Intro to Brute-Forcing
With this article i will demonstrate importance of setting large passwords.Brute-forcing is the process by which a cracker tries to gain access to passwordly protected areas by repeatedly trying all the possible combinations one by one. It is applied in varied fields like logging in a web application to cracking the a passwordl protected file. It is usually done by using automated programs. Small passwords (eventhough random) are extremely vulnerable to this type of attack, but as the length of passwords increase the time taken to crack it increases exponentialy. Hence it is very important to have a long password, which should not be common. But with the cracker having enough number of processors, it is possible to crack larger paswords.I developed a c program, using which i will demonstrate how easily a 3 letter alphanumeric case sensitive password of a zip file is cracked.With some changes in it, it is possible to brute force webapplications.
Program
This program is written to brute force a passwordly protected zip file.It has to compiled using the gcc compiler of linux.
#include<stdio.h>
#include<stdlib.h> //For exit() & system()
#include<string.h>
#define SIZE 3 // For trying passwords of length "size" bytes
void trythis(char[]);
void main()
{
int p,i,k;
char a[SIZE+1];
for(p=0;p<SIZE;++p)
a[p]=48;
a[SIZE]='\0';
while(1)
{
for(i=48;i<123;++i,a[SIZE-1]=i)
{
if((i>57&&i<65)||(i>90&&i<97)) //for skipping non-alphanum
continue;
trythis(a);
}
for(k=SIZE-1;k>0;--k)
{
if(a[k]==123)
{ a[k]=48; ++a[k-1];
if(a[k-1]==58) //for skipping non-alphanum
a[k-1]=65;
else if(a[k-1]==91)
a[k-1]=97;
}
}
if(a[0]==123)
exit(0);
}
}
void trythis(char a[])
{
char cmnd[35]="unzip -o -P \'";
int status=1;
strcat(cmnd,a);
strcat(cmnd,"\' q.zip");
status=system(cmnd);
if(!status)
{
printf("The pswrd is:");
puts(a);
exit(0);
}
}
Compilation & Execution
The line #define SIZE 3 can be varied according to the size of the password.copy and paste the code in a file anyname.c. open terminal go to the
folder containing anyname.c and type
gcc -o zipcracker anyname.c
It will compile the code and save the output to a binary file named
zipcracker. Copy the the zip file to be cracked (having 3 letter
password) and paste it in the current folder rename it as q.zip.
Invoke the program by typing the following comand at the terminal.
./zipcracker
Now wait for some time, the terminal is busy, within some 10-20
minutes (time may vary depending on processor) you will see the
cracked password of the file. And the extraced file/folder on the same
folder
Explaining Program
Detailed explanation of the c programwe have defined size as 3, for trying 3 letter passwords.
The main() function
The variables p,i,k are defined for looping purpose.
charecter a will be used to store the varying 3 letter combination.
The first for loop is used to set 48 (the ascii value of '0') to all
charecters except the last which is set as '\0'(null terminated
string).
The while loop is used to pass each different combination to the
trythis() function, the program terminates either when passwords is
cracked or when all the combinations are tried.
The first for loop inside the while loop is used to loop the last
charecter(not considering the null) and passing the alphanumeric
values to trythis(). It skips the nonalphanumeric of ascii range
(57-65)&(90-97)
The second for loop inside while (iterating for all charecters in the
array) is used to incriment the value of the previous charecter in the
array once the value has reached 123 (charecter 'z', last
alphanumeric) and value of itself is set as '0'. This loop also skips
non alphanumerics.
The code
if(a[0]==123)
exit(0);
makes the program terminate when all combinations are tried without success.
Fuction trythis()
It recieves the char passed by and appends it properly to the string to unzip.
The statement
status=system(cmnd);
calls the system() func and saves the return value to integer variable
the system() function takes a charecter array and execute it as bash
command, the return value is the status of the by command. The unzip
command returns 0 on success and non-zero on other occations.
On success the password is printed and the program terminates.
I hope with this program you all understand the importance of setting
large passwords, as the same algorithm can be used to hack even your
email account.
Comments are most welcome...
Tags:-brute forcing, .zip, zip, cracking, hacking, .zip password, c program
No comments:
Post a Comment