How to make a Bruteforce in Python?

Asked

Viewed 3,554 times

4

I’m trying to create a Bruteforce program that can generate passwords with a size x of characters. The problem is that I can’t develop a logic for this. See my code below:

chars = getAllChars() # Obtém caracteres [A-z 0-9]

password = "pato34" # Senha que deverá ser encontrada

c1, c2, c3, c4, c5, c6 = "", "", "", "", "", ""

def checks(*chars, show = True):
    global password
    string = ""

    for char in chars:
        string += char

    if show: print(string)
    if string == password: return True

def bruteForce():
    global c1,c2,c3,c4,c5,c6

    for c1 in chars:
        if checks(*getChars()): return getChars()

        for c2 in chars:
            if checks(*getChars()): return getChars()

            for c3 in chars:
                if checks(*getChars()): return getChars()

                for c4 in chars:
                    if checks(*getChars()): return getChars()

                    for c5 in chars:
                        if checks(*getChars()): return getChars()

                        for c6 in chars:
                            if checks(*getChars()): return getChars()

def getChars():
    return c1, c2, c3, c4, c5, c6

print(bruteForce())

This code basically tries every possible combination with every letter and number until it finds a 6-digit password. The problem is that if I want to do a Bruteforce for 20-digit passwords, I should write 20 blocks for.

You can reduce this so you don’t need to write more lines of code for a larger password size ?

1 answer

2


I already gave my joinha to C.Bohok, above, but one problem I found is that if we include a character in the password (for example: #) that does not have in digits his program will run until it reaches the maximum value of combinations, which I think is equal to the factorial of (Len(digits) = 62), trying to find a match. To see the value, do it in interactive python3 mode:

from Math import factorial

factorial(62)

When it comes to a password at first we do not know which are the characters that compose it but sometimes we can know which is the maximum size of it.

If you will allow me, below I present two functions being one developed using basic python instructions and another using the itertools module that allows even create programs for the lottery.

The function using itertools is faster.

#!/usr/bin/env python3

from itertools import product

chars  = [chr(i) for i in range(97, 123)]
chars += [chr(i) for i in range(65, 91)]
chars += [chr(i) for i in range(48, 58)]

# Ou descomente a linha abaixo para incluir todos os caracteres geralmente usados em um password
#chars  = [chr(i) for i in range(32, 127)]

password = 'gato'
tentativa = 0

def bruteForce_1(chars, password, lenPass):
    tentativa = 0

    for i in product(chars, repeat=lenPass):
        combina = ''.join(i)
        tentativa += 1
    
        if (tentativa % 500000 == 0):
            print('%10i --> %s' % (tentativa, combina))

        if password == combina:
            return('Senha encontrada é "{}", após {} tentativas.'.format(combina, tentativa))

    return ('Senha NÃO encontrada')

def bruteForce_2(chars, password, lenPass, comb_anterior = ''):
    global tentativa

    for LETRA in chars:
        combina = comb_anterior + LETRA
        tentativa += 1
        if (tentativa % 500000 == 0):
            print('%10i --> %s' % (tentativa, combina))

        if password == combina:
            print('Senha encontrada é "{}", após {} tentativas.'.format(combina, tentativa))
            #return 'ok'
            exit()

        elif (lenPass != 1):
            # E aqui a chamada da recursividade
            bruteForce_2(chars, password, lenPass-1, combina)

print(bruteForce_1(chars, password, lenPass=4))
print('*' * 60 + '\n')

print(bruteForce_2(chars, password, len(password)))
print('*' * 60 + '\n')

print(bruteForce_2(chars, 'cabo', 4))
print('*' * 60 + '\n')

print(bruteForce_2(chars, 'cabo', 5))

# Fim

Try changing the parameters passed to the functions.

Well... to summarize the possibilities are many...

And be happy.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.