koetje Posted October 27, 2011 Share Posted October 27, 2011 Hi i am new and a complete beginner in AutoIT and programming. I am currently using a program which i forgot the password for it was a password with 4 numbers. It's an accounting software and the programmer stopped giving support. I know it's stupid to forget the password for something really important. So here's the deal i trying to bruteforce it. Until now i have this. 1 run("F:\SoftwareFactory\Restaurant-Takeaway\SF.exe") 2 WinWaitActive("Login") 3 Sleep(2000) 4 $nummer = 5 Send("$numner") 6 Send("{ENTER}") 7 Sleep(5000) 8 Send("{ENTER}") The program needs to send numbers 1 to 9999 , one by one , so bruteforcing it. Any help? Link to comment Share on other sites More sharing options...
MonsieurOUXX Posted October 27, 2011 Share Posted October 27, 2011 (edited) First, be careful, you misspelled $nummer (you wrote $numner).Also, you must not do this : Send("$nummer")(otherwise it's like you type the string "$nummer" into the login window, instead of copying the value contained by the $nummer variable)Instead, the correct instruction should be : Send($nummer)(without the quotes) === I'm not sure if the login window will set the focus directly to the password field ("Send" will be enough) or if your first need to set the focus to the password field. The script below doesn't set the focus to the password field. === The value of $nummer can be generated by a loop, incrementing $nummer at every iteration.for example: run("F:\SoftwareFactory\Restaurant-Takeaway\SF.exe") WinWaitActive("Login") Sleep(2000) ;not sure why you need to wait 2 seconds here $nummer=0 while $nummer < 10000 ;loop until we reach 9999 Send($nummer) Send("{ENTER}") Sleep(1000) ;adjust the time needed between each attempt $nummer = $nummer+1 wend See the comments in the code abive.Also please note that my script will type numbers between 0 and 999 without the zeros in front of them. I'm not sure if you need "83" to be entered as "0083" Edited October 27, 2011 by MonsieurOUXX Link to comment Share on other sites More sharing options...
sleepydvdr Posted October 27, 2011 Share Posted October 27, 2011 If you need the number to be formatted with zeros like MonsieurOUXX mentioned, then change: Send($nummer) To: $formattedNumber = StringFormat("%04d", $number) Send($formattedNumber) #include <ByteMe.au3> Link to comment Share on other sites More sharing options...
bogQ Posted October 27, 2011 Share Posted October 27, 2011 (edited) Reported Edit: i really can't believe that there are some people who dont understand that this forum isnt for illegal things. I can understand it from someone who have 60 posts, from someone who is here 3 years and have 400+ posts i realy cant. shame on you. Edited October 27, 2011 by bogQ TCP server and client - Learning about TCP servers and clients connectionAu3 oIrrlicht - Irrlicht projectAu3impact - Another 3D DLL game engine for autoit. (3impact 3Drad related) There are those that believe that the perfect heist lies in the preparation.Some say that it’s all in the timing, seizing the right opportunity. Others even say it’s the ability to leave no trace behind, be a ghost.  Link to comment Share on other sites More sharing options...
MonsieurOUXX Posted October 27, 2011 Share Posted October 27, 2011 (edited) Woops, you're totally right. Sorry, I didn't know there were such rules on the forum.I had no way to now if this is illegal. Indeed, if that person owns the license to that software and if he owns the data, as he said, and if the ULA of that (old) accountancy application doesn't mention automated logging, then it's not illegal. Having said that, I understand what you said and I apologize for having broken the forum's rules. Sorry again. Edited October 27, 2011 by MonsieurOUXX Link to comment Share on other sites More sharing options...
Manko Posted October 27, 2011 Share Posted October 27, 2011 (edited) You should always be weary when a firstposter asks for shady things, nomater how good his reasons/arguments/stories are... /Manko [EDIT: is plural are...] Edited October 27, 2011 by Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Blue_Drache Posted October 27, 2011 Share Posted October 27, 2011 Woops, you're totally right. Sorry, I didn't know there were such rules on the forum. Suggestion... remove your reply. It will look better if you remove it before a mod does. Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache Link to comment Share on other sites More sharing options...
sleepydvdr Posted October 27, 2011 Share Posted October 27, 2011 Reported Edit: i really can't believe that there are some people who dont understand that this forum isnt for illegal things. I can understand it from someone who have 60 posts, from someone who is here 3 years and have 400+ posts i realy cant. shame on you. I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that. #include <ByteMe.au3> Link to comment Share on other sites More sharing options...
kaotkbliss Posted October 27, 2011 Share Posted October 27, 2011 I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that. I believe it falls under thisBreaking CAPTCHA's, by-passing anti-bot measures or other methods for by-passing software activation. 010101000110100001101001011100110010000001101001011100110010000 001101101011110010010000001110011011010010110011100100001 My Android cat and mouse gamehttps://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek We're gonna need another Timmy! Link to comment Share on other sites More sharing options...
sleepydvdr Posted October 27, 2011 Share Posted October 27, 2011 It's not to bypass software activation. Bypassing software activation is not entering a serial number or fooling the software that it got activation confirmation from the internet. He was not trying to do any of that. This person's software password cracking is to crack his own password so he can use his software. #include <ByteMe.au3> Link to comment Share on other sites More sharing options...
