Brute Force

Tazo · May 14, 2005, 05:23 PM

**This is technically a dictionary attack.

Brute force, by me.
VB6.
Attempts to log on as a CHAT client. Uses socks4 protocol for proxies. Source code commented, for the most part. Educational use only.

*INCLUDES*
Source files
Executable
Needed .txt and .ini files

http://www.javaop.com/uploads/guest/BruteForce.zip

Please leave any comments, corrections or suggestions.

Thanks to: iago for upload

iago · May 14, 2005, 06:22 PM

Incidentally, if anybody cares, either "Auditor" or "Knoppix-std" (live Linux security-based distributions) comes with a 26mb dictionary file. It's pretty damn elite. I forget which one it is, though.

Tazo · May 14, 2005, 06:43 PM

http://packetstormsecurity.nl/Crackers/dicts.zip

iago · May 14, 2005, 06:50 PM

That dictionary is small compared to the one I'm talking about

I'll figure out which distro it is on Monday and let you know.

R.a.B.B.i.T · May 14, 2005, 07:25 PM

Do you have anything better to do besides create tools meant to harass and steal? Get a life, please.

Blaze · May 14, 2005, 07:48 PM

The first thing I want to do with this is brute force tazo's account to teach him a lesson.

UserLoser. · May 14, 2005, 10:26 PM

26mb is nothing. I had a 3 gig file once which generated like every combination with letters from 2 characters to 12 in length. I don't think it ever finished though

Blaze · May 14, 2005, 10:36 PM

I had this program that created those files userloser, and the farthest I ever got was 35gb. I'll see if I can get it again from agarwaen.

I_Smell_Tuna · May 15, 2005, 12:27 AM

Here is a BF DLL I made. Easy incrimentation for BF.

http://68.58.200.72/bruteforce.zip

Lenny · May 15, 2005, 12:30 AM

I really don't think it's necessary to store all the combinations into a file just to try each one. I'm sure the computer is well capable of generating them on the fly.

Somewhat oxymoronic to call such a file a dictionary.

Networks · May 15, 2005, 01:51 AM

Much easier method:

Tell them to register for you forum or w/e, anything that uses md5 or even plain-text!

if md5, break it in a couple hours max. Battle.net brute forcing is way to tedious.

Also I can't believe you guys actually support this....-.-

Topaz · May 15, 2005, 02:07 AM

You'd probably need only a hundred or so, assuming you're planning on bruting it longterm. Failed logon locks only last fifteen minutes, maybe more.

iago · May 15, 2005, 02:57 AM

Lenny is correct: storing the random combinations in a file would be dumb. The dictionary that I talk of is actual phoenetic words (in various languages, leet-speakness, etc.

Bruteforcing it if it's MD5, if it's a decent password, can still take a long time. A combination of 7 keyboard characters can take up to 15 days to guess. 8 would take longer than you'd be willing to wait.

That's also assuming they use the same password for forums and Battle.net. I know I don't, I use a separate password for important things, and for things that somebody I don't trust has access to my password. Plus, if you're cool like me, your bot will automatically cycle your password :-)

tA-Kane · May 15, 2005, 04:26 AM

Quote from: Lenny on May 15, 2005, 12:30 AM
I really don't think it's necessary to store all the combinations into a file just to try each one. I'm sure the computer is well capable of generating them on the fly.

Indeed. I once wrote an FTP brute forcer that generated passwords in order on-the-fly. It would save the current password that it's trying to disk, so that you could actually stop, reboot, and then resume where you left off. Useful for if you don't have a server to run it on and your computer crashes a lot (or you decide to reboot every time your installs or games don't work right).

It actually got me into two different FTP sites, after about three months running on my server trying about 2.5 passwords/sec.

I_Smell_Tuna · May 15, 2005, 09:08 AM

Did nobody notice the like to a DLL that generates random passwords on the fly?

Brute Force

R.a.B.B.i.T

UserLoser.

I_Smell_Tuna

Topaz

I_Smell_Tuna