Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Generate passwords by bruteforce

From: pentestr <pentestr () gmail com>
Date: Thu, 10 Jan 2008 15:40:05 +0530
Hi,

I got the following brute forcing program. This is excellent

This will give all possible passwords.. Go through the code


/* Brute Force Engine , by koby ( koby () in gr )
*
*                http://www.codecraft.tk

* Finds every possible combination of ASCII
* characters, which are between 33 - 126. The
* characters between 33-126 are all of the
* possible chars allowed on our keyboard
* including special chars.

* If you want to print those strings on screen,
* remove the // on line 81 and notice the
* difference with the time elapsed ...

*    Copyright (c) 2003
*                    koby and www.CodeCraft.tk. All rigths reserved
*    Redistributions of source code must retain the above copyright
*    notice and the following disclaimer.
*
*     THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS
IS'' AND
*    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
*    ARE DISCLAIMED.
*/

#include <stdio.h>
#include <stdlib.h>
#include <time.h>

#define MINCHAR 33
#define MAXCHAR 126
#define WLENGTH 2
char *bruteforce(int passlen, int *ntries);

int main(int argc,char *argv[]) {

       int i, wdlen, counter,length;
       char *str;
       clock_t start, end;
       double elapsed;

wdlen=WLENGTH;

       start = clock();

       bruteforce(wdlen, &counter);

       end = clock();

       elapsed = ((double) (end - start)) / CLOCKS_PER_SEC;
       printf("\nNum of tries... %d \n",counter);
       printf("\nTime elapsed... %f seconds\n",elapsed);

       return counter;

}

char *bruteforce(int passlen, int *ntries) {

       int i;
       char *str;

       *ntries=0;

       passlen++;

       str = (char*)malloc( passlen*sizeof(char) );

       for(i=0; i<passlen; i++) {
               str[i]=MINCHAR;
       }
       str[passlen]='\0';

       while(str[0]<MINCHAR+1) {
               for(i=MINCHAR; i<=MAXCHAR; i++) {
                       str[passlen-1]=i;
                       (*ntries)++;
                       puts(&str[1]);
               }

               if(str[passlen-1]>=MAXCHAR) {
                       str[passlen-1]=MINCHAR;
                       str[passlen-1-1]++;
               }

               for(i=passlen-1-1; i>=0; i--) {
                       if(str[i]>MAXCHAR) {
                               str[i]=MINCHAR;
                               str[i-1]++;
                       }
               }
       }

       return NULL;

}



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: