Posted: Mon Jun 21, 2010 6:10 pm Post subject: Re: RE:Brute forcing
Tony @ Mon Jun 21, 2010 5:55 pm wrote:
obviously you would need to define "brute-forcing program" and "weak" first.
lol what i mean by bruteforcing is, that is turing a good enough program to make a password bruteforcing program in? or does it not have enough capabilities? like i know you can make it delete files and shut down your computer and stuff, but is it good enough to make a program that can figure out weak to medium passwords? btw this is just for educational purposes and to have something that could take a while to do, or just simply to annoy my sis when im bored lol
Insectoid
Posted: Mon Jun 21, 2010 6:25 pm Post subject: RE:Brute forcing
Well it could do that, yes. Without advanced implementations though it will be very, very slow.
Tony
Posted: Mon Jun 21, 2010 6:27 pm Post subject: RE:Brute forcing
if a password is weak enough, chances are that it's "password1". Try that
Otherwise you can let me know how many permutations of letters and numbers (and symbols, but that instantly makes it "above-medium") one can come up with.
Posted: Mon Jun 21, 2010 6:57 pm Post subject: RE:Brute forcing
Your question doesn't make any sense. Turing can generate lots of passwords quickly, but how can it use them? It can't really interact with anything to try them.
2goto1
Posted: Mon Jun 21, 2010 7:18 pm Post subject: Re: Brute forcing
When it comes to Turing you're better off with social engineering
Other than that perhaps if your password cracking program was trying to crack a user account on a certain website, and if the website exposed a RESTful or HTTP GET based API to validate user names and passwords without the use of SSL (HTTPS), you might be able to do this in Turing. Perhaps the http://compsci.ca/holtsoft/doc/net_openurlconnection.html could fit then. For example:
You could then parse the HTTP response to try to determine if the combination were successful. But the problem is that no website in the real world supports user authentication this way...if they did they definitely wouldn't have any members!
As far as trying to crack username / password combinations for programs running on your desktop, I don't think that can be done with Turing. I think Sys.Exec, http://compsci.ca/holtsoft/doc/sys_exec.html, is about the only way you can interact with external processes..
If you could do HTTP posts then maybe you could attempt this on some websites that didn't require SSL (HTTPS)...but HTTP posts don't appear to be supported. There are a lot of advanced Turing gurus on this site though, maybe they know of a way to do it!
Monduman11
Posted: Mon Jun 21, 2010 9:03 pm Post subject: RE:Brute forcing
kk thanks guys you have actually answered my question and no i wasnt intending to use this on websites lol i just wanted to create a little program and see if i could get it to guess my pass
Sponsor Sponsor
Monduman11
Posted: Mon Jun 21, 2010 9:05 pm Post subject: Re: RE:Brute forcing
Euphoracle @ Mon Jun 21, 2010 6:57 pm wrote:
Your question doesn't make any sense. Turing can generate lots of passwords quickly, but how can it use them? It can't really interact with anything to try them.
well thats what i was wondering if it was somehow possible to make it interact with my desktop stuff and see if it could figure out the passwords for certain things, like password encrypted files and such that i have on my pc... it is just a little experiment that im trying to do
Cezna
Posted: Tue Jun 22, 2010 2:57 pm Post subject: Re: RE:Brute forcing
Monduman11 @ Mon Jun 21, 2010 9:05 pm wrote:
Euphoracle @ Mon Jun 21, 2010 6:57 pm wrote:
Your question doesn't make any sense. Turing can generate lots of passwords quickly, but how can it use them? It can't really interact with anything to try them.
well thats what i was wondering if it was somehow possible to make it interact with my desktop stuff and see if it could figure out the passwords for certain things, like password encrypted files and such that i have on my pc... it is just a little experiment that im trying to do
To my knowledge, there is no way to make it interact with anything to input a password on a pc.
Also:
Monduman11 wrote:
it is just a little experiment that im trying to do
Monduman11 wrote:
i wasnt intending to use this on websites lol i just wanted to create a little program and see if i could get it to guess my pass
Monduman11 wrote:
btw this is just for educational purposes and to have something that could take a while to do, or just simply to annoy my sis when im bored lol
I think we all believe that you're not going to use it for malicious purposes, you don't need to pepper all your posts with disclaimers.
Monduman11
Posted: Tue Jun 22, 2010 3:01 pm Post subject: RE:Brute forcing
lol im just making sure that people understand that its just for fun... u never know there might be people out there that are so paranoid that they believe that everything is for mailcious purposes
Cezna
Posted: Tue Jun 22, 2010 3:07 pm Post subject: Re: RE:Brute forcing
Monduman11 @ Tue Jun 22, 2010 3:01 pm wrote:
lol im just making sure that people understand that its just for fun... u never know there might be people out there that are so paranoid that they believe that everything is for mailcious purposes
I think saying you never know is overly optimistic, such people certainly exist, and I know far too many of them
Monduman11
Posted: Tue Jun 22, 2010 3:08 pm Post subject: RE:Brute forcing
lol then it never hurts to state ur intentions more than once
i know that you can make one in java and i think in python but im not skilled enough in either to make 1 yet lol, hopefully next year
chrisbrown
Posted: Tue Jun 22, 2010 3:20 pm Post subject: RE:Brute forcing
Let's do the math just for fun. Let's assume your password is 4 characters long, using only lowercase english letters. Using permutations, that's more than 350 thousand combinations.
Assuming that you can interact with a website, and there is no retry limit, and that a round-trip response takes 1 second, that's about 4 days of continuous "brute-forcing."
Include numbers and upper-case letters, and that grows to 155 days of computation time.
Change that to a 5-character password and that grows to 24.6 years.
I think you can see where this is going.
Monduman11
Posted: Tue Jun 22, 2010 3:25 pm Post subject: Re: RE:Brute forcing
chrisbrown @ Tue Jun 22, 2010 3:20 pm wrote:
Let's do the math just for fun. Let's assume your password is 4 characters long, using only lowercase english letters. Using permutations, that's more than 350 thousand combinations.
Assuming that you can interact with a website, and there is no retry limit, and that a round-trip response takes 1 second, that's about 4 days of continuous "brute-forcing."
Include numbers and upper-case letters, and that grows to 155 days of computation time.
Change that to a 5-character password and that grows to 24.6 years.
I think you can see where this is going.
umm ouch? lol guess thats a waste of time... how could you make it brute force faster though? cause arnt there some that can figure out your pass in like minutes? i think?
Register
Wiki
Blog
Search
Turing
Chat Room
Members
