PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Bruteforce Engine

https://www.purebasic.fr/english/viewtopic.php?t=34917

Page 1 of 1

Bruteforce Engine

Posted: Mon Oct 27, 2008 5:57 am
by Joakim Christiansen
EDIT:
My new method is here:
http://www.purebasic.fr/english/viewtop ... 15#p340515

Old one below:

Fill chars.s() with characters you want to be tested
This code tries every possible combination

Code: Select all

;################################### 
; Title:      Bruteforce Engine
; Author:   Joakim L. Christiansen 
; License: Provided as example, do whatever you want 
; 
; About: 
; Fill chars.s() with characters you want to be tested
;###################################

EnableExplicit

Global Dim chars.s(10), i, u
Define password.s, count, changed
Global length = 0, comb
Global Dim pass.s(length)
Global Dim pos(length)


; For i=0 To 9
;   ReDim chars.s(comb)
;   chars(comb) = Str(i)
;   comb + 1
; Next
For i=97 To 122
  ReDim chars.s(comb)
  chars(comb) = Chr(i)
  comb + 1
Next
comb-1

Repeat
  ReDim pass.s(length)
  ReDim pos(length)
  
  For u=0 To length ;draw password
    pass(u) = chars(0)
    pos(u) = 0
  Next
  
  password = "": For u=0 To length ;draw password
    password + pass(u)
  Next: Debug password
  
  Repeat 
    changed = 0
    For i=length To 0 Step -1
      If pos(i) < comb
        pos(i) + 1
        pass(i) = chars(pos(i)) ;hmm?
        For u=i+1 To length ;reset others?
          pos(u) = 0
          pass(u) = chars(0)
        Next
        password = "": For u=0 To length ;draw password
          password + pass(u)
        Next: Debug password
        changed = 1
        Break
      EndIf
    Next
  Until Not changed
  ;Debug "bye"
  
  length + 1
  
Until length > 5
;MessageRequester("","")
I also made code for bruteforcing website login forms, either this way or with a "common passwords list" 8) But that would be stupid to share.

Posted: Thu Oct 30, 2008 9:09 pm
by V2
...same shit, different color:

Code: Select all

Procedure bf(s.s, m)
  l = Len(s) + 1
  pw.s
  For i = 97 To 122
    pw = s + Chr(i)    
    If l < m : bf(pw, m) : EndIf
    Debug(pw)
  Next
EndProcedure

bf("", 5)

Posted: Sat Nov 01, 2008 12:45 am
by utopiomania
Look, Joakim.. I have this app running in a web browser on a company intranet. It requires a login,
with a username/pw, and can easily be made visible to the rest of the world.

Can your code log in even If I progressively add a delay after each attempt at a false login?

Posted: Sat Nov 01, 2008 12:56 am
by Mistrel
If you add a delay a brute force attack wouldn't be feasible if it's a strong password. But someone might get lucky with a dictionary attack if they already knew a login name.

Posted: Sat Nov 01, 2008 12:00 pm
by Joakim Christiansen
Mistrel wrote:If you add a delay a brute force attack wouldn't be feasible if it's a strong password. But someone might get lucky with a dictionary attack if they already knew a login name.
Yeah, the delay of your network connection is enough to deal with in my opinion, hehe. If it's a striong password (more than 4 letters) a brutefroce method will take very very long time.

Mistrel is right about the dictionary attack btw, if you know some login names you could try them. I actually tried that one some site and got several passwords, but that is kinda not legal.

Posted: Sat Nov 01, 2008 12:02 pm
by Joakim Christiansen
V2 wrote:...same shit, different color:

Code: Select all

Procedure bf(s.s, m)
  l = Len(s) + 1
  pw.s
  For i = 97 To 122
    pw = s + Chr(i)    
    If l < m : bf(pw, m) : EndIf
    Debug(pw)
  Next
EndProcedure

bf("", 5)
Nice if you only want to use plane letters only yes, but nice code.

Posted: Sat Nov 01, 2008 6:51 pm
by V2
Joakim Christiansen wrote: Nice if you only want to use plane letters only yes, but nice code.
Well, it's simple to extend it - i guess you get the idea... btw, peeking and poking the stuff around will give you quite some additional combinations/second...

Posted: Sun Nov 02, 2008 1:14 am
by Joakim Christiansen
V2 wrote:Well, it's simple to extend it - i guess you get the idea.....
Yeah, you're right. My code got owned, hehe :D

Posted: Thu Feb 19, 2009 7:46 pm
by codeman
Hello,
can anybody show me how looks an example with numers/big and small letter and special letters?

yours, codeman

Re: Bruteforce Engine

Posted: Mon Dec 06, 2010 10:59 am
by Joakim Christiansen
Another method I developed for easier use:

Code: Select all

EnableExplicit

Procedure.s getCharComb(characters$,combination.q,length)
  Protected charCount = Len(characters$)
  Protected result$, maxCombinations.q, val.q,res.q,rem,base=charCount
  maxCombinations = Pow(charCount,length)
  If combination < maxCombinations
    val = combination
    Repeat
      res = val / base
      rem = val % base
      val = res
      result$ = Mid(characters$,rem+1,1) + result$ 
    Until val <= 0
    result$ = RSet(result$,length,Mid(characters$,1,1)) 
  Else
    ;Debug "maximum amount of combinations reached"
  EndIf
  ProcedureReturn result$
EndProcedure

Define c

For c=0 To 26
  Debug getCharComb("abc",c,3)
Next
Basically what it does is a base conversion, the combination "abc" can be looked upon as base 3 while the normal numeric system is base 10. This also makes it possible to use this to convert base 10 to base 16 (HEX):

Code: Select all

c = 255
Debug getCharComb("0123456789ABCDEF",c,2)
Debug RSet(Hex(c),2,"0") ;for comparison
And to automatically try all combinations in lengths from 1 to 4 code like this can be used:

Code: Select all

Define charset$, charCount, length, combination.q, maxCombinations.q
charset$ = "abc"
charCount = Len(charset$)
length = 1 ;start length
Repeat
  combination = 0
  maxCombinations = Pow(charCount,length)
  ;Debug "": Debug maxCombinations
  Repeat
    Debug getCharComb(charset$,combination,length)
    combination + 1
  Until combination = maxCombinations ;since it starts at 0
  length + 1
Until length = 5 ;end length
And if you're curious about the time a bruteforce would use to test all combinations then I've made some code for that too:

Code: Select all

EnableExplicit

Procedure.s secondsToTime(seconds.q)
  Protected rem, years.q, days, hours, minutes
  years = seconds / 31536000
  rem = seconds %  31536000
  days = rem / 86400
  rem = rem % 86400
  hours = rem / 3600
  rem = rem % 3600
  minutes = rem / 60
  rem = rem % 60
  seconds = rem
  ProcedureReturn Str(years)+" years, "+Str(days)+" days, "+Str(hours)+" hours and "+Str(minutes)+" minutes"
EndProcedure

Procedure.s bruteForceTimeCalc(charCount,numOfChars,perSecond,delayMS.d=0)
  Protected combinations.q, secondsUsed.q
  If perSecond > 0 ;else delayMS should be set
    delayMS = 1000 / perSecond
  EndIf
  combinations = Pow(charCount,numOfChars)
  secondsUsed = IntQ((combinations * delayMS) / 1000)
  ProcedureReturn secondsToTime(secondsUsed)
EndProcedure

Debug bruteForceTimeCalc(36,4,50)
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited