# Running a Brute Force Attack Simulation...

Show 80 post(s) from this thread on one page
Page 1 of 3 123 Last
• 05-27-2007
Junior89
Running a Brute Force Attack Simulation...
Hi everyone!

I was bored so i was running a brute force attack on a simple encryption scheme i came up with. I'm using a known plaintext and known (complementary) ciphertext. So the computer's job it to guess the key until it finds the right one.

The encrypt() function i wrote works both as the encryptor and decryptor, it acts on two given strings (plaintext and the key) and returns a string (the enciphered one).

My question now is, how do i get the computer to start guessing? i.e. ->
1. "a"
2. "b"
3. "c"
...
27. "aa"
28. "ab"
...
53. "aaa"
54. "aab"
...
etc.

Thanks!
• 05-28-2007
vart
using for loops... loops inside loops...
• 05-28-2007
Junior89
how exactly?

I cant think of it, i cheated a bit, knowing that it was an 8 letter (lowercase) password, and i set the initial test string to "aaaaaaaa" and tried rotating the letters from there.

Actually, i just had a thought i'll give a try, but suggestions are very welcome.

Thanks!
• 05-28-2007
Salem
The same way that you would implement arbitrary precision arithmetic.

aaaa
aaab

When you get to
aaaz
you then carry into the next position and get
aaba

Think how you would do this with
0000
to
9999
and generalise it.
• 05-28-2007
Junior89
Yeah true, i think i know how i might implement that.

My idea was to use a circularly-linked list, with all of the possible numerals (lowercase, numbers, and uppercase) as each item on the rotor (list). Then rotate it, make the string, and check. Then if all the items on one wheel dont work, i simply add another wheel, and so on and so forth.

Probably overkill huh?
• 05-28-2007
MacGyver
I actually wrote a program like this some time ago and lost it when I formatted. Perhaps I should write it again. :)

I think you're thinking way too hard about this. Your alphabet should be in an array since your array cannot be longer than 256 if you use every ASCII code and then some (ie. size of a byte aka a char). If you want to, stick the alphabet in a file or get it from the user. Unless you'll be doing a unicode password, this should be sufficient.

From what I remember, I had the length of the string as the limit of times to execute an inner loop. You need at least two loops, but maybe you need three. I wanted to make it handle a custom alphabet, but I never got around to it, if I remember correctly, and just had it go through the standard A-Z and a-z.
• 05-28-2007
CrazyNorman
You could implement things recursively.
Code:

```const char MAX = 'z', MIN = 'a'; char key[9] = "aaaaaaaa"; bool addKey(int position) {   key[position]++;   if (key[position] > MAX)   {     key[position] = MIN;     if (position==7)       return false;     return addKey(position + 1);   }   return true; } int runSimulation() {   while (addKey(0))     testKey(); //Implement that part yourself... }```
EDIT: Cannot guarantee that the above code will be error free as I have not tested...
• 05-28-2007
Junior89
Thanks everyone, i'll look into that last post!

However, i've decided to take my over-complicated Rotor idea and run with it. And so far (i'm amazed) i havent had any significant problems and it's nearly finished. I have hit a bit of a puzzler though, i dont know how to implement this next bit. Well, here's the function to Rotate the Whole Cylinder one spot. The problem is making it dynamic enough so that i dont have to nest like 8 if loops in a row. I know there's a way to do it with for loops i just cant seem to find it...

Anyways, here's the function thus far, simple, and relys on other functions:
Code:

```void rotateCylinder(cylinder *current, vector<char> p) {         //Rotates the entire cylinder once         current->rotors[0] = current->rotors[0]->next;         if(current->rotors[0]->value == "a") //first spot again         {                 //Either rotate the second cylinder, or add a cylinder                 if(current->rotors[1] == NULL)                 {                         //Add Cylinder                         addRotor(current, p);                 }else                 {                         current->rotors[1] = current->rotors[1]->next;                 }         } }```
Ideas welcome! :D

PS--------

Is there a string.function() that clears the string? Is it string.clear()? Just wondering, i need it instead of using string = "" like i am now. Thanks!
• 05-28-2007
MacGyver
Yes, clear() is a member function of class std::string that should do what you want.
• 05-28-2007
Junior89
dankeschon!

how about the bigger problem? the function itself? Ideas?
• 05-28-2007
Junior89
ok so i had a thought, and tried implementing it, and i'm pretty sure it'll work but i get some errors:
Quote:

brute force cracker 1\main.cpp(199) : error C2446: '==' : no conversion from 'const char *' to 'int'
And here's the new and improved function:
Code:

```void rotateCylinder(cylinder *current, vector<char> p, int pos) {         //Rotates the entire cylinder once         current->rotors[pos] = current->rotors[pos]->next;         if(current->rotors[pos]->value == "a") //first spot again         {                 //Either rotate the second cylinder, or add a cylinder                 if(pos < NUM_ROTORS-1)                 {                         if(current->rotors[pos+1] == NULL)                         {                                 //Add Cylinder                                 addRotor(current, p);                         }else                         {                                 rotateCylinder(current, p, pos+1);                         }                 }         } }```
current is the cylinder (as i named it) which has X amount of rotors in it, the pointers to these rotors are contained in the one piece of data inside the cylinder struct i created, an array named rotors[] which holds said pointers. Just thought i'd explain that if there were to be any confusion.

Thanks!
• 05-28-2007
Junior89
Nevermind! Fixed it :D

Now let's see how long it'll take to crack it! haha
• 05-28-2007
ChaosEngine
Quote:

Originally Posted by Junior89
Nevermind! Fixed it :D

Now let's see how long it'll take to crack it! haha

well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)

;)
• 05-28-2007
Junior89
yeah... haha, i cut the password down to 4 characters ;) i realized that bit a little ways into things.

I'm having trouble with displaying this info though:
Code:

```cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time&#37;60000)<<" Minutes, ";         time = time - (60000*(time%60000));         cout<<(time%1000)<<" Seconds, and ";         time = time - (1000 * (time%1000));         cout<<time<<" Milliseconds to crack the password."<<endl;         cout<<"With as, "<<tested<<" attempts."<<endl;         cout<<"At Approximately "<<aps<<" attempts per second.";```
Just to show how long it took in different units...

Why wont it work? =(

EDIT------------
Actually...

I'm getting a runtime error, div by 0, but why?
Code:

```time = stopTimer();         aps = (tested/(time%1000));         cout<<"The Password Is: "<<conCylinder(main, ptext, ctext, p, tested)<<endl;         cout<<endl<<"It took:"<<endl<<"======="<<endl<<(time%60000)<<" Minutes, ";         time = time - (60000*(time%60000));         cout<<(time%1000)<<" Seconds, and ";         time = time - (1000 * (time%1000));         cout<<time<<" Milliseconds to crack the password."<<endl;         cout<<"With as, "<<tested<<" attempts."<<endl;         cout<<"At Approximately "<<aps<<" attempts per second.";         cin.ignore();```
And i initialized time to 1, and it gets reassigned a number when the function finishes.
• 05-29-2007
h3ro
Quote:

well assuming you have a case sensitive 8 character alphanumeric password, (upper + lower and 0-9 = 62 chars) that's 62^8 or 218340105584896 possible combinations.

if we pluck a number out of the air and say you can try 10000 passwords a second, it'll still take you 6065002 hours (or about 700 years!)
Wow, thats insane. I thought a password could be broken in much less time (thank you Hollywood for a good 'hacker' education XD)

Is there some faster ways to break a password if you dont have any information about it?
Show 80 post(s) from this thread on one page
Page 1 of 3 123 Last