C++暴力破解程序非常慢
我有一个黑盒程序“secret.exe”,它接受一个数字作为参数。它只接受一个我不知道的数字。我想进行暴力攻击以获得该数字。 下面的 C++ 程序可以做到这一点,但速度相当慢(每秒 13 个数字)。该程序几乎不消耗CPU和内存。 瓶颈是什么? popen 函数速度慢吗?
#include <iostream>
#include <stdio.h>
using namespace std;
int main() {
char psBuffer[128];
FILE *chkdsk;
bool nomatch = true;
int i = 0;
char cmd[100];
while(nomatch){
sprintf (cmd, "secret.exe %d", i++);
if( (chkdsk = popen( cmd, "rt" )) == NULL )
cout << "error";
while( !feof( chkdsk ) ) {
if( fgets( psBuffer, 128, chkdsk ) != NULL && strcmp(psBuffer, "wrong")){
cout << "password: " << --i << endl;
cout << "secret info : " << psBuffer << endl;
nomatch = false;
}
}
pclose( chkdsk );
}
return 0;
}
I got a blackbox program "secret.exe" that accepts a number as an argument. It only accepts one number that I don't know. I want to do a brute force attack to get that number.
The C++-program below does that but is pretty slow (13 numbers per second). CPU and memory are nearly not consumed by this program.
What is the bottleneck? Is the popen-function to slow?
#include <iostream>
#include <stdio.h>
using namespace std;
int main() {
char psBuffer[128];
FILE *chkdsk;
bool nomatch = true;
int i = 0;
char cmd[100];
while(nomatch){
sprintf (cmd, "secret.exe %d", i++);
if( (chkdsk = popen( cmd, "rt" )) == NULL )
cout << "error";
while( !feof( chkdsk ) ) {
if( fgets( psBuffer, 128, chkdsk ) != NULL && strcmp(psBuffer, "wrong")){
cout << "password: " << --i << endl;
cout << "secret info : " << psBuffer << endl;
nomatch = false;
}
}
pclose( chkdsk );
}
return 0;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您必须进行基准测试/分析才能找到答案,但
secret.exe完全有可能只是浪费时间。You'll have to benchmark/profile to find out, but it's entirely possible that
secret.exejust wastes time.Windows 在进程创建方面效率极低。你可能会在 Linux 上尝试 Wine,但我不知道假装会浪费多少 Linux 的效率是Windows。如果您愿意进行一些挖掘和丑陋的黑客攻击,您可能能够在进程中加载并运行相关代码,但此时,您可能最好尝试反汇编/反编译它。
Windows is hideously inefficient at process creation. You might try Wine on Linux, but I don't know how much of Linux's efficiency will be wasted by pretending to be Windows. If you're willing to do some digging and ugly hacks, you might be able to load and run the relevant code in your process, but at that point, you're probably better off trying to disassemble/decompile it.