What is Forcebrute’s logic of trial and error?

Question

What is Forcebrute’s logic of trial and error?

Asked 8 years, 12 months ago

Viewed 150 times

2

How is it done to make the billions of possible combinations without wasting time?

I made a system to generate random letters (he can make all the combinations), but he spends a lot of time checking results already made by the fact of being random, and then I made a system with for but I can only get up to 2 characters.

That’s what I got, like I said, I only got it in two digits.

public class Main 
{
static boolean terminar = false;

public static void main(String[] args)
{
    long init  = System.currentTimeMillis(); 

    if(bruteForce(true, true, "0dd", 10, 10000) != "Senha não encontrada")
    {
        System.out.println("A senha é: " + bruteForce(true, true, "0dd", 10, 10000));
    }
    else
    {
        System.out.println("Senha não encontrada"); 
    }

    long end  = System.currentTimeMillis(); 
    long diff = end - init;
    System.out.println("Demorou " + (diff / 1000) + " segundos");
}
public static String bruteForce(boolean numeros, boolean letras, String busca,int maxCaracteres,  int limite)
{
    String[] todos = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "a", "b", "c", "d", "e", "f", "g"
                      , "h", "i", "j", "k", "l", "m", "n", "o", "p", "k", "r", "s", "t", "u", "v", "w", "x", "y", "z"
                      , "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U"
                      , "V", "W", "X", "Y", "Z", "'", "!", "@", "#", "$", "£", "%", "¢", "¨", "¬", "&", "*", "(", ")", "_", "-"
                      , "+", "=", "§", "/", ".", "[", "]", "`", "´", "{", "}", "º", "^", "~", "<", ">", ":", ";", "?", "°", "ª",
                      "|", "¹", "²", "³"};

    String combinacao = "";
    int quantCaracteres = 2;
    double teste = Math.pow(todos.length, 16);
    System.out.println(teste);  

    for(int i = 1; i <= quantCaracteres; i++)
    {
        for(int h = 0; h <= todos.length -1; h++)
        {
            for(int j = 0; j <= todos.length -1; j++)
            {
                combinacao = todos[h] + todos[j];
                System.out.println(combinacao); 
                if(combinacao.equals(busca))
                {
                    return combinacao; 
                }

                combinacao = "";
            }
        }

        //quantCaracteres ++;
    }
    return "Senha não encontrada";
}
}

1

Post the code you already have, we can help you correct it. As for the technique to choose the combinations, there are several answers. The simplest way is to iterate a-z, aa-zz (going through ab, ac, etc.) aaa-zzz... so on.

– RSinohara

2015/07/07 at 16:56
1

Could you explain better what you want? I couldn’t get it right...

– Felipe Avelar

2015/07/07 at 16:56
@Felipeavelar I would like an explanation of what is the best way (that waste less time) to make a brute force attack, the best way to make billions of combinations.

– Lucas Caresia

2015/07/07 at 17:01
@Rsinohara I edited the question with the code I have so far.

– Lucas Caresia

2015/07/07 at 17:08
I meant that the simplest way is to make the combinations a, b, c, d, etc., with a character, then aa, ab, ac, ..., fg, Fh, ... zz. Then with 3, etc. Of course there are ways to avoid useless combinations (using a dictionary), but the point is that doing it randomly is not feasible (you start repeating sequences).

– RSinohara

2015/07/07 at 17:16

2 answers

3

I found this code that can help you. I won’t tell you it’s the best way but it’s certainly a good start:

import java.util.Arrays;

public class BruteForce {

  final int min;
  final int max;
  final int stringLength;

  /**
   * One more element than <i>stringLength</i>,
   * to efficiently check for overflow.
   */
  private final int[] chars;

  public BruteForce(char min, char max, int len) {
    this.min = min;
    this.max = max;
    this.stringLength = len;

    chars = new int[stringLength + 1];
    Arrays.fill(chars, 1, chars.length, min);
  }

  public void run() {
    while (chars[0] == 0) {
      print();
      increment();
    }
  }

  private void increment() {
    for (int i = chars.length - 1; i >= 0; i--) {
      if (chars[i] < max) {
        chars[i]++;
        return;
      }
      chars[i] = min;
    }
  }

  private void print() {
    for (int i = 1; i < chars.length; i++) {
      System.out.print((char) chars[i]);
    }
    System.out.println();
  }

  public static void main(String[] args) {
    new BruteForce('a', 'z', 4).run();
  }

}

I put in the Github for future reference.

Source.

It has simpler shapes than this. It is possible to do with only two for nested, one to increase the position of the character and the other to increase the character itself. But you can even do it with just one loop if you use creativity.

There are more advanced brute force techniques but they play with probabilities. For something simple the fact is that you need to maintain the sequence. What you can’t do is go kicking random values, this will probably give much worse results in most attempts.

Browser other questions tagged java

You are not signed in. Login or sign up in order to post.

by Thiago Luiz Domacoski • **7,310** points · Answer 1 · 2015-07-07T17:11:20+00:00

So from what you said, your code tests the same combination over and over again. One way to decrease is to store the combinations and check if it has already been tested.
You can also use a combination dictionary...
Follow a link q can help you:
http://pt.slideshare.net/clavissecurity/webinar-16-ataques-de-fora-bruta-mtodo-dicionrio-hbridos-e-rainbow-tables