bash

brute force time analysis with bash... and possible alternatives

In a old article I write a simple bash script to crack a known password in h4x0r style.

Now I would explain when this is fattibile.

Let consider a password with only 4 numbers:

eddy22@sophia:~$ echo {0..9}{0..9}{0..9}{0..9}
0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 0010 0011 0012 0013 0014 0015
[...]
9984 9985 9986 9987 9988 9989 9990 9991 9992 9993 9994 9995 9996 9997 9998 9999

We have 10000 items. With 4 letters:

eddy22@sophia:~$ echo {a..z}{a..z}{a..z}{a..z}

bash decrypter with substitution

A friend of mine didn't remember the "real" password (es. v3ry1mp0rt4n7pas5w0r6) that he used to encrypt his file with this openssl syntax:

openssl aes-256-cbc -salt -in myfile -out myfile.enc -k v3ry1mp0rt4n7pas5w0r6

but he remembers the "original" password (es. veryimportantpassword) before haxor replacement (a=4, s=5, e=3, ...)
well, i think that this little script can be useful to resolve this "memory" problem:

#!/bin/bash

for i in `echo v{e,3}ry{i,1}mp{o,0}r{t,7}{a,4}n{t,7}p{a,4}{s,5}{s,5}w{o,0}r{d,6}`
do
Syndicate content