编写一个粗暴的forcer [英] Coding a brute forcer

问题描述

G''day all


我正在努力应对我的挑战。 Javascript我一直用

给出用两种方式解析用户输入。


首先它生成两个数字。一个是CharCodes和

的总和，另一个是将每个字符组合在一起的产品

和使用模数函数。


如果文本字符串是正确的，那么该字符串然后用于解码（通过

a相对简单的crypt）另一个字符串，然后给你

正确的目标url。


我希望这是有道理的 - 如果它不是，那么它非常不重要，因为

问题如下：


在javascript中，我如何编写允许我循环浏览

所有可能的文本字符串的内容。理想情况下，我想从一个

字典文件中读取然后启动一个暴力破解。


在每个循环中，我想你只需设置input_user（in这个

情况下）到文件中下一行的值。对于字典

攻击我想象。这一点并不是太棘手我不会想到但是我不能这么做我的头脑。也许更多的咖啡会有所帮助吗？


而且我肯定会努力拼凑出一个粗暴的人，所以我转向你们这些人和女孩们问你们你可以帮助我，并指出我在

正确的方向上如何编码。


我也假设我们最终得到的代码，一般来说

也很有用，因为我们可以将这个实例中的输出（转到input_user）改变为另一个变量，并将它与另一个脚本一起使用？


非常感谢，无论如何提前 - 我要低下头了！


谢谢

G''day all

I''m working on a challenge given to me. The Javascript I have been
given parses the user input in two ways.

Firstly it generates two numbers. One is the sum of the CharCodes and
the other is the product of multiply each of the charcodes together
and usisng the Modulus function.

If the text string is correct, the string is then used to decode (via
a relatively simple crypt) another string, which then gives you the
correct target url.

I hope that makes sense - if it doesn''t, its pretty unimportant as the
question I have is as follows :

In javascript, how do I code something that allows me to cycle through
all the possible text strings. Ideally, I would like to read from a
dictionary file and then start a brute force.

Throughout each cycle, I imagine you just set input_user (in this
case) to the value of the next line in the file. For a dictionary
attack I imagine. That bit isn''t too tricky I don''t think but I can''t
get my head around it. Maybe more coffee would help?

And I''m sure struggling to put together a brute forcer so I turn to
you guys and gals to ask if you could help me and point me in the
right direction on how to code this.

I''m assuming also that the code we end up with, would be generically
useful too as in we could vary the output (going to input_user) in
this instance to another variable and use it with another script?

Well thanks anyway in advance - I''m off to get my head down!

Thanks

推荐答案

好奇写道：

Curious wrote:

在javascript中，我如何编写允许我循环浏览所有可能的文本字符串的内容。


您不能，因为AFAIK没有（一般）长度限制其他

比可用内存（并且您不想分配它。）你可以做的是
循环遍历所有字符串，直到有限的固定长度

包含已知的字符/字形子集。这是最多两个ASCII

字符：


for（var i = 0; i< 128; i ++）

... String.fromCharCode（i）...


for（var i = 0; i< 128; i ++）

for（ var j = 0; j <128; j ++）

{

... String.fromCharCode（i）+ String.fromCharCode（j）...

}


如你所见，通用算法是一个递归算法（取一个基本字符串

并测试它的所有连接一个长度为1的字符串，相同的

子集。）请注意，带函数的递归级别仅限于可用的堆栈内存，这限制了可以使用的字符串长度

用它测试，所以最好是找到一种迭代方法。

理想情况下，我想从字典文件中读取然后开始蛮力。


字典文件可以是（生成的）JavaScript文件，其中包含字符串数组'a''的

声明：


var a = new Array（

" a"，

" an"，

" foreign" ，

...

）;


包含文件后，您可以按如下方式迭代数组：


for（var i = 0; i< a.length; i ++）

{

... a [i]。 ..

}

在每个周期中，我想你只需将input_user（在这种情况下）设置为文件中下一行的值。


什么是input_user？

也许更多咖啡会有帮助？

In javascript, how do I code something that allows me to cycle through
all the possible text strings.
You cannot, since AFAIK there is no (general) restriction of length other
than the available memory (and you do not want to allocate that.) What
you can do is to cycle through all strings up to a finite fixed length that
contain a known subset of characters/glyphs. Here is it for up to two ASCII
characters:

for (var i = 0; i < 128; i++)
... String.fromCharCode(i) ...

for (var i = 0; i < 128; i++)
for (var j = 0; j < 128; j++)
{
... String.fromCharCode(i) + String.fromCharCode(j) ...
}

As you see, the general algorithm is a recursive one (take a basic string
and test all concatenations of it with a string of length 1 of the same
subset.) Note that the level of recursion with functions is restricted to
the available stack memory which restricts the length of strings you can
test with it, so it would be best if you find an iterative approach.
Ideally, I would like to read from a dictionary file and then start a brute force.
The dictionary file could be a (generated) JavaScript file that contains a
declaration of a string array `a'':

var a = new Array(
"a",
"an",
"abroad",
...
);

After including the file, you could iterate the array as follows:

for (var i = 0; i < a.length; i++)
{
... a[i] ...
}
Throughout each cycle, I imagine you just set input_user (in this
case) to the value of the next line in the file.
What is input_user?
Maybe more coffee would help?

