需要有关 crypt(3) 的暴力破解代码的帮助

发布于 2024-08-11 02:42:42 字数 178 浏览 3 评论 0原文

我正在尝试用 C 语言开发一个程序，该程序将“破解”UNIX 使用的 crypt(3) 加密。我想最幼稚的方法就是暴力破解。我想我应该创建一个包含密码可以具有的所有符号的数组，然后获取它们的所有可能的排列并将它们存储在一个二维数组中（其中所有 1 个字符的密码都保存在第一行等）通过 for循环。有没有更好的方法来做到这一点？循环非常混乱。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

℉絮湮 2024-08-18 02:42:42

假设只能使用 62 个不同的字符，则存储所有可能的 8 个字符密码需要 62^8=198 TB。

为了回答您循环的问题，这里有一些代码，使用给定集合的字符来循环给定长度的所有可能的密码：

int len = 3;
char letters[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
int nbletters = sizeof(letters)-1;

int main() {
    int i, entry[len];
    for(i=0 ; i<len ; i++) entry[i] = 0;
    do {
        for(i=0 ; i<len ; i++) putchar(letters[entry[i]]);
        putchar('\n');
        for(i=0 ; i<len && ++entry[i] == nbletters; i++) entry[i] = 0;
    } while(i<len);
}

主要部分是最后一个for 循环。在大多数情况下，它仅递增第一个条目，并在那里停止，因为该条目尚未达到 nbletters。如果该条目达到 nbletter，则意味着它必须返回到零，并且轮到下一个条目递增。这确实是一个不寻常的循环条件：循环一直持续到没有溢出为止。循环仅发生在最坏的情况下：当最后一个元素上有多个条目时。

想象一下当前单词是“zzzc”的情况。依次递增每个条目，检测其溢出，将其重置为0，并考虑下一个条目，直到最后一个不溢出的条目给出“000d”。

Assuming only 62 different characters can be used, storing all the possible 8 character passwords requires 62^8=198 Terabytes.

To anwser you loop question, here is some code to loop over all the possible passwords of a given len, using the characters for a given set:

int len = 3;
char letters[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
int nbletters = sizeof(letters)-1;

int main() {
    int i, entry[len];
    for(i=0 ; i<len ; i++) entry[i] = 0;
    do {
        for(i=0 ; i<len ; i++) putchar(letters[entry[i]]);
        putchar('\n');
        for(i=0 ; i<len && ++entry[i] == nbletters; i++) entry[i] = 0;
    } while(i<len);
}

The main part is the last for loop. In most cases, it only increments the first entry, and stops there, as this entry has not reached nbletters. If the entry reaches nbletter, it means it has to return to zero, and it's the turn of the next entry to be incremented. It is indeed an unusual loop condition: the loop continues until there is no overflow. The looping only occurs in the worst case: when several entries are on the last element.

Imagine the case where the current word is "zzzc". In turn, each entry is incremented, its overflow is detected, it is reset to 0, and the next entry is considered, until the last entry which does not overflow, to give "000d".

回复收藏 0 原文

扭转时空 2024-08-18 02:42:42

正如该问题的评论者指出的那样 - 您没有必要的 RAM，并且不需要存储全部内容。

按排序顺序覆盖排列并不是密码破解的最有效方法，尽管它最终会有效。

实现完全覆盖的一种方法是对排列数进行 0 迭代，并以字符集的大小为基础对值进行编码。这可以很容易地缩放到字符集的大小。

（伪代码，但你明白了）


passChars = '[all characters used in this attempt]'

permutationCount = 8^len(passChars) #crypt(3) only uses 8 chars

output = ''

for looper = 0 to permutationCount - 1
    localTemp = looper
    while localTemp > 0
        output += passchars[localTemp%len(passchars)] # % being modulus
        localTemp = floor(localTemp/len(passChars))

As the commenters on the question point out - you don't have the necessary RAM, and you don't need to store it all.

Covering the permutations in sort sequence is not the most efficient approach to password cracking, although it will ultimately be effective.

An approach to achieving full coverage is to iterate 0 through the number of permutations and encode the value with the size of your character set as a base. This can be scaled to the size of your character set quite easily.

(pseudocode, but you get the idea)


passChars = '[all characters used in this attempt]'

permutationCount = 8^len(passChars) #crypt(3) only uses 8 chars

output = ''

for looper = 0 to permutationCount - 1
    localTemp = looper
    while localTemp > 0
        output += passchars[localTemp%len(passchars)] # % being modulus
        localTemp = floor(localTemp/len(passChars))

回复收藏 0 原文

~没有更多了~