Brute force programming

**mad_fox9007** · May 27th, 2004, 06:10 PM

a question for gothic_type, in the code that u gave me, how would i tell it to use the numbers 32, 48-57, 65-90, and 97-122

***cacosapo*** · May 27th, 2004, 06:37 PM

Good question Angelic, to learn how to break password you must starting learning how to find where the passsword is stored.
NT and above store password on hidden files, than can be called SAM or NTDS.
To write a password cracker you need:
a) to learn those files layout and write a program to that OR
b) get a program that already do that and just write the password cracker program.

Im not sure with Microsoft has an "official" documentation of that file structure, but its pretty documented over Internet.

For pratice only, i think its better to start with passwd unix file. Is for pratice, isnt it? Ask here and i think that someone will attach a sample file to you pratice...

***SwordFish_13*** · May 27th, 2004, 06:43 PM

Originally posted here by mad_fox9007
a question for gothic_type, in the code that u gave me, how would i tell it to use the numbers 32, 48-57, 65-90, and 97-122

Hey can i try

Code:

int main(void)
{
     char dash[5]="-"
	
  for(int x=0; x&lt;255; x++)
	{
	     
             strcat(dash,(char)x);
	     cout &lt;&lt; dash &lt;&lt; endl;
        }
	

  return(0);
}

Hey it's a just a hint how it can be done i don't have Turbo C++ right now.I will see when i Gte my hands on a PC with C++ Compiler........(i use Turbo C++)

Originally posted here by mad_fox9007
thanks for the imput gothic_type, i understand what ur saying, and i've seen things on creating dictionary files also, but i'm not sure how to creat a program that would let me use that on windows passwords. A little help? does anyone have any information or know a website that would help me research these topics further?

Hey why do i get the feeling that someone is ignoring me here. This one is for Gothic too .. Just kidding.

Ok the windows (i am talking about 9X here) uses a relatevily weak algrothim. The Pasword File is stored in the windows directry "%SystemRoot%/Windows" the file has a .pwl extension. Just search for *.pwl The file is named corrosponding to the username. And For every user a file is created with His/her User Name and Pasword is stored there.....

Just open it in Notepad and have a look at it. because you seem very enthuastic about all this i will just give you a brie foverview of the file

See these this is mine

. Don't know what tat first character Means it's on every File i have seen But be a somekind of a starting character by which windows recognises that it is indeed a password File. And some weird "Y" Follow it they mean nothing . see thise last 2 lines they are the pasword . It's encrypted you have to decript it. You got to have a deep knowledge or cryptology to start of developing a Password Craker.......

To See the Plain Text Form of this Crypted password you can yous a very nifty tool called Glide.C that we used during our Cryptology Class .it's open Source. Just google for it you will Find it.

--Good Luck--

[edit]

I just hate it when sometimes Code tag makes this whole page Streach .. Look Now post is all jumbled up. can something be done about it mstrgrl ............

***AngelicKnight*** · May 27th, 2004, 06:46 PM

Not for practice exactly. As a part of auditing, I want to assess some various passwords, such as user passwords, for when I later come up with a policy to require more complex passwords (such a policy does not yet exist). That way I can say "See! Look how sucky your password is!" then say "So from now on do this."

So if I set folders to show hidden files, will I then be able to see password files (man, that would be lame if that's the case...), and are they located in a system folder somewhere?

***cacosapo*** · May 27th, 2004, 07:17 PM

Originally posted here by AngelicKnight
Not for practice exactly. As a part of auditing, I want to assess some various passwords, such as user passwords, for when I later come up with a policy to require more complex passwords (such a policy does not yet exist). That way I can say "See! Look how sucky your password is!" then say "So from now on do this."

So if I set folders to show hidden files, will I then be able to see password files (man, that would be lame if that's the case...), and are they located in a system folder somewhere?

take a look at this (old) story
http://www.microsoft.com/TechNet/pro.../storpass.mspx
and see how it looks like
but
please dont go to the user and say that. Usually people goes insane of that. NEVER do that without Major Office authorisation.
Dont trust yourself either. Never run a tool that show password in clear. After you get president' password, how do you know that you wont use that? Better never try

If you know that bad password behavior is going on, just write policies/guidelines to help people.
Personally i dont like these kind of tool, except that ones that DONT show passwords, but shows terms like "guessed","found" or something like that.
I use a tool like that on Mainframe Computers

***AngelicKnight*** · May 27th, 2004, 07:23 PM

please dont go to the user and say that. Usually people goes insane of that. NEVER do that without Major Office authorisation.

