Hack, Build & Scale - Web & Server apps

Hack, Build & Scale - Web & Server apps

Basic Idea of Creating Password Bruteforce tool

Basic Idea of Creating Password Bruteforce tool

R Sharma (WorldOfHacker)'s photo
R Sharma (WorldOfHacker)
·May 2, 2012·

3 min read

Subscribe to our newsletter and never miss any upcoming articles

Play this article

Includes 2 Basic Program :-

  1. Basic "C++" program.
  2. BruteForce Script in Python.

Here is Sample Code of CPP Program, that will need Password :-

Codes are messed up because of blogger. So Get a Code from here - https://github.com/krokite/basicBruteforce

/*
Author: KroKite
Description: Basic Bruteforcing Tools
*/

#include <iostream>
#include<cstdlib>
#include<cstring>
using namespace std;

// When passing char arrays as parameters they must be pointers
int main(int argc, char** argv) {
    if (argc < 4) { // Check the value of argc. If not enough parameters than, inform user and exit.
        cout << "Usage is " << argv[0] << " -f <input filename> -p password\n";
        exit(0);
    } else { // if we got enough parameters..
  int i=1;
    while(i<=argc) {
            if (strcmp(argv[i],"-f") == 0) {
            cout << "File to Open: " << argv[i + 1] << endl;
            }
        if (strcmp(argv[i],"-p") == 0) {
                cout <<"Password is : " << argv[i + 1] << endl;
            if(strcmp(argv[i+1], "KroKite") == 0) {
                cout << "File Opening SuccessFul"<< endl;
            } else {
                cout << "Wrong Password"<< endl;
            }
            }
    i++;
        }
    }
    return 0;
}

Compile the above program with g++

root@worldofhacker# g++ krokite.cpp -o krokite

and now run a program to understand what it will do,

root@worldofhacker# ./krokite
Usage is -f input\_filename -p password

So, Run with Arguments, and it takes the password with '-p' arguments:-

Giving the Wrong Password as "blackbuntu"

root@worldofhacker# ./krokite -f blackbuntu.txt -p blackbuntu
File to Open:  blackbuntu.txt
Password is : blackbuntu
Wrong Password

Now Running with Correct Password:-

root@worldofhacker# ./krokite -f blackbuntu.txt -p KroKite
File to Open:  blackbuntu.txt
Password is : KroKite
File Opening SuccessFul

But, Now what if you don't know the password of the program, and you need to open it, how would you do that, here is basic python code that will help you do that:-

Save the below file with the name "krokite.py"

#!/usr/bin/python
# Author : KroKite
# Description: Basic Password Bruteforcing Tool.
# Python Version: 2.7

import subprocess
import re

fo = open("password.txt", 'r');
for lines in fo:
  password = lines.split('\n')
    brute = subprocess.Popen(["./vulnerableApp", "-f", "foo.txt", "-p", password[0]], stdout=subprocess.PIPE)
    if(re.search("Success", brute.communicate()[0])):
        print "Password Cracked and your Password is ", password[0]
        exit()
    else:
        print password[0], " is not Password"

Now make another file which has a list of passwords, Write 1 password in 1 line.

password.txt file:-

abcdef
123456
hacker
bullshit
wtf
blackbuntu
facebook
twitter
metallica
KroKite
shit
password
pass

And now Run your python program:-

root@krokite# python krokite.py 
abcdef  is not Password
123456  is not Password
hacker  is not Password
bullshit  is not Password
wtf  is not Password
blackbuntu  is not Password
facebook  is not Password
twitter  is not Password
metallica  is not Password
Password Cracked and your Password is  KroKite

Note: Please Remember this is just a basic idea and does not account exactly for your program, you might have to do more homework for your application with the above krokite.py tool. With a Few Changes above krokite.py tool may work with MySQL [not tested]

krokite.py file reads 1 password at a time and then run your program with a fetched password and checks the success of the password, if it does, then it simply prints the password and exit, so the very last line will be your password if it has successfully cracked it.

Also, all the above Code is completely written by me, if you share it or modify it further, do include my credit. Thanks

Got Question? Ask them below, and I believe this simple demo will clear doubts.

Did you find this article valuable?

Support Hack, Build & Scale - Web & Server apps by becoming a sponsor. Any amount is appreciated!

See recent sponsors Learn more about Hashnode Sponsors
 
Share this