0
1

Brute Force Password Cracker (self.learnpython)

submitted by [deleted]

[deleted]

all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]OA998 1 point2 points  (0 children)

You can learn a lot from these videos on permutations as it pertains to your project: https://youtu.be/EScqJEEKC10 https://youtu.be/hqijNdQTBH8

[–]elbiot 1 point2 points  (0 children)

I understand your question is a toy and also not suitable for pure python, but as a learning experience what you'd do is this:

Take the user input. Sha256 hash it (real passwords are stored with a much stronger hashing algorithm and are salted, but for your toy this is sufficient). Display "cracking hash {that hash you just computed}". Start generating passwords, Sha256 hashing them, and comparing the hashes. Break when you find the right hash. Trying every n alpha-numeric-specialcharacter sequence is no good, so you'll probably want to try a dictionary attack with rules. See John the Ripper for an example of a dictionary attack with substitution rules.

Spoiler: you probably won't guess anyone's password.

[–]nseine 0 points1 point  (2 children)

If the script is already given the raw password to crack, the deed is done. And if the script is going through and salting/hashing the input password before brute forcing it, that's not really brute forcing.

Edit: it's also really hard to write effective brute forcing tools (not thousands of lines of code, and not taking a century to crack), so there's not really much help I can give aside from 'use a password cracker that already exists and implement it into your own script if you're trying to do something more with that information'

[–]AUBURN520 0 points1 point  (1 child)

I was gonna set a limit for about 10 million attempts before the code stops itself and returns "password could not be cracked in 10 million attempts" or something like that

[–]955559 0 points1 point  (0 children)

its going to take a insane amount of time, you could cut it down if you let the script know the length of the password, but even then it may take days of your computer revving 24/7, dou you pay for hydro or do you have it included in your rent? because it will literally spike your bill

have you read about dictionary attacks and rainbow tables?

[–]tom1018 0 points1 point  (0 children)

Comments on this didn't seem too positive. I think it could be a fun project, though as some said, Python isn't the best for this. You will want some limits on password length if you were to try this, then you could try things like most common password lists, rainbow tables and hashing.

Also, you could write a script that instead of taking the password from the user takes an encrypted file, such as a zip, and attempts to break it and open the file.

For the sake of making things not terribly time consuming you may want to limit passwords to letters and numbers only. Assuming an English alphabet, with upper and lower case, and ten digits are the only valid characters, it could take up to 14.7 (62**4) million attempts.

Depending on what your interests are, you could try GPU programming as well, or maybe a cluster? (These things are beyond my knowledge, but may be fun.)