暴力破解文件密码测试 [英] Brute force attack test on password for file

问题描述

我正在尝试创建一种适用于特定文件密码的蛮力。

I'm trying to create a brute force that will work on a specific files password.

我不确定如何使此代码正常工作。到目前为止，这就是我所拥有的。这段代码可以产生正确的密码组合，但是我不确定如何将其实施为蛮力攻击。

I'm not sure how to get this code to work. This is what I have so far. This code produces the correct possible combinations for the password but I am not sure how to implement this into a brute force attack.

my @alpha = qw(a b c d e f g h i j k l m n o p q r s t u v w x y z);
my $password = @alpha[1];
my @combo = ();

for my $one(@alpha){
for my $two(@alpha){
for my $three(@alpha){
for my $four(@alpha){ push @combo, "$one$two$three$four\n"} }}

我认为我需要在某个地方使用此命令，而 secret_file_brute.zip 是我用来测试的文件。

I assume ill need to use this command somewhere and secret_file_brute.zip is the file I'm using to test on.

我不确定如何声明 $ password 变量，以及如何输入上面生成的组合 $ password 命令所在的位置，直到密码匹配为止。

I'm not sure how to declare the $password variable and how to enter my generated combinations from above one by one where the $password command is until the passwords is a match.

$returnVal = system("unzip -qq -o -P $password
secret_file_brute.zip > /dev/null 2>&1");

推荐答案

强力破解密码的效率很低，所以不是真的有用，除了作为概念证明。
您有一个4个字符的字母密码，这是一个很简单的情况。

Brute force password cracking is very inefficient, so not really useful except as proof of concept. You've a 4 character alphabetical password, which is a fairly trivial case.

首先-您可以编写：

my @alpha =( "a".."z" );

在执行操作时生成单词会起作用，但是您将插入换行符，表示您正在运行的任何 system 命令均无效。

generating the words as you're doing will work, but you'll be inserting a linefeed, which means whatever system command you're running won't work.

您也可能会发现尝试进行会提高速度，这尤其是因为您可以轻松地将多处理用于此类操作。

You also might find making the attempt as you go will improve your speed, not least because you can use multiprocessing trivially for this sort of operation.

此外-您可以捕获系统的返回码，以查看成功的时间。捕获系统的 text 输出无济于事-您需要检查 $？-请参阅： http://perldoc.perl.org/functions/system.html

Also - you can trap the return code for system to see when you succeed. Capturing the text output of system won't help - you need to inspect $? - see: http://perldoc.perl.org/functions/system.html

可能是这样？

#!/usr/bin/perl

use strict;
use warnings;
use Parallel::ForkManager;

my $parallel = 8;

my @alpha = ( "a" .. "z" );

my $manager = Parallel::ForkManager->new($parallel);

my $parent_pid = $$; 

for my $one (@alpha) {
    for my $two (@alpha) {
        for my $three (@alpha) {
            for my $four (@alpha) {
                $manager->start and next;
                system(
                    "unzip -qq -o -P $one$two$three$four secret_file_brute.zip > /dev/null 2>&1"
                );
                if ( not $? ) {
                      print "Password was $one$two$three$four\n";
                      kill $parent_pid;
                }

                $manager->finish;
            }
        }
    }
}

这篇关于暴力破解文件密码测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！