Sunday, January 24, 2010

Writing a Randomized Bruteforce Attack in C/C++

The randomized bruteforce attack works by guessing possible passwords in a random order unlike the sequential bruteforce attacks which guesses passwords in a logical order.

Writing a randomized bruteforcer is very similar to writing a sequential bruteforcer. The only change in the attack is the password generation. For the password generation, in order to efficiently guess the password, you'll want to guess inside of a range character length. For example, if I was attacking someone, I would only try passwords between 6 and 8 characters in length since that is the average password size. Once you have the length decided upon and you have the location to attack specified, all thats left to do is generate and try passwords.

Below is a simple randomized bruteforce attack I wrote in C/C++:
 /*Change "(" to "<" and change ")" to ">" */
#include (iostream)
#include (string)
 
      using namespace std;
 
      /*Prototypes*/
      void checkPassword(string password);
    
      /*Globakl Variables*/
      char chars[]={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
      string t;
 
      /*This function checks to see if the generated password is correct*/
      void checkPassword(string password) {
         
      cout << "Trying this password: " << password << endl;

      if (password==t) {
 
      cout << "match [" << password << "]" << endl;
    
      int pause;
      cin >> pause;
 
      exit(1);
 
      }
 
      }
    
      int main() {
 
      cout << "Enter a string (No more then 10 characters for demonstration purposes): " << endl;
 
      cin >> t;
 
      int passwordsize = t.length();
      string basestring = "";
 
      for(;;){
 

    /*Generate and then check the password*/
      for(int i=0;i
 
      int chooseachar = rand() % 35 + 0;
      basestring += chars[chooseachar];
 
      }
      checkPassword(basestring);
      basestring = "";
      }
 
      return 0;
 
      }


Really, this attack is much simpler then the sequential bruteforce attacks and should be very easy for everyone to understand. One quick note about it, for demonstration purposes, it only guesses passwords as long as the one you input.

1 comment:

  1. Once again, blogger is screwing with me.

    The for loop near the bottom should be:
    for(int i=0;i<passwordsize;i++) {

    ReplyDelete