Table of contents
No headings in the article.
Includes 2 Basic Program :-
- Basic "C++" program.
- BruteForce Script in Python.
Here is Sample Code of CPP Program, that will need Password :-
Codes are messed up because of blogger. So Get a Code from here - https://github.com/krokite/basicBruteforce
/*
Author: KroKite
Description: Basic Bruteforcing Tools
*/
#include <iostream>
#include<cstdlib>
#include<cstring>
using namespace std;
// When passing char arrays as parameters they must be pointers
int main(int argc, char** argv) {
if (argc < 4) { // Check the value of argc. If not enough parameters than, inform user and exit.
cout << "Usage is " << argv[0] << " -f <input filename> -p password\n";
exit(0);
} else { // if we got enough parameters..
int i=1;
while(i<=argc) {
if (strcmp(argv[i],"-f") == 0) {
cout << "File to Open: " << argv[i + 1] << endl;
}
if (strcmp(argv[i],"-p") == 0) {
cout <<"Password is : " << argv[i + 1] << endl;
if(strcmp(argv[i+1], "KroKite") == 0) {
cout << "File Opening SuccessFul"<< endl;
} else {
cout << "Wrong Password"<< endl;
}
}
i++;
}
}
return 0;
}
Compile the above program with g++
root@worldofhacker# g++ krokite.cpp -o krokite
and now run a program to understand what it will do,
root@worldofhacker# ./krokite
Usage is -f input\_filename -p password
So, Run with Arguments, and it takes the password with '-p' arguments:-
Giving the Wrong Password as "blackbuntu"
root@worldofhacker# ./krokite -f blackbuntu.txt -p blackbuntu
File to Open: blackbuntu.txt
Password is : blackbuntu
Wrong Password
Now Running with Correct Password:-
root@worldofhacker# ./krokite -f blackbuntu.txt -p KroKite
File to Open: blackbuntu.txt
Password is : KroKite
File Opening SuccessFul
But, Now what if you don't know the password of the program, and you need to open it, how would you do that, here is basic python code that will help you do that:-
Save the below file with the name "krokite.py"
#!/usr/bin/python
# Author : KroKite
# Description: Basic Password Bruteforcing Tool.
# Python Version: 2.7
import subprocess
import re
fo = open("password.txt", 'r');
for lines in fo:
password = lines.split('\n')
brute = subprocess.Popen(["./vulnerableApp", "-f", "foo.txt", "-p", password[0]], stdout=subprocess.PIPE)
if(re.search("Success", brute.communicate()[0])):
print "Password Cracked and your Password is ", password[0]
exit()
else:
print password[0], " is not Password"
Now make another file which has a list of passwords, Write 1 password in 1 line.
password.txt file:-
abcdef
123456
hacker
bullshit
wtf
blackbuntu
facebook
twitter
metallica
KroKite
shit
password
pass
And now Run your python program:-
root@krokite# python krokite.py
abcdef is not Password
123456 is not Password
hacker is not Password
bullshit is not Password
wtf is not Password
blackbuntu is not Password
facebook is not Password
twitter is not Password
metallica is not Password
Password Cracked and your Password is KroKite
Note: Please Remember this is just a basic idea and does not account exactly for your program, you might have to do more homework for your application with the above krokite.py tool. With a Few Changes above krokite.py tool may work with MySQL [not tested]
krokite.py file reads 1 password at a time and then run your program with a fetched password and checks the success of the password, if it does, then it simply prints the password and exit, so the very last line will be your password if it has successfully cracked it.
Also, all the above Code is completely written by me, if you share it or modify it further, do include my credit. Thanks
Got Question? Ask them below, and I believe this simple demo will clear doubts.