Sign in to follow this  
Followers 0
koetje

bruteforcing a password

17 posts in this topic

Hi i am new and a complete beginner in AutoIT and programming.

I am currently using a program which i forgot the password for it was a password with 4 numbers. It's an accounting software and the programmer stopped giving support. I know it's stupid to forget the password for something really important. So here's the deal i trying to bruteforce it.

Until now i have this.

1 run("F:\SoftwareFactory\Restaurant-Takeaway\SF.exe")

2 WinWaitActive("Login")

3 Sleep(2000)

4 $nummer =

5 Send("$numner")

6 Send("{ENTER}")

7 Sleep(5000)

8 Send("{ENTER}")

The program needs to send numbers 1 to 9999 , one by one , so bruteforcing it. Any help?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

First, be careful, you misspelled $nummer (you wrote $numner).

Also, you must not do this :

Send("$nummer")

(otherwise it's like you type the string "$nummer" into the login window, instead of copying the value contained by the $nummer variable)

Instead, the correct instruction should be :

Send($nummer)

(without the quotes)

===

I'm not sure if the login window will set the focus directly to the password field ("Send" will be enough) or if your first need to set the focus to the password field. The script below doesn't set the focus to the password field.

===

The value of $nummer can be generated by a loop, incrementing $nummer at every iteration.

for example:

run("F:\SoftwareFactory\Restaurant-Takeaway\SF.exe")
WinWaitActive("Login")
Sleep(2000) ;not sure why you need to wait 2 seconds here
 
 
$nummer=0
while $nummer < 10000 ;loop until we reach 9999
   Send($nummer)
   Send("{ENTER}")
   Sleep(1000) ;adjust the time needed between each attempt
   $nummer = $nummer+1
wend

See the comments in the code abive.

Also please note that my script will type numbers between 0 and 999 without the zeros in front of them. I'm not sure if you need "83" to be entered as "0083"

Edited by MonsieurOUXX

Share this post


Link to post
Share on other sites

If you need the number to be formatted with zeros like MonsieurOUXX mentioned, then change:

Send($nummer)

To:

$formattedNumber = StringFormat("%04d", $number)
Send($formattedNumber)

#include <ByteMe.au3>

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Reported

Edit: i really can't believe that there are some people who dont understand that this forum isnt for illegal things. I can understand it from someone who have 60 posts, from someone who is here 3 years and have 400+ posts i realy cant. shame on you.

Edited by bogQ

TCP server and client - Learning about TCP servers and clients connection
Au3 oIrrlicht - Irrlicht project
Au3impact - Another 3D DLL game engine for autoit. (3impact 3Drad related)



460px-Thief-4-temp-banner.jpg
There are those that believe that the perfect heist lies in the preparation.
Some say that it’s all in the timing, seizing the right opportunity. Others even say it’s the ability to leave no trace behind, be a ghost.

 

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Woops, you're totally right.

Sorry, I didn't know there were such rules on the forum.

I had no way to now if this is illegal. Indeed, if that person owns the license to that software and if he owns the data, as he said, and if the ULA of that (old) accountancy application doesn't mention automated logging, then it's not illegal.

Having said that, I understand what you said and I apologize for having broken the forum's rules. Sorry again.

Edited by MonsieurOUXX

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

You should always be weary when a firstposter asks for shady things, nomater how good his reasons/arguments/stories are...

/Manko

[EDIT: is plural are...]

Edited by Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

Woops, you're totally right.

Sorry, I didn't know there were such rules on the forum.

Suggestion... remove your reply. It will look better if you remove it before a mod does.


Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache

Share this post


Link to post
Share on other sites

Reported

Edit: i really can't believe that there are some people who dont understand that this forum isnt for illegal things. I can understand it from someone who have 60 posts, from someone who is here 3 years and have 400+ posts i realy cant. shame on you.

I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that.


#include <ByteMe.au3>

Share this post


Link to post
Share on other sites

I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that.

I believe it falls under this

  • Breaking CAPTCHA's, by-passing anti-bot measures or other methods for by-passing software activation.

010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

It's not to bypass software activation. Bypassing software activation is not entering a serial number or fooling the software that it got activation confirmation from the internet. He was not trying to do any of that.

This person's software password cracking is to crack his own password so he can use his software.


#include <ByteMe.au3>

Share this post


Link to post
Share on other sites

How certain are you that every script weasel who cares to look, wont take this innocent password forcing script and use it

to aid their own dastardly deeds?

Its common sense, I'm sure you realize that.

Well, when the mods read this thread and if they deem password crackers to be off limits, I suggest they update the forum rules to specify that. As it stands, there is nothing in the rules against password crackers.


#include <ByteMe.au3>

Share this post


Link to post
Share on other sites

So now the rules will have to be updated, so that we can point to the fact that this is not what we want to have people using AutoIt for.


All by me:

"Sometimes you have to go back to where you started, to get to where you want to go." 

"Everybody catches up with everyone, eventually" 

"As you teach others, you are really teaching yourself."

From my dad

"Do not worry about yesterday, as the only thing that you can control is tomorrow."

 

WindowsError.gif

WIKI | Tabs; | Arrays; | Strings | Wiki Arrays | How to ask a Question | Forum Search | FAQ | Tutorials | Original FAQ | ONLINE HELP | UDF's Wiki | AutoIt PDF

AutoIt Snippets | Multple Guis | Interrupting a running function | Another Send

StringRegExp | StringRegExp Help | RegEXTester | REG TUTOR | Reg TUTOT 2

AutoItSetOption | Macros | AutoIt Snippets | Wrapper | Autoit  Docs

SCITE | SciteJump | BB | MyTopics | Programming | UDFs | AutoIt 123 | UDFs Form | UDF

Learning to script | Tutorials | Documentation | IE.AU3 | Games? | FreeSoftware | Path_Online | Core Language

Programming Tips

Excel Changes

ControlHover.UDF

GDI_Plus

Draw_On_Screen

GDI Basics

GDI_More_Basics

GDI Rotate

GDI Graph

GDI  CheckExistingItems

GDI Trajectory

Replace $ghGDIPDll with $__g_hGDIPDll

DLL 101?

Array via Object

GDI Swimlane

GDI Plus French 101 Site

GDI Examples UEZ

GDI Basic Clock

GDI Detection

Ternary operator

Share this post


Link to post
Share on other sites

Not wanting to drag this out any longer, but

It does in fact CLEARLY fall into what I bolded.

Reguardless of whether the software was purchased or not

It requires a password to be started/activated

Using a brute force cracker to bypass that, bypasses the activation/startup security of the program and thus:

is a method for by-passing software activation.


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

Well, when the mods read this thread and if they deem password crackers to be off limits, I suggest they update the forum rules to specify that. As it stands, there is nothing in the rules against password crackers.

Suggest away.

As far as I'm concerned I don't need every single possible thing that might be stupid or against the rules spelling out.

Clearly others do.

Good luck with that.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

It definitely falls under the area where we don't want to see AutoIt used for any potentially malicious or unethical purposes.

We really do support sustaining a good reputation for AutoIt.

1 person likes this

George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites

I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that.

I want you to think real hard about the rules. In fact, I want you to think about it for 3 days because you are banned from this forum. If you'd like to debate further by PM I'd be more than happy to permanently remove you from this forum. For the rest of you who aren't idiots, this falls under "malware".

This thread is locked. Several of you need to re-vist the rules.

1 person likes this

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0