问题
I'm trying to create a brute force that will work on a specific files password.
I'm not sure how to get this code to work. This is what I have so far. This code produces the correct possible combinations for the password but I am not sure how to implement this into a brute force attack.
my @alpha = qw(a b c d e f g h i j k l m n o p q r s t u v w x y z);
my $password = @alpha[1];
my @combo = ();
for my $one(@alpha){
for my $two(@alpha){
for my $three(@alpha){
for my $four(@alpha){ push @combo, "$one$two$three$four\n"} }}
I assume ill need to use this command somewhere and secret_file_brute.zip is the file I'm using to test on.
I'm not sure how to declare the $password variable and how to enter my generated combinations from above one by one where the $password command is until the passwords is a match.
$returnVal = system("unzip -qq -o -P $password
secret_file_brute.zip > /dev/null 2>&1");
回答1:
Brute force password cracking is very inefficient, so not really useful except as proof of concept. You've a 4 character alphabetical password, which is a fairly trivial case.
First off - you can write:
my @alpha =( "a".."z" );
generating the words as you're doing will work, but you'll be inserting a linefeed, which means whatever system command you're running won't work.
You also might find making the attempt as you go will improve your speed, not least because you can use multiprocessing trivially for this sort of operation.
Also - you can trap the return code for system to see when you succeed. Capturing the text output of system won't help - you need to inspect $? - see: http://perldoc.perl.org/functions/system.html
Something like this maybe?
#!/usr/bin/perl
use strict;
use warnings;
use Parallel::ForkManager;
my $parallel = 8;
my @alpha = ( "a" .. "z" );
my $manager = Parallel::ForkManager->new($parallel);
my $parent_pid = $$;
for my $one (@alpha) {
for my $two (@alpha) {
for my $three (@alpha) {
for my $four (@alpha) {
$manager->start and next;
system(
"unzip -qq -o -P $one$two$three$four secret_file_brute.zip > /dev/null 2>&1"
);
if ( not $? ) {
print "Password was $one$two$three$four\n";
kill $parent_pid;
}
$manager->finish;
}
}
}
}
回答2:
I think you're trying to generate all possible combination of passwords with the 26 latin characters. Right? Why not use the increment operator?
$password = "a";
for (;;) {
say "$password";
$password++;
}
$password will go from a to z, then from aa to zz, then from aaa to zzz, etc. Thus generating each and every possible combination of passwords from the 26 latin alphabetic characters.
If you're only interested in four character combinations:
$password = "aaaa";
while ( length $password < 5 ) {
say "$password";
$password++;
}
来源:https://stackoverflow.com/questions/28894589/brute-force-attack-test-on-password-for-file