Well, I was being fecisious there, what I would do is just say that certain passwords have been found vulnerable to cracking for backing up the new policy...something like that anyway. I also want to "see" from the cracker/hacker's eyes how this type of intrusion is performed so I know what I'm talking about when writing said policy.

I do trust myself, primarily because I'm an ethics nut. I won't even steal the pens from store counters. A great deal of that is probably due to growing up in a law enforcement family. So I trust me, but everyone else I run through NCIC first.

Thanks for the story, I'll scope it out.

**gothic_type** · May 27th, 2004, 09:09 PM

SwordFish_13, hah. Did you think I was hogging all the praise or something? Well, if he didn't thank you for your informative post, I will. *cough* ahem, "Thank you, dear SwordFish_13, for your incredibly informative and to-the-point post. It helped me a lot". (and no, that was not sarcasm :P)

BTW -- your code as it stands will not work. It attempts to concatenate (append to the string) more characters than the string can hold. I think that's the problem anyhow. If it does actually work and I'm just a dumbass, I apologise.

Anyhow. mad_fox9007, the program that I posted before was not for creating a string to be tested as a password (you know what I mean, right), it was just an example of typecasting and to show you the list of ascii characters. If you want to cut down the amount of characters that can be used (to strip out the non-printing characters or something) you could do the following:

Code:

// please not that this is not an example of an algorithm used for bruteforcing, 
// but a way of limiting the number of characters used
// The program will create a 5 character string using a random mix of the characters
// that you specified

#include &lt;iostream&gt;
using namespace std;

int main(void)
{
  char myString[5] = " "; // a 5 character string

  for(int x=0; x&lt;4; x++) // had to change this to 4 because I was getting weird output
  {
     int number = 0;
     do // I think you can use do-while in c++ (I'm a java person)
     {
        number = getRandomNumber(255); // this just means get a random number between 0
        // and 255. getRandomNumber(...) is not an actual function, I just mean that you need to
        // get a random number here :P
     }
     while(!(number==32 || (number&gt;=48 && number&lt;=57) || (number&gt;=65 && number&lt;=90) || (number&gt;=97 && number&lt;=122));

     myString[x] = (char)number;
  }

  return(0);
}

The code above should generate a random 5 character string using the rules you specified, but for bruteforcing you would have to figure out some way of going through every combination of those numbers and also of increasing the length of your string appropriately. That shouldn't be too difficult to do and I leave it to you to figure out. I can't give you the whole answer (hehe).

Anyhow, I apologise if my code is incorrect, it's been years since I've used c++ and I can't be bothered downloading a compiler to check it. If you want to compile and run the code, either replace the reference to getRandomNumber(...) to an actual random number generating function or write int getRandomNumber(int max);

ac

**gothic_type** · May 28th, 2004, 10:20 PM

If you want a simple method of getting a random number for the program above, you can use the following (although there was really no need for randomness except to show that the program only allowed characters that were specified by the "rules"):

include time.h (oh no, not a .h header file

) and add the following to the start of your main function:

Code:

srand((unsigned)time(NULL));

then use the following to get a random number:

Code:

myVar = rand%MAX_NUMBER;

ac

**mad_fox9007** · June 10th, 2004, 02:06 AM

can anyone post a script, or tell me where to learn how to make a script like gothic_types, but i dont want it to generate random numbers, and like he said, i also need to figure out a way of goin through every combination of these numbers and also increase the legnth of the string appropriatly?

**mad_fox9007** · June 11th, 2004, 02:52 PM

anyone wanna clue me in on this typecasting thing, i've been lookin everywhere i kno to look for info on this, but i cant find what i need

Thread: Brute force programming

Thread Tools

Display

Posting Permissions