Brute Forcer In Python???

[sanddbox]

I'm sure you would know better than me as you are an active member in this community. Chya, right....

Pssh. Here at HTS we evaluate merit post-by-post.

...Sometimes.

[tgoe]

I'm sure you would know better than me as you are an active member in this community. Chya, right....

What? Post count + IdleRPG level doesn't translate into any kind of meaningful knowledge modifier...

...if this guy doesn't even know how to run a program, chances are he didn't do much "fixing up".

This.

@OP What you have there is 30+ lines of code that you could have written in 4 or 5 lines.

Try this and let me know how long it lakes to output "I win".

Code: Select all

import sys
import itertools
choices = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789_$&#@ "
for length in range(0,20):
   for entry in itertools.product(choices,repeat = length):
      password = ''.join(entry)
      print password
      if password == 'PassWord_5&':
         print 'I win'
         sys.exit(0)

A: Faster than op but still a long fuckin' time.

Here's my own version:

Code: Select all

#!/usr/bin/env python

import itertools


def passes(size, pool):
    for p in itertools.product(pool, repeat=size):
        yield "".join(p)

def range_passes(minSize, maxSize, pool):
    num = (maxSize - minSize) + 1
    pws = []

    for i in range(num):
        pws.append(passes(minSize + i, pool))

    for P in pws:
        for pw in P:
            yield pw


if __name__ == '__main__':
    import string
    from optparse import OptionParser

    dPool = string.ascii_letters + string.digits

    parser = OptionParser()
    parser.add_option("-s", "--start", dest="minSize", type="int", default=2,
                      help="Minimum password size")
    parser.add_option("-e", "--end", dest="maxSize", type="int", default=3,
                      help="Maximum password size")
    parser.add_option("-p", "--pool", dest="pool", default=dPool,
                      help="Characters to generate passwords from")

    (options, args) = parser.parse_args()

    for pw in range_passes(options.minSize, options.maxSize, options.pool):
        print(pw)


More flexible and not much faster...

Here's what needs to be taken away from this though: Dictionary generation should be decoupled from the actual brute force operation.

So, OP, this isn't a brute forcer at all. This is a limited dictionary generator. In order to use a program like this you'll have to learn how to program. From there, you can ask more specific questions.

[thetan]

Something had to have been lost in translation. Reading the OPs post is like lolwat-omgstfuplzdiekthx. Then the thread kind of forked into something else and in the end no one cares.

Nothing good will come from this non sense.

@op, please post more sensible and logical questions.

*lockage*

[Nostalgiia]

...merged...

hi. i posted a thread (right underneath this one) that ended up getting locked. let me start out by saying, please read the original post, and ignore the rest.

Summary: I found some code that didn't run, i made it run. The issue is not weather or not i can make it run, but whether or not i can implement it successfully. It runs in idle (the Python GUI) but i want to input the results into something useful, say a login form? please dont post useless nonsense. im just wondering if there is a module i am unaware of that will implement the code into said form or if i have to find an executable exploit

thanks

[tgoe]

lulz

Aside from the name calling this thread is on topic. If nobody cares then people will stop posting about it and it will die naturally like any other thread.

@Nostalgiia
The problem is that you don't even know enough to know that you're the one posting useless nonsense. Google around for a login module. If you have specific questions, ask here.

[spencer12]

what
is that a brute forcer?!!!
there are two things
1. You don't know what is brute forcing
2. You don't know programming
it just returns some strings!!!

[mShred]

what
is that a brute forcer?!!!
there are two things
1. You don't know what is brute forcing
2. You don't know programming
it just returns some strings!!!

Dude.. come on... me.

[centip3de]

@OP What you have there is 30+ lines of code that you could have written in 4 or 5 lines.

Try this and let me know how long it lakes to output "I win".

Code: Select all

import sys
import itertools
choices = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789_$&#@ "
for length in range(0,20):
   for entry in itertools.product(choices,repeat = length):
      password = ''.join(entry)
      print password
      if password == 'PassWord_5&':
         print 'I win'
         sys.exit(0)

I quit after an hour and 20 minutes (timed from a stop watch) I got to b@Ed as my guess

[Muskelmann098]

I'm not 100% sure, but I think what OP is aiming at is how he would use this program to crack a login form on a website...

... and here's my best guess:
You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.

So what you would need to do is to obtain an encrypted password. This could get you a username and a password hash. Next you need to figure out what encryption method is used, for example MD5.

THEN and only then, can you make the code encrypt each string to MD5 and compare it to the password hash you obtained from the attack on the website. One day in a thousand years, your program will pop up and say "The password is xxx" and you can log into the now long-gone website

If you would be able to do the SQL attack, there is a much higher chance you'd find the password by Google-ing the hash than by using a brute-forcer.

If you definitely want a brute forcer, I'd go for a different language than Python. Not that it really matters, considering that any password with more than 6 characters would take an incredibly long time to crack.

Anyone with better knowledge of this, feel free to correct me.


EDIT: Woah... this post is actually pretty old now.

[msbachman]

... and here's my best guess:
You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.

You don't necessarily need a hash. The easy way would be to automate form submission and test one password variant on x number of users. This is what I believe "RevengeDriven" did.

That's assuming he's even doing something over the web; we're left to guess as he didn't give us much info to use as to what he hoped to do with this.