views:

587

answers:

2

I want to make a program that "test passwords" to see how long they would take to break with a basic brute force attack. So what I did was make 2 text boxes. (textbox1 and textbox2) and wrote the program so if the text boxes had the input, a "correct password" label would appear, but i want to write the program so that textbox2 will run a brute force algorithm in it, and when it comes across the correct password, it will stop. I REALLY need help, and if you could just post my attached code with the correct additives in it that would be great. The program so far is extremely simple, but I am very new to this, so.

private void textBox2_TextChanged(object sender, EventArgs e)
{

}

private void button1_Click(object sender, EventArgs e)
{


    if (textBox2.Text == textBox1.Text)
    {
        label1.Text = "Password Correct";
    }
    else
    {
        label1.Text = "Password Wrong";

    }

}


private void label1_Click(object sender, EventArgs e)
{

}
A: 

More information is needed; are you guessing passwords at random? Dictionary attack? Are you guessing the passwords sequentially? What other constraints on the length/charset used in the password are there?

I'm going to assume your program is invoking these attempts automatically, rather than you as the user, in the UI. If that's the case, I would ditch the UI strategy and go with a console implementation.

A reason why the 'random' guessing question is important is because if you guess sequentially, the length of time it will take is directly related to what password you choose. I'm not sure what result you are looking for.

Alex
I think the UI part came about because these days some people start straight with Forms and all that and never even realize they don't need one. It's `Console.WriteLine("Hello World!")` and then stuff with windows. Or sometimes straight to `MessageBox.Show("Hello World!")` :(
Martinho Fernandes
Yeah, I fell into the trap of not only starting .Net with Managed C++ but just diving in with no training to WinForms (in C++, with no prior knowledge) and working it out from there. It was a shock to find you could make console apps.
Callum Rogers
I want to do a sequential order password attack, I know it is completely directed at what password is chosen, but it might be easier than random password guessing, I don't know, so I guess either way is fine, like I said, I am very new to this.
Fred Dunly
A: 

Use this simple, brute force class to 'crack' your password. I've set the maximum size here to 3, so I didn't have to wait too long. Increase this if you've got all day!

private class BrutePasswordGuesser
{
    private const int MaxAscii = 126;
    private const int MaxSize = 3;
    private const int MinAscii = 33;

    private int _currentLength;

    public BrutePasswordGuesser()
    {
        //Init the length, and current guess array.
        _currentLength = 0;
        CurrentGuess = new char[MaxSize];
        CurrentGuess[0] = (char) MinAscii;
    }

    public char[] CurrentGuess { get; private set; }

    public bool NextGuess()
    {
        if (_currentLength >= MaxSize)
        {
            return false;
        }

        //Increment the previous digit (Uses recursion!)
        IncrementDigit(_currentLength);

        return true;
    }

    /// <summary>
    /// Increment the character at the index by one. If the character is at the maximum 
    /// ASCII value, set it back to the minimum, and increment the previous character.
    /// Use recursion to do this, so that the proggy will step all the way back as needed.
    /// If the very bottom of the string is reached, add another character to the guess.
    /// </summary>
    /// <param name="digitIndex"></param>
    private void IncrementDigit(int digitIndex)
    {
        //Don't fall out the bottom of the array.
        //If we're at the bottom of the array, add another character
        if (digitIndex < 0)
        {
            AddCharacter();
        }
        else
        {
            //If the current character is max ASCII, set to min ASCII, and increment the previous char.
            if (CurrentGuess[digitIndex] == (char) MaxAscii)
            {
                CurrentGuess[digitIndex] = (char) MinAscii;
                IncrementDigit(digitIndex - 1);
            }
            else
            {
                CurrentGuess[digitIndex]++;
            }
        }
    }

    private void AddCharacter()
    {
        _currentLength++;
        //If we've reached our maximum guess size, leave now and don't come back.
        if (_currentLength >= MaxSize)
        {
            return;
        }
        //Initialis as min ASCII.
        CurrentGuess[_currentLength] = (char) (MinAscii);
    }
}

In your example above, use the class like this:

private void button1_Click(object sender, EventArgs e)
{
    var guesser = new BrutePasswordGuesser();

    var guess = new String(guesser.CurrentGuess);
    while (textBox1.Text != guess)
    {
        textBox2.Text = guess;
        if (!guesser.NextGuess())
        {
            label1.Text = "Maximum guess size reached.";
            break;
        }
        guess = new String(guesser.CurrentGuess);
    }

    if (textBox1.Text == textBox2.Text)
    {
        Label1.Text = "Password Correct";
    }
}
Beniaminus