• Welcome to Valhalla Legends Archive.
 

Brute Force

Started by Tazo, May 14, 2005, 05:23 PM

Previous topic - Next topic

Tazo

**This is technically a dictionary attack.

Brute force, by me.
VB6.
Attempts to log on as a CHAT client. Uses socks4 protocol for proxies. Source code commented, for the most part. Educational use only.

*INCLUDES*
Source files
Executable
Needed .txt and .ini files

http://www.javaop.com/uploads/guest/BruteForce.zip

Please leave any comments, corrections or suggestions.

Thanks to: iago for upload :)

iago

Incidentally, if anybody cares, either "Auditor" or "Knoppix-std" (live Linux security-based distributions) comes with a 26mb dictionary file.  It's pretty damn elite.  I forget which one it is, though.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



iago

That dictionary is small compared to the one I'm talking about :)

I'll figure out which distro it is on Monday and let you know.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


R.a.B.B.i.T

Do you have anything better to do besides create tools meant to harass and steal?  Get a life, please.

Blaze

The first thing I want to do with this is brute force tazo's account to teach him a lesson.
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

UserLoser.

26mb is nothing.  I had a 3 gig file once which generated like every combination with letters from 2 characters to 12 in length.  I don't think it ever finished though

Blaze

#7
I had this program that created those files userloser, and the farthest I ever got was 35gb.  I'll see if I can get it again from agarwaen.
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

I_Smell_Tuna

Here is a BF DLL I made. Easy incrimentation for BF.

http://68.58.200.72/bruteforce.zip

Lenny

I really don't think it's necessary to store all the combinations into a file just to try each one.  I'm sure the computer is well capable of generating them on the fly.

Somewhat oxymoronic to call such a file a dictionary.
The Bovine Revolution
Something unimportant

Live Battle.net:

WARNING: The preceding message may have contained content unsuitable for young children.

Networks

Much easier method:

Tell them to register for you forum or w/e, anything that uses md5 or even plain-text!

if md5, break it in a couple hours max. Battle.net brute forcing is way to tedious.

Also I can't believe you guys actually support this....-.-

Topaz

You'd probably need only a hundred or so, assuming you're planning on bruting it longterm. Failed logon locks only last fifteen minutes, maybe more.

iago

Lenny is correct: storing the random combinations in a file would be dumb.  The dictionary that I talk of is actual phoenetic words (in various languages, leet-speakness, etc.

Bruteforcing it if it's MD5, if it's a decent password, can still take a long time.  A combination of 7 keyboard characters can take up to 15 days to guess.  8 would take longer than you'd be willing to wait.

That's also assuming they use the same password for forums and Battle.net.  I know I don't, I use a separate password for important things, and for things that somebody I don't trust has access to my password.  Plus, if you're cool like me, your bot will automatically cycle your password :-)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


tA-Kane

Quote from: Lenny on May 15, 2005, 12:30 AM
I really don't think it's necessary to store all the combinations into a file just to try each one.  I'm sure the computer is well capable of generating them on the fly.
Indeed. I once wrote an FTP brute forcer that generated passwords in order on-the-fly. It would save the current password that it's trying to disk, so that you could actually stop, reboot, and then resume where you left off. Useful for if you don't have a server to run it on and your computer crashes a lot (or you decide to reboot every time your installs or games don't work right).

It actually got me into two different FTP sites, after about three months running on my server trying about 2.5 passwords/sec.
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

I_Smell_Tuna

Did nobody notice the like to a DLL that generates random passwords on the fly?