From: Tomas Zellerin (zellerin@gmail.com)
Date: Fri Jan 11 2008 - 02:22:53 EST
[OT reaction]
This is how vulnerabilities get into code. Anything suspicient in
str = (char*)malloc( passlen*sizeof(char) );
str[passlen]='\0';
? Yes, it probably works in most cases.
Actually, from my experience it is perfectly reasonable to use higher
level language than C for password generation, because password
*generating* will not be the part that takes high percentage of time -
storing it to disc or hashing it with any decent hash function will
take much longer, not even talking about sending it to some other
machine to try to log on.
Tomas
On 1/10/08, pentestr <pentestr@gmail.com> wrote:
> Hi,
>
> I got the following brute forcing program. This is excellent
>
> This will give all possible passwords.. Go through the code
>
>
> /* Brute Force Engine , by koby ( koby@in.gr )
> *
> * http://www.codecraft.tk
>
> * Finds every possible combination of ASCII
> * characters, which are between 33 - 126. The
> * characters between 33-126 are all of the
> * possible chars allowed on our keyboard
> * including special chars.
>
> * If you want to print those strings on screen,
> * remove the // on line 81 and notice the
> * difference with the time elapsed ...
>
> * Copyright (c) 2003
> * koby and www.CodeCraft.tk. All rigths reserved
> * Redistributions of source code must retain the above copyright
> * notice and the following disclaimer.
> *
> * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS
> IS'' AND
> * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE
> * ARE DISCLAIMED.
> */
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <time.h>
>
> #define MINCHAR 33
> #define MAXCHAR 126
> #define WLENGTH 2
> char *bruteforce(int passlen, int *ntries);
>
> int main(int argc,char *argv[]) {
>
> int i, wdlen, counter,length;
> char *str;
> clock_t start, end;
> double elapsed;
>
> wdlen=WLENGTH;
>
> start = clock();
>
> bruteforce(wdlen, &counter);
>
> end = clock();
>
> elapsed = ((double) (end - start)) / CLOCKS_PER_SEC;
> printf("\nNum of tries... %d \n",counter);
> printf("\nTime elapsed... %f seconds\n",elapsed);
>
> return counter;
>
> }
>
> char *bruteforce(int passlen, int *ntries) {
>
> int i;
> char *str;
>
> *ntries=0;
>
> passlen++;
>
> str = (char*)malloc( passlen*sizeof(char) );
>
> for(i=0; i<passlen; i++) {
> str[i]=MINCHAR;
> }
> str[passlen]='\0';
>
> while(str[0]<MINCHAR+1) {
> for(i=MINCHAR; i<=MAXCHAR; i++) {
> str[passlen-1]=i;
> (*ntries)++;
> puts(&str[1]);
> }
>
> if(str[passlen-1]>=MAXCHAR) {
> str[passlen-1]=MINCHAR;
> str[passlen-1-1]++;
> }
>
> for(i=passlen-1-1; i>=0; i--) {
> if(str[i]>MAXCHAR) {
> str[i]=MINCHAR;
> str[i-1]++;
> }
> }
> }
>
> return NULL;
>
> }
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT koby@in.gr