JohnOne Posted October 27, 2011 Share Posted October 27, 2011 How certain are you that every script weasel who cares to look, wont take this innocent password forcing script and use it to aid their own dastardly deeds? Its common sense, I'm sure you realize that. AutoIt Absolute Beginners  Require a serial  Pause Script  Video Tutorials by Morthawt  ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
sleepydvdr Posted October 27, 2011 Share Posted October 27, 2011 How certain are you that every script weasel who cares to look, wont take this innocent password forcing script and use itto aid their own dastardly deeds? Its common sense, I'm sure you realize that. Well, when the mods read this thread and if they deem password crackers to be off limits, I suggest they update the forum rules to specify that. As it stands, there is nothing in the rules against password crackers. #include <ByteMe.au3> Link to comment Share on other sites More sharing options...
nitekram Posted October 27, 2011 Share Posted October 27, 2011 So now the rules will have to be updated, so that we can point to the fact that this is not what we want to have people using AutoIt for. 2¢ All by me:"Sometimes you have to go back to where you started, to get to where you want to go." "Everybody catches up with everyone, eventually" "As you teach others, you are really teaching yourself." From my dad "Do not worry about yesterday, as the only thing that you can control is tomorrow."  WIKI | Tabs; | Arrays; | Strings | Wiki Arrays | How to ask a Question | Forum Search | FAQ | Tutorials | Original FAQ | ONLINE HELP | UDF's Wiki | AutoIt PDF AutoIt Snippets | Multple Guis | Interrupting a running function | Another Send StringRegExp | StringRegExp Help | RegEXTester | REG TUTOR | Reg TUTOT 2 AutoItSetOption | Macros | AutoIt Snippets | Wrapper | Autoit Docs SCITE | SciteJump | BB | MyTopics | Programming | UDFs | AutoIt 123 | UDFs Form | UDF Learning to script | Tutorials | Documentation | IE.AU3 | Games? | FreeSoftware | Path_Online | Core Language Programming Tips Excel Changes ControlHover.UDF GDI_Plus Draw_On_Screen GDI Basics GDI_More_Basics GDI Rotate GDI Graph GDI  CheckExistingItems GDI Trajectory Replace $ghGDIPDll with $__g_hGDIPDll DLL 101? Array via Object GDI Swimlane GDI Plus French 101 Site GDI Examples UEZ GDI Basic Clock GDI Detection Ternary operator Link to comment Share on other sites More sharing options...
kaotkbliss Posted October 27, 2011 Share Posted October 27, 2011 Not wanting to drag this out any longer, butIt does in fact CLEARLY fall into what I bolded. Reguardless of whether the software was purchased or not It requires a password to be started/activatedUsing a brute force cracker to bypass that, bypasses the activation/startup security of the program and thus:is a method for by-passing software activation. 010101000110100001101001011100110010000001101001011100110010000 001101101011110010010000001110011011010010110011100100001 My Android cat and mouse gamehttps://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek We're gonna need another Timmy! Link to comment Share on other sites More sharing options...
JohnOne Posted October 27, 2011 Share Posted October 27, 2011 Well, when the mods read this thread and if they deem password crackers to be off limits, I suggest they update the forum rules to specify that. As it stands, there is nothing in the rules against password crackers. Suggest away. As far as I'm concerned I don't need every single possible thing that might be stupid or against the rules spelling out. Clearly others do. Good luck with that. AutoIt Absolute Beginners  Require a serial  Pause Script  Video Tutorials by Morthawt  ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
GEOSoft Posted October 27, 2011 Share Posted October 27, 2011 It definitely falls under the area where we don't want to see AutoIt used for any potentially malicious or unethical purposes. We really do support sustaining a good reputation for AutoIt. sleepydvdr 1 George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!" Link to comment Share on other sites More sharing options...
Valik Posted October 27, 2011 Share Posted October 27, 2011 I don't see anything in the rules against making a bruteforce password cracker. Please show me where it says that.I want you to think real hard about the rules. In fact, I want you to think about it for 3 days because you are banned from this forum. If you'd like to debate further by PM I'd be more than happy to permanently remove you from this forum. For the rest of you who aren't idiots, this falls under "malware". This thread is locked. Several of you need to re-vist the rules. rcmaehl 1 Link to comment Share on other sites More sharing options...
Recommended Posts