A little Brute Force engine for B+

Community Forums/Showcase/A little Brute Force engine for B+

Andres(Posted 2008) [#1]
A little brute force engine for BlitzPlus. Unfortunately B+ can't handle numbers bigger than ~2 000 000 000 so there may not be that many candidate possibilities either.
This example searches for up to 5 lettered candidates with symbols "abcdefghijklmnopqrstuvwġäöüxyABCDEFGHIJKLMNOPQRSTUVWĠÄÖÜXY0123456789" in it. My 1.6GHz processor tries about 60 000 - 100 000 candidates per second

Example:
result$ = "hElLo"

; from 1 to 5 letters
For l% = 1 To 5
	brute% = StartBruteforce%(l%, "abcdefghijklmnopqrstuvwġäöüxyABCDEFGHIJKLMNOPQRSTUVWĠÄÖÜXY0123456789")
	total# = BruteforceTotal(brute%)
	Notify "Starting bruteforce with " + Int(total#) + " canditates!"

	; trie all possible candidates with l% symbols in it
	For i = 1 To total#
		BruteforceNext%(brute%)
		value$ = BruteforceCurrentValue$(brute%)
		If value$ = result$ Then RuntimeError "FOUND -> " + value$
	Next
Next


Engine:



andy_mc(Posted 2008) [#2]
Call me stupid, but what is a brute force engine?


GfK(Posted 2008) [#3]
Its for cracking passwords. Stuff like this doesn't belong here, imho.


bytecode77(Posted 2008) [#4]
dont be so rude, GfK. it is kind of a hacking tool, but it is propaply good for learning, too. and if you have choosen a good password for your forums, this one will fail.


GfK(Posted 2008) [#5]
I'm not being rude, I'm having an opinion, just like you are.


Andres(Posted 2008) [#6]
I'll rewrite it in BlitzMAX so it will be able to try even longer and more complex candidates.
I couldn't come on a better forum than this, it's blitz and i wanted to show it, so Blitz Showcase on my opinion :) Maybe Code archive's "Algorithms", but there i wouldn't have much feedback.


ckob(Posted 2008) [#7]
I always welcome open source code much like this and someone recently released a back door program stigma which is open source I think its good for learning purposes. I am an administrator for an ISP seeing the source to programs like this helps me better understand attacks and things people might try.

Love what you have so far Andres


Andres(Posted 2008) [#8]
Here's BlitzMAX version of the engine. Much faster and supports longer candidates and stuff:

29 different symbols and 6 lettered candidate takes longer than an hour :(

Example output:
Starting candidates with 1 letters and 29 possibilities...
Ended with 0 seconds (1.#INF0000/s)
Starting candidates with 2 letters and 841 possibilities...
Ended with 0 seconds (841000.000/s)
Starting candidates with 3 letters and 24389 possibilities...
Ended with 0 seconds (393370.969/s)
Starting candidates with 4 letters and 707281 possibilities...
Ended with 3 seconds (180936.563/s)
Starting candidates with 5 letters and 20511149 possibilities...
Ended with 141 seconds (144744.391/s)
Starting candidates with 6 letters and 594823321 possibilities...
FOUND! -> andres


Example:
SuperStrict

Global result:String = "andres"

For Local l:Int = 1 To 10
	Local brute:TBrute = StartBruteforce(l, "abcdefghijklmnopqrstuvwġäöüxy")
	Local total:Long = BruteforceTotal(brute)

	Print "Starting candidates with " + l + " letters and " + total + " possibilities..."
	Local tim:Long = MilliSecs()
	For Local i:Int = 1 To total
		BruteforceNext(brute)
		Local value:String = BruteforceCurrentValue(brute)
		If value = result Then
			Print "FOUND! -> " + value
			End
		EndIf
	Next
	EndBruteforce(brute)
	Print "Ended with " + Int(Float (MilliSecs() - tim) / 1000) + " seconds (" + (total / (Float (MilliSecs() - tim) / 1000)) + "/s)"
Next


Engine:



Retimer(Posted 2008) [#9]

and if you have choosen a good password for your forums, this one will fail.



I agree it's more of a learning thing, because even crappy web hosts should be able to realise that "594823321 possibilities..."
594823321 connection attempts within a small period (which is impossible, probobly even for LAN) is a hack attempt. And most professional login systems log so many failed attempts and warn the administrator of this.

Keyloggers are more of something to worry about these days.

Nice code Andres, fun to mess around with.


Andres(Posted 2008) [#10]
I'm thinking more on zip/rar archive password "recovering" or something like that :)


Trader3564(Posted 2008) [#11]
its pretty useless as long as it can't hook into something...
also, as you don't know the length of a password there is no point in not making it start from 1 till max in length.


Gabriel(Posted 2008) [#12]
its pretty useless as long as it can't hook into something...

It can hook into anything which runs from the command line, which would certainly include zip and rar programs.


also, as you don't know the length of a password there is no point in not making it start from 1 till max in length.

Apart from the fact that it would run for one hell of a long time and make people think it had crashed. If you had a specific purpose in mind, I imagine it wouldn't be too much trouble to change that.