Reply to comment

brute force time analysis with bash... and possible alternatives

In a old article I write a simple bash script to crack a known password in h4x0r style.

Now I would explain when this is fattibile.

Let consider a password with only 4 numbers:

eddy22@sophia:~$ echo {0..9}{0..9}{0..9}{0..9}
0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 0010 0011 0012 0013 0014 0015
[...]
9984 9985 9986 9987 9988 9989 9990 9991 9992 9993 9994 9995 9996 9997 9998 9999

We have 10000 items. With 4 letters:

eddy22@sophia:~$ echo {a..z}{a..z}{a..z}{a..z}
aaaa aaab aaac aaad aaae aaaf aaag aaah aaai aaaj aaak aaal aaam aaan aaao aaap
[...]
zzzk zzzl zzzm zzzn zzzo zzzp zzzq zzzr zzzs zzzt zzzu zzzv zzzw zzzx zzzy zzzz
eddy22@sophia:~$ echo {a..z}{a..z}{a..z}{a..z} | wc -w
456976
eddy22@sophia:~$ echo "26^4" | bc
456976

Not bad... we now have 456976 items with only 4 letters...
and if we consider 4 alphanumeric characters?

eddy22@sophia:~$ echo {{0..9},{a..z}}{{0..9},{a..z}}{{0..9},{a..z}}{{0..9},{a..z}}
0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 000a 000b 000c 000d 000e 000f
[...]
zzzk zzzl zzzm zzzn zzzo zzzp zzzq zzzr zzzs zzzt zzzu zzzv zzzw zzzx zzzy zzzz
eddy22@sophia:~$ echo "(26 + 10)^4" | bc
1679616

But we can make better:

eddy22@sophia:~$ echo {{0..9},{a..z},{A..Z},\!,\.,\,,\$,\%,\#,\_,\-}
0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D 
E F G H I J K L M N O P Q R S T U V W X Y Z ! . , $ % # _ -

Well, the number of items now is:

eddy22@sophia:~$ export NUMBER=10
eddy22@sophia:~$ export ALPHAUPP=26
eddy22@sophia:~$ export ALPHALOW=26
eddy22@sophia:~$ export SPECIAL=8
eddy22@sophia:~$ export CHARACTERS=4
eddy22@sophia:~$ echo "($NUMBER + $ALPHAUPP + $ALPHALOW + $SPECIAL) ^ $CHARACTERS" | bc
24010000

Let's begin to make some calculation for brute forcing craking time. We assume to have a CPU able to compute 10000000 (10 million) password/sec.

eddy22@sophia:~$ export PASS_SEC=10000000
eddy22@sophia:~$ echo "scale=2;(($NUMBER + $ALPHAUPP + $ALPHALOW + $SPECIAL) ^ $CHARACTERS) / $PASS_SEC" | bc
2.40

W0w... less than 3 seconds to crack a password like this (-:
but who yet use a password of only 4 characters???
let us down in a real case with a password of 8 characters:

eddy22@sophia:~$ export CHARACTERS=8
eddy22@sophia:~$ export PASS_DAYS=`echo $((3600 * 24))`
eddy22@sophia:~$ echo "scale=2;((($NUMBER + $ALPHAUPP + $ALPHALOW + $SPECIAL) ^ $CHARACTERS) / $PASS_SEC) / $PASS_DAYS" | bc
667.22

A little bit less than 2 years!!!
But in 2 years the password can change!!!

And so... since the brute force technique secure us to find the password (sooner or later) but we must spend most time with strong password, how can we find the password in other way?

Afterwards a list of possible solutions:

  • dictionary attack - ...with a good wordlist
  • sniffer - capture packet on the net hoping in a passing plain text password
  • keylogger - ...it make much more, the problem is install it
  • social engineering - "can you give me your password, please?"
  • seduction - "you have beautiful eyes, i'm falling in love with you..."
  • spy - the trash is full of util information
  • drug - after a good dinner... in glass of champagne (ihihihiiihih)
  • torture - need a flash rapture (bhuahuahauahau)
  • man in the middle - arp poisoning with fake certificates
  • cat /dev/tty1 - (-;
  • exploit - sometimes the password don't need d-:
  • fantasy - all the rest (-:

Reply

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.