0 like 0 dislike
in Code & Tools by (112 points)

TL:DR - Github Link to Repo: https://github.com/krokite/basicBruteforce

Includes 2 Basic Program :-

  1. Basic "C++" program.
  2. BruteForce Script in Python.

Here is a Sample Code of CPP Program, that will need Password:-

/*
Author: KroKite
Description: Basic Bruteforcing Tools
URI: http://www.facebook.com/r0ckysharma
*/

#include <iostream>
#include<cstdlib>
#include<cstring>
using namespace std;

// When passing char arrays as parameters they must be pointers
int main(int argc, char** argv) {
    if (argc < 4) { // Check the value of argc. If not enough parameters than, inform user and exit.
        cout << "Usage is " << argv[0] << " -f <input filename> -p password\n";
        exit(0);
    } else { // if we got enough parameters..
  int i=1;
	while(i<=argc) {
        	if (strcmp(argv[i],"-f") == 0) {
			cout << "File to Open: " << argv[i + 1] << endl;
        	}
		if (strcmp(argv[i],"-p") == 0) {
        		cout <<"Password is : " << argv[i + 1] << endl;
			if(strcmp(argv[i+1], "KroKite") == 0) {
				cout << "File Opening SuccessFul"<< endl;
			} else {
				cout << "Wrong Password"<< endl;
			}
        	}
	i++;
        }
    }
    return 0;
}

Compile above program with g++

[email protected]# g++ vulnerableApp.cpp -o vulnerableApp

and now run a program to understand what it will do,

[email protected]# ./vulnerableApp

Usage is -f input_filename -p password

So, Run with Arguments, and it takes a password with '-p' arguments:-

Giving the Wrong Password as "hackMe"

[email protected]# ./vulnerableApp -f hacker.txt -p hackme
File to Open:  hacker.txt
The password is: hackMe
Wrong Password

Now Running with Correct Password:-

[email protected]# ./vulnerableapp -f hacker.txt -p KroKite
File to Open:  hacker.txt
The password is: KroKite
File Opening SuccessFul

But, Now what if you don't know the password of the program, and you need to open it, how would you do that, here is basic python code that will help you do that:-

Save below file with name "bruteforce.py"

#!/usr/bin/python
# Author : KroKite
# Description: Basic Password Bruteforcing Tool
# URL: http://www.fb.me/r0ckysharma
# Python Version 2.7import subprocess
import re

fo = open("password.txt", 'r');
for lines in fo:
    password = lines.split('\n')
    brute = subprocess.Popen(["./vulnerableApp", "-f", "foo.txt", "-p", password[0]], stdout=subprocess.PIPE)
    if(re.search("Success", brute.communicate()[0])):
        print "Password Cracked and your Password is ", password[0]
        exit()
    else:
        print password[0], " is not Password"  

Now make another file which has a list of the password, Write 1 password in 1 line.

password.txt file:-

abcdef
123456
hacker
bullshit
wtf
blackbuntu
facebook
twitter
metallica
KroKite
shit
password
pass

And now Run your python program:-

[email protected]# python bruteforce.py 
abcdef  is not Password
123456  is not Password
hacker  is not Password
bullshit  is not Password
wtf  is not Password
blackbuntu  is not Password
facebook  is not Password
twitter  is not Password
metallica  is not Password
Password Cracked and your Password is  KroKite

Note: Please Remember this is just a basic idea and does not account exactly to your program, you might have to do more homework for your application with above bruteforce.py tool. With Few Changes above bruteforce.py tool may work with MySQL [not tested]

bruteforce.py file reads 1 password at a time and then run your program with a fetched password and checks the success of password if it does, then it simply prints password and exit, so the very last line will be your password if it has successfully cracked it.

Also, all above Code is completely written by me, if you share it or modify it further, do include my credit. Thanks

Got Question? Ask them below, and I believe this simple demo will clear doubts.

Please log in or register to answer this question.

...