也许。我会拿Java豆;-)

HTH


PointedEars

Maybe. I would take Java beans ;-)
HTH

PointedEars

< a href =mailto：di ****** @ hotmail.com> di ****** @ hotmail.com （好奇）写道：

di******@hotmail.com (Curious) writes:

我正在努力应对我的挑战。我已经用两种方式解析用户输入的Javascript。

首先它生成两个数字。一个是CharCodes的总和，另一个是将每个字符组合在一起并使用模数函数的乘积。


字符代码是8位还是16位？模数是多少？ 256？

如果文本字符串是正确的，那么该字符串然后用于解码（通过一个相对简单的地穴）另一个字符串，然后它会给你
正确的目标网址。


你如何识别正确的URL？

我希望这是有道理的 - 如果它没有，那它就非常不重要了
我的问题如下：


你让我好奇:)我喜欢一个很好的挑战：=

在javascript中，我如何编写允许的内容我循环浏览所有可能的文本字符串。理想情况下，我想从一个
字典文件中读取，然后开始蛮力。


字典文件比强制强制更难，主要是因为浏览器限制访问文件功能的
Javscript。

当然，你可以直接包含字典。


迭代*所有*字符串需要一段时间。毕竟，

是无限多的（但实际上限于

可用内存或浏览器特定限制的大小）。幸运的是，你要找的字符串

的长度有限，所以你不需要

搜索*太长*

在每个循环中，我想你只需将input_user（在这种情况下）设置为文件中下一行的值。对于我想象的字典攻击。这一点并不是太棘手我不会想到但是我无法理解它。也许更多咖啡会有帮助吗？


将字典输入Javascript是很难的部分。当你有
拥有它时，迭代它是微不足道的。

而且我肯定会努力拼凑出一个粗野的人，所以我转向你们。和gals问你是否可以帮助我，并指出我正确的方向如何编码。

I''m working on a challenge given to me. The Javascript I have been
given parses the user input in two ways.

Firstly it generates two numbers. One is the sum of the CharCodes and
the other is the product of multiply each of the charcodes together
and usisng the Modulus function.
The char codes are 8 bits or 16 bits? What is the modulus? 256?
If the text string is correct, the string is then used to decode (via
a relatively simple crypt) another string, which then gives you the
correct target url.
How do you recognize a correct URL?
I hope that makes sense - if it doesn''t, its pretty unimportant as the
question I have is as follows :
You got me curious :) I love a good challenge :=
In javascript, how do I code something that allows me to cycle through
all the possible text strings. Ideally, I would like to read from a
dictionary file and then start a brute force.
The dictionary file is harder than just brute forcing, mainly due to
Javscript in browsers having restricted access to file functions.
Ofcourse, you could include the dictionary in the directly.

Iterating through *all* strings will take a while. After all, there
are infinitly many (but in practice restricted to the size of
available memory or browser specific limits). With luck, the string
you are looking for is of limited length, so you won''t have to
search *too* long.
Throughout each cycle, I imagine you just set input_user (in this
case) to the value of the next line in the file. For a dictionary
attack I imagine. That bit isn''t too tricky I don''t think but I can''t
get my head around it. Maybe more coffee would help?
Getting the dictionary into the Javascript is the hard part. When you
have it, iterating through it is trivial.
And I''m sure struggling to put together a brute forcer so I turn to
you guys and gals to ask if you could help me and point me in the
right direction on how to code this.

首先你需要限制不同的角色你可以使用

密码。如果你允许所有数千个Unicode字符，

那么你永远不会得到任何地方。字符集越小，

越早打到正确的字符串。

---

函数StringEnumerator（chars）{

this.characters = chars;

this.stringNumber = 0;

this.stringLength = 0;

this .stringNumberLimit = 1;

}

StringEnumerator.prototype.next = function（）{

var res ="" ;;

var idx = this.stringNumber;

var len = this.characters.length;

for（var i = 0; i< this.stringLength ; i ++）{

res + = this.characters.charAt（idx％len）;

idx = Math.floor（idx / len）

}

this.stringNumber ++;

if（this.stringNumber == this.stringNumberLimit）{

this.stringNumber = 0;

this.stringNumberLimit * = len;

this.stringLength ++;

}

返回res;

}

---

使用示例：

---

var characters =" abcdefghiklmnopqrstu vwxyzABCDEFGHIKLMNOPQRSTUVWXY Z" +

" 1234567890，.- + / * :;<>！？@＃

First you need to limit the different characters you can use in the
password. If you allow all of the thousands of Unicode characters,
then you will never get anywhere. The smaller the set of characters,
the sooner you will hit the correct string.
---
function StringEnumerator(chars) {
this.characters = chars;
this.stringNumber = 0;
this.stringLength = 0;
this.stringNumberLimit = 1;
}
StringEnumerator.prototype.next = function() {
var res = "";
var idx = this.stringNumber;
var len = this.characters.length;
for (var i=0;i<this.stringLength;i++) {
res += this.characters.charAt(idx%len);
idx = Math.floor(idx/len)
}
this.stringNumber++;
if (this.stringNumber == this.stringNumberLimit) {
this.stringNumber = 0;
this.stringNumberLimit *= len;
this.stringLength ++;
}
return res;
}
---
Example use:
---
var characters = "abcdefghiklmnopqrstuvwxyzABCDEFGHIKLMNOPQRSTUVWXY Z"+
"1234567890 ,.-+/*:;<>!?@#

&" ;; //或者什么

var strEnum = new StringEnumerator（characters）;


var str1 = strEnum.next（）;

var str2 = strEnum.next（）;

var str3 = strEnum.next（）;

var str4 = strEnum.next（）;

---


/ L

-

Lasse Reichstein Nielsen - lr*@hotpop.com

DHTML死亡颜色：< URL：http：//www.infimum.dk/HTML/rasterTriangleDOM.html>

''没有判断的信仰只会降低精神神圣。''

&"; // or something
var strEnum = new StringEnumerator(characters);

var str1 = strEnum.next();
var str2 = strEnum.next();
var str3 = strEnum.next();
var str4 = strEnum.next();
---

/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
''Faith without judgement merely degrades the spirit divine.''

这篇关于编写一个粗暴的forcer的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！