RE: Generate passwords by bruteforce

From: pentestr (pentestr@gmail.com)
Date: Thu Jan 10 2008 - 05:10:05 EST


Hi,

I got the following brute forcing program. This is excellent

This will give all possible passwords.. Go through the code

/* Brute Force Engine , by koby ( koby@in.gr )
*
* http://www.codecraft.tk

* Finds every possible combination of ASCII
* characters, which are between 33 - 126. The
* characters between 33-126 are all of the
* possible chars allowed on our keyboard
* including special chars.

* If you want to print those strings on screen,
* remove the // on line 81 and notice the
* difference with the time elapsed ...

* Copyright (c) 2003
* koby and www.CodeCraft.tk. All rigths reserved
* Redistributions of source code must retain the above copyright
* notice and the following disclaimer.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS
IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
* ARE DISCLAIMED.
*/

#include <stdio.h>
#include <stdlib.h>
#include <time.h>

#define MINCHAR 33
#define MAXCHAR 126
#define WLENGTH 2
char *bruteforce(int passlen, int *ntries);

int main(int argc,char *argv[]) {

        int i, wdlen, counter,length;
        char *str;
        clock_t start, end;
        double elapsed;

wdlen=WLENGTH;

        start = clock();

        bruteforce(wdlen, &counter);

        end = clock();

        elapsed = ((double) (end - start)) / CLOCKS_PER_SEC;
        printf("\nNum of tries... %d \n",counter);
        printf("\nTime elapsed... %f seconds\n",elapsed);

        return counter;

}

char *bruteforce(int passlen, int *ntries) {

        int i;
        char *str;

        *ntries=0;

        passlen++;

        str = (char*)malloc( passlen*sizeof(char) );

        for(i=0; i<passlen; i++) {
                str[i]=MINCHAR;
        }
        str[passlen]='\0';

        while(str[0]<MINCHAR+1) {
                for(i=MINCHAR; i<=MAXCHAR; i++) {
                        str[passlen-1]=i;
                        (*ntries)++;
                        puts(&str[1]);
                }

                if(str[passlen-1]>=MAXCHAR) {
                        str[passlen-1]=MINCHAR;
                        str[passlen-1-1]++;
                }

                for(i=passlen-1-1; i>=0; i--) {
                        if(str[i]>MAXCHAR) {
                                str[i]=MINCHAR;
                                str[i-1]++;
                        }
                }
        }

        return NULL;

}

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT