Ce bruteforcer permet de générer de manière "brute" une liste de mot de passe, c'est à dire sans dictionnaires. L'alphabet est personnalisable dans le code tout comme le protocol à attaquer.
0x01. PRINCIPE
Ce bruteforcer générique peut permettre d'attaquer n'importe quel protocol, il suffit d'adapter la fonction bruteit selon son besoin.
Par défaut le programme créé un dictionnaire avec les mots de passe.
Les alphabets sont définis en début de programme.
Pour fonctionner un couple de fonction récursive et de la fonction yield permettent la génération de toutesles les combinaisons :
ABC => AAA AAB AAC , ABA ABB ABC , ACA ACB ACC , BAA BAB BAC , BBA BBB BBC , BCA BCB BCC , CAA CAB CAC , CBA CBB CBC , CCA CCB CCC
0x02. CODE
#!/usr/bin/env python import sys import getopt APP = "brute.py" # # Alphabets #------------------------------------------------------------------------------ """ [a-z] | [a-z0-9] | [a-fA-F0-9] [A-Z] | [A-Z0-9] | [a-zA-Z0-9] [a-f] | [a-z0-9] | [a-zA-Z0-9+] [A-F] | [A-F0-9] | [a-f0-9+] [0-9] | [a-f0-9] | [a-z0-9+] [a-z+] | [a-f+] """ alphabet = range(0,10000) alphabet[1] = "abcdefghijklmnopqrstuvwxyz" alphabet[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" alphabet[3] = "abcdef" alphabet[4] = "ABCDEF" alphabet[5] = "0123456789" alphabet[6] = """=/-_+$#&"'!<>()[]{}@:/\\\\|%*""" alphabet[12] = alphabet[1] + alphabet[2] # [a-zA-Z] alphabet[126] = alphabet[1] + alphabet[2] + alphabet[6] # [a-zA-Z+] alphabet[346] = alphabet[3] + alphabet[4] + alphabet[6] # [a-fA-F+] alphabet[15] = alphabet[1] + alphabet[5] # [A-Z0-9] alphabet[16] = alphabet[1] + alphabet[6] # [A-Z+] alphabet[156] = alphabet[1] + alphabet[5] + alphabet[6] # [A-Z0-9+] alphabet[25] = alphabet[2] + alphabet[5] # [A-Z0-9] alphabet[26] = alphabet[2] + alphabet[6] # [A-Z+] alphabet[256] = alphabet[2] + alphabet[5] + alphabet[6] # [A-Z0-9+] alphabet[1256] = alphabet[1] + alphabet[2] + alphabet[5] + alphabet[6] # [a-zA-Z0-9+] alphabet[35] = alphabet[3] + alphabet[5] # [a-f0-9] alphabet[36] = alphabet[3] + alphabet[6] # [a-f+] alphabet[356] = alphabet[3] + alphabet[5] + alphabet[6] # [a-f0-9+] alphabet[45] = alphabet[4] + alphabet[5] # [A-F0-9] alphabet[46] = alphabet[4] + alphabet[6] # [A-F+] alphabet[456] = alphabet[4] + alphabet[5] + alphabet[6] # [A-F0-9+] alphabet[56] = alphabet[5] + alphabet[6] # [0-9+] alphabet[3456] = alphabet[3] + alphabet[4] + alphabet[5] + alphabet[6] # [a-fA-F0-9+] number = 0 # number of generated pass # # Functions #------------------------------------------------------------------------------ def combine (alphabet, nb, base = ''): for c in alphabet: if nb == 1: yield base + c else: for c1 in combine(alphabet, nb-1, base + c): yield c1 def usage(): print "\\nUsage: %s <-a alphabet> <-l limit> [-i] [-m match] [-v] [-f]" % APP print """ -a : alphabet -l : (max) length -i : increase length bruteforce -m : match -v : display generated combination -f : write to file alphabets : [a-z] | [a-f] | [0-9] [a-z+] | [a-f+] | [0-9+] [A-Z+] | [A-F+] | [+] [a-zA-Z] | [a-fA-F] [a-z0-9] | [a-f0-9] [A-Z0-9] | [A-F0-9] [a-zA-Z+] | [a-fA-F+] [a-z0-9+] | [a-f0-9+] [A-Z0-9+] | [A-F0-9+] [a-zA-Z0-9+] | [a-fA-F0-9+] + : with symbols exemple : """ print """ ./%s -a '[0-9]' -l 4 > will generate 4 digits : 0000 -> 9999 """ % APP print """ ./%s -a '[a-z]' -l 6 -i > will generate a->z + aa->zz + aaa->zzz + ... + aaaaaa->zzzzzz """ % APP print """ ./%s -a '[a-z]' -l 6 -i -m toto > will generate a->z + aa->zz + aaa->zzz + ... + aaaa->toto """ % APP sys.exit(1) def alphabet_to_index(alpha): ialpha = -1 if( alpha == "[a-z]" ): ialpha = 1 if( alpha == "[A-Z]" ): ialpha = 2 if( alpha == "[a-f]" ): ialpha = 3 if( alpha == "[A-F]" ): ialpha = 4 if( alpha == "[0-9]" ): ialpha = 5 if( alpha == "[+]" ): ialpha = 6 if( alpha == "[a-zA-Z]" ): ialpha = 12 if( alpha == "[a-zA-Z+]" ): ialpha = 126 if( alpha == "[a-zA-Z0-9]" ): ialpha = 125 if( alpha == "[a-fA-F0-9]" ): ialpha = 345 if( alpha == "[a-fA-F+]" ): ialpha = 346 if( alpha == "[a-z0-9]" ): ialpha = 15 if( alpha == "[a-z+]" ): ialpha = 16 if( alpha == "[a-z0-9+]" ): ialpha = 156 if( alpha == "[A-Z0-9]" ): ialpha = 25 if( alpha == "[A-Z+]" ): ialpha = 26 if( alpha == "[A-Z0-9+]" ): ialpha = 256 if( alpha == "[a-f0-9]" ): ialpha = 35 if( alpha == "[a-f+]" ): ialpha = 36 if( alpha == "[a-f0-9+]" ): ialpha = 356 if( alpha == "[A-F0-9]" ): ialpha = 45 if( alpha == "[A-F+]" ): ialpha = 46 if( alpha == "[A-F0-9+]" ): ialpha = 456 if( alpha == "[0-9+]" ): ialpha = 56 if( alpha == "[a-zA-Z0-9+]" ): ialpha = 1256 if( alpha == "[a-fA-F0-9+]" ): ialpha = 3456 return(ialpha) ## Function to do with bruteforce ! """ brute.py is a generic program to generate password. there is only one function to complete bruteit(...) to make your own ! """ def bruteit(string,match,disp=0,writefile=""): if disp: print string if writefile: f = open(writefile,"a") f.write(string+"\\n") f.close() global number number = number + 1 if( string == match ): print string sys.exit(0) # # Main #------------------------------------------------------------------------------ def main(): limit = -1 ilimit = -1 ialpha = -1 alpha = "" iterate = 0 match = "-" error = 2 disp = 0 writefile = "" optlist, args = getopt.getopt( sys.argv[1:] , "a:l:m:ivf:" ) for opt in optlist: if( opt[0] == '-a' ): ialpha = alphabet_to_index( opt[1] ) if( ialpha == -1 ): print "\\nError : `%s` is not a known alphabet\\n" % opt[1] usage() else: error = error - 1 if( opt[0] == '-l' ): try: limit = int(opt[1]) error = error - 1 except: print "\\nError : `%s` is not an integer\\n" % opt[1] usage() if( opt[0] == '-i' ): iterate = 1 if( opt[0] == '-m' ): match = opt[1] if( opt[0] == '-v' ): disp = 1 if( opt[0] == '-f' ): writefile = opt[1] if( error != 0 ): print "\\nError : some argument is missing." usage() try: if( iterate == 1 ): for ilimit in range(1,limit+1): for string in combine(alphabet[ialpha], ilimit): bruteit( string , match , disp , writefile ) elif( iterate == 0 ) : for string in combine(alphabet[ialpha], limit): bruteit( string , match , disp , writefile ) except(KeyboardInterrupt): print "\\n" + number + " password genereted.\\n" print "\\n[CTRL+C] : program aborted.\\n" sys.exit(130) if __name__ == '__main__': main()
=> Écrit par : Nicolas, le 16 février 2016