even talking about sending it to some other machine to try to log on. Tomas On 1/10/08, pentestr <pentestr () gmail com> wrote:
Hi, I got the following brute forcing program. This is excellent This will give all possible passwords.. Go through the code /* Brute Force Engine , by koby ( koby () in gr ) * * http://www.codecraft.tk * Finds every possible combination of ASCII * characters, which are between 33 - 126. The * characters between 33-126 are all of the * possible chars allowed on our keyboard * including special chars. * If you want to print those strings on screen, * remove the // on line 81 and notice the * difference with the time elapsed ... * Copyright (c) 2003 * koby and www.CodeCraft.tk. All rigths reserved * Redistributions of source code must retain the above copyright * notice and the following disclaimer. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. */ #include <stdio.h> #include <stdlib.h> #include <time.h> #define MINCHAR 33 #define MAXCHAR 126 #define WLENGTH 2 char *bruteforce(int passlen, int *ntries); int main(int argc,char *argv[]) { int i, wdlen, counter,length; char *str; clock_t start, end; double elapsed; wdlen=WLENGTH; start = clock(); bruteforce(wdlen, &counter); end = clock(); elapsed = ((double) (end - start)) / CLOCKS_PER_SEC; printf("\nNum of tries... %d \n",counter); printf("\nTime elapsed... %f seconds\n",elapsed); return counter; } char *bruteforce(int passlen, int *ntries) { int i; char *str; *ntries=0; passlen++; str = (char*)malloc( passlen*sizeof(char) ); for(i=0; i<passlen; i++) { str[i]=MINCHAR; } str[passlen]='\0'; while(str[0]<MINCHAR+1) { for(i=MINCHAR; i<=MAXCHAR; i++) { str[passlen-1]=i; (*ntries)++; puts(&str[1]); } if(str[passlen-1]>=MAXCHAR) { str[passlen-1]=MINCHAR; str[passlen-1-1]++; } for(i=passlen-1-1; i>=0; i--) { if(str[i]>MAXCHAR) { str[i]=MINCHAR; str[i-1]++; } } } return NULL; } ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Generate passwords by bruteforce, (continued)
- RE: Generate passwords by bruteforce Jones, David H (Jan 07)
- Re: Generate passwords by bruteforce Rodrigo Montoro (Sp0oKeR) (Jan 09)
- Re: Generate passwords by bruteforce Angel Garcia Moreno (Jan 08)
- Re: Generate passwords by bruteforce Joshua Gimer (Jan 09)
- Re: Generate passwords by bruteforce ыфзкфт (Jan 08)
- RE: Generate passwords by bruteforce John Babio (Jan 09)
- Re: Generate passwords by bruteforce Gleb Paharenko (Jan 08)
- Re: Generate passwords by bruteforce espen (Jan 07)
- Re: Generate passwords by bruteforce xx yy (Jan 08)
- RE: Generate passwords by bruteforce pentestr (Jan 10)
- Message not available
- Fwd: Generate passwords by bruteforce Tomas Zellerin (Jan 14)
- Message not available
- RE: Generate passwords by bruteforce Jones, David H (Jan 07)