Brute Forcer In Python???

Bad threads go here

Re: Brute Forcer In Python???

Post by sanddbox on Wed Nov 17, 2010 12:27 am
([msg=49003]see Re: Brute Forcer In Python???[/msg])

fashizzlepop wrote:I'm sure you would know better than me as you are an active member in this community. Chya, right....


Pssh. Here at HTS we evaluate merit post-by-post.

...Sometimes.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by tgoe on Wed Nov 17, 2010 1:56 am
([msg=49008]see Re: Brute Forcer In Python???[/msg])

I'm sure you would know better than me as you are an active member in this community. Chya, right....


What? Post count + IdleRPG level doesn't translate into any kind of meaningful knowledge modifier...

...if this guy doesn't even know how to run a program, chances are he didn't do much "fixing up".

This.

@OP What you have there is 30+ lines of code that you could have written in 4 or 5 lines.

Try this and let me know how long it lakes to output "I win".
Code: Select all
import sys
import itertools
choices = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789_$&#@ "
for length in range(0,20):
   for entry in itertools.product(choices,repeat = length):
      password = ''.join(entry)
      print password
      if password == 'PassWord_5&':
         print 'I win'
         sys.exit(0)



A: Faster than op but still a long fuckin' time.

Here's my own version:
Code: Select all
#!/usr/bin/env python

import itertools


def passes(size, pool):
    for p in itertools.product(pool, repeat=size):
        yield "".join(p)

def range_passes(minSize, maxSize, pool):
    num = (maxSize - minSize) + 1
    pws = []

    for i in range(num):
        pws.append(passes(minSize + i, pool))

    for P in pws:
        for pw in P:
            yield pw


if __name__ == '__main__':
    import string
    from optparse import OptionParser

    dPool = string.ascii_letters + string.digits

    parser = OptionParser()
    parser.add_option("-s", "--start", dest="minSize", type="int", default=2,
                      help="Minimum password size")
    parser.add_option("-e", "--end", dest="maxSize", type="int", default=3,
                      help="Maximum password size")
    parser.add_option("-p", "--pool", dest="pool", default=dPool,
                      help="Characters to generate passwords from")

    (options, args) = parser.parse_args()

    for pw in range_passes(options.minSize, options.maxSize, options.pool):
        print(pw)


More flexible and not much faster...

Here's what needs to be taken away from this though: Dictionary generation should be decoupled from the actual brute force operation.

So, OP, this isn't a brute forcer at all. This is a limited dictionary generator. In order to use a program like this you'll have to learn how to program. From there, you can ask more specific questions.
User avatar
tgoe
Contributor
Contributor
 
Posts: 629
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by thetan on Wed Nov 17, 2010 5:56 pm
([msg=49046]see Re: Brute Forcer In Python???[/msg])

Something had to have been lost in translation. Reading the OPs post is like lolwat-omgstfuplzdiekthx. Then the thread kind of forked into something else and in the end no one cares.

Nothing good will come from this non sense.

@op, please post more sensible and logical questions.

*lockage*
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


second times the charm?

Post by Nostalgiia on Wed Nov 17, 2010 7:01 pm
([msg=49051]see second times the charm?[/msg])

...merged...

hi. i posted a thread (right underneath this one) that ended up getting locked. let me start out by saying, please read the original post, and ignore the rest.

Summary: I found some code that didn't run, i made it run. The issue is not weather or not i can make it run, but whether or not i can implement it successfully. It runs in idle (the Python GUI) but i want to input the results into something useful, say a login form? please dont post useless nonsense. im just wondering if there is a module i am unaware of that will implement the code into said form or if i have to find an executable exploit

thanks
Nostalgiia
Experienced User
Experienced User
 
Posts: 53
Joined: Tue Nov 16, 2010 5:35 pm
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by tgoe on Wed Nov 17, 2010 7:50 pm
([msg=49053]see Re: Brute Forcer In Python???[/msg])

lulz

Aside from the name calling this thread is on topic. If nobody cares then people will stop posting about it and it will die naturally like any other thread.

@Nostalgiia
The problem is that you don't even know enough to know that you're the one posting useless nonsense. Google around for a login module. If you have specific questions, ask here.
User avatar
tgoe
Contributor
Contributor
 
Posts: 629
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by spencer12 on Tue Mar 22, 2011 11:07 am
([msg=55365]see Re: Brute Forcer In Python???[/msg])

what
is that a brute forcer?!!!
there are two things
1. You don't know what is brute forcing
2. You don't know programming
it just returns some strings!!!
Basic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11)
Realistic: (1) (2) (3) (4) (6) (10) (12) (13)
Application: (1)
Javascript: (1) (2) (3) (4) (5) (7)
Extbasic: (1) (3) (4) (14)
Stego: (1) (3) (5) (6) (14)
spencer12
New User
New User
 
Posts: 7
Joined: Tue Mar 22, 2011 10:59 am
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by mShred on Tue Mar 22, 2011 9:31 pm
([msg=55404]see Re: Brute Forcer In Python???[/msg])

spencer12 wrote:what
is that a brute forcer?!!!
there are two things
1. You don't know what is brute forcing
2. You don't know programming
it just returns some strings!!!

Dude.. come on... me.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1687
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Brute Forcer In Python???

Post by centip3de on Fri May 27, 2011 9:11 pm
([msg=57794]see Re: Brute Forcer In Python???[/msg])

mojo1948 wrote:@OP What you have there is 30+ lines of code that you could have written in 4 or 5 lines.

Try this and let me know how long it lakes to output "I win".
Code: Select all
import sys
import itertools
choices = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789_$&#@ "
for length in range(0,20):
   for entry in itertools.product(choices,repeat = length):
      password = ''.join(entry)
      print password
      if password == 'PassWord_5&':
         print 'I win'
         sys.exit(0)



I quit after an hour and 20 minutes (timed from a stop watch) I got to b@Ed as my guess
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by Muskelmann098 on Mon May 30, 2011 12:14 pm
([msg=57877]see Re: Brute Forcer In Python???[/msg])

I'm not 100% sure, but I think what OP is aiming at is how he would use this program to crack a login form on a website...

... and here's my best guess:
You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.

So what you would need to do is to obtain an encrypted password. This could get you a username and a password hash. Next you need to figure out what encryption method is used, for example MD5.

THEN and only then, can you make the code encrypt each string to MD5 and compare it to the password hash you obtained from the attack on the website. One day in a thousand years, your program will pop up and say "The password is xxx" and you can log into the now long-gone website :)

If you would be able to do the SQL attack, there is a much higher chance you'd find the password by Google-ing the hash than by using a brute-forcer.

If you definitely want a brute forcer, I'd go for a different language than Python. Not that it really matters, considering that any password with more than 6 characters would take an incredibly long time to crack.

Anyone with better knowledge of this, feel free to correct me.


EDIT: Woah... this post is actually pretty old now.
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: Brute Forcer In Python???

Post by msbachman on Mon May 30, 2011 6:30 pm
([msg=57882]see Re: Brute Forcer In Python???[/msg])

Muskelmann098 wrote:... and here's my best guess:
You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.


You don't necessarily need a hash. The easy way would be to automate form submission and test one password variant on x number of users. This is what I believe "RevengeDriven" did.

That's assuming he's even doing something over the web; we're left to guess as he didn't give us much info to use as to what he hoped to do with this.
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 685
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


PreviousNext

Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests