如何使用批处理文件为暴力攻击生成字符串

时间:2014-02-05 16:36:58

标签: string batch-file brute-force

我有一些代码可以破解数字rar文件密码。代码只是递增变量的值(从0开始),我使用它来检查unrar使用unrar命令的密码。 但我想为暴力攻击生成字符串。

SET PASSWORD=0

:START
SET /A PASSWORD=%PASSWORD%+1  
UNRAR E -INUL -P%PASSWORD% "%PATH%\%NAME%" "%DESTINATION%"
IF /I %ERRORLEVEL% EQU 0 GOTO CLOSE
GOTO START

:CLOSE
echo Password Cracked...
echo Password is %PASSWORD%

这里

  •   

    %PATH%是rar文件所在的路径

  •   

    %NAME%是rar文件的名称

  •   

    %DESTINATION%是在UNRAR之后存储文件的地方,   在我的代码中,DESTINATION是"%TEMP%\%RANDOM%"

通过应用此功能,我可以获取密码,但对包含字母字符的字符串没用。

如何从" a"开始生成字符串,所以我也可以破解字母密码?

2 个答案:

答案 0 :(得分:7)

我认为在CMD /批处理中这是一个疯狂的想法,但它至少听起来像一个有趣的挑战。 所以,扮演Professor from Gilligan's Island的一部分,我决定尝试用椰子制作粒子加速器。

这是我的参赛作品。使用CMD /批次可能有更好的解决方案。我能说的最有利的一点是它有效。要使其适应您的目的,请更改ECHO内的:INFINITE_LOOP语句以执行有意义的操作,例如尝试解压缩文件并在成功时退出。

以下是运行时输出的示例:

'0'
'1'
...
'9'
...
'A'
'B'
...
'Y'
'Z'
'a'
'b'
...
'y'
'z'
'00'
'01'
...
'zy'
'zz'
'000'
'001'
...
'Car'
'Cas'
'Cat'
'Cau'
'Cav'
'Caw'
...

此解决方案应该适用于许多字符(CHARSET包含要在输出字符串中使用的所有字符),但不能简单分配的字符除非以某种方式转义它们(例如双引号,百分比) (也许?),感叹,...)。 该脚本本身不会完全清理(您必须手动擦除%ITER_FILE%),但它不会太乱。

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION

SET "CHARSET=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghikjlmnopqrstuvwxyz"



:: ======================================================================
:: Setup

CALL :CONFIGURE_CHARSET "%CHARSET%"
REM ECHO MAX_INDEX: !MAX_INDEX!
REM SET

:: Put the smallest value in the file.
SET ITER_FILE=%TEMP%\ITERATOR_%RANDOM%.txt
ECHO.0>"%ITER_FILE%"



:: ======================================================================
:: Main Loop

:INFINITE_LOOP
CALL :READ_ITER "%ITER_FILE%" _ITER_CONTENTS
ECHO '!_ITER_CONTENTS!'
CALL :NEXT_ITER "%ITER_FILE%"

GOTO :INFINITE_LOOP

EXIT /B




:: "Increment" the contents of the "state variable" file.
:NEXT_ITER
SETLOCAL
SET "FILE=%~1"
SET "NEXT_FILE=%TEMP%\ITERATOR_NEXT_%RANDOM%.txt"
SET CARRY=1
FOR /F %%n IN (%FILE%) DO (
    IF !CARRY! EQU 1 (
        SET /A I_VALUE=%%n+1
        IF !I_VALUE! GTR %MAX_INDEX% (
            SET I_VALUE=0
            SET CARRY=1
        ) ELSE (
            SET CARRY=0
        )
    ) ELSE (
        SET I_VALUE=%%n
    )
    ECHO !I_VALUE!>>"!NEXT_FILE!"
)
REM    Add a new digit place.
IF !CARRY! EQU 1 (ECHO.0>>"!NEXT_FILE!")
MOVE /Y "%NEXT_FILE%" "%FILE%" >NUL
ENDLOCAL
EXIT /B


:: Read the contents of the "state variable" file and translate it
::   into a string.
:: The file is a series of lines (LSB first), each containing a single
::   number (an index).
:: Each index represents a single character from the CHARSET.
:READ_ITER
SETLOCAL
SET "FILE=%~1"
SET "VAR=%~2"
SET VALUE=
SET _V=
FOR /F %%n IN (%FILE%) DO (
    SET "VALUE=!VALUE_%%n!!VALUE!"
)
ENDLOCAL && SET %VAR%=%VALUE%
EXIT /B



:: Translate the index number to a character.
:TRANS_INDEX
SETLOCAL
SET "VAR=%~1"
SET "C=%~2"
SET IDX=
FOR /L %%i IN (0,1,%MAX_INDEX%) DO (
    IF "!VALUE_%%i!"=="!C!" SET IDX=%%i
)
SET "TRANS=!VALUE_%%i!"
ENDLOCAL && SET "%VAR%=%TRANS%"
EXIT /B




:: This is ugly magic.
:: Create variables to hold the translation of an index to a character.
:: As a side effect, set MAX_INDEX to the largest used index.
:CONFIGURE_CHARSET
SET CONFIG_TEMP=%TEMP%\CONFIG_%RANDOM%.cmd
IF EXIST "%CONFIG_TEMP%" DEL /Q "%CONFIG_TEMP%"
CALL :WRITE_CONFIG "%CONFIG_TEMP%" "%~1"
REM   Import all the definitions.
CALL "%CONFIG_TEMP%"
EXIT /B

REM Create a means to "add one" to a value.
:WRITE_CONFIG
SETLOCAL
SET "FILE=%~1"
SET "STR=%~2"

REM This is the "index" of the symbol.
SET "INDEX=%~3"
IF "!INDEX!"=="" SET INDEX=0

IF NOT "%STR%"=="" (
   SET "C=!STR:~0,1!"
   IF NOT "%~4"=="" (
       SET "FIRST=%~4"
   ) ELSE (
       SET "FIRST=!C!"
   )
   SET "D=!STR:~1,1!"
    IF "!D!"=="" (
        SET CARRY=1
        SET "D=!FIRST!"
    ) ELSE (
        SET CARRY=0
    )
    ECHO SET VALUE_!INDEX!=!C!>>"!FILE!"

    SET /A NEXT_INDEX=INDEX+1

    REM Recurse...
    SET MAX_INDEX=!INDEX!
    CALL :WRITE_CONFIG "!FILE!" "!STR:~1!" "!NEXT_INDEX!" "!FIRST!"
    IF !INDEX! GTR !MAX_INDEX! SET MAX_INDEX=!INDEX!
)
ENDLOCAL && SET MAX_INDEX=%MAX_INDEX%
EXIT /B

答案 1 :(得分:0)

递归完成了工作!

我知道我有点晚了,但我认为这段代码效果非常好而且速度也很快:

@echo off

title bruteforce

setlocal enableDelayedExpansion

echo:
echo Brute Force Attack:
echo -------------------
echo:
set /p input="Amount of digits: "
set /a depth=%input%-1
echo:
set /p possibleChars="Possible Characters: "
echo:

for /l %%y in (0, 1, %depth%) do (
    set chars[%%y]=0
)

call :next 0
echo:
pause
exit

:next
    setLocal
    set /a d=%1

    for %%x in (%possibleChars%) do (

        set chars[%d%]=%%x

        if %d% lss %depth% (
            call :next !d!+1
        ) else (

            set password=

            for /l %%c in (0, 1, %depth%) do (
                set password=!!password!!chars[%%c]!!
            )
            echo !password!
        )
    )

在我的笔记本电脑上打印出每秒 1500组合,您可以使用我刚刚打印出的密码变量做任何您想要的事情!

重要:
程序的第一部分会询问您破解密码的长度以及运行时可能出现的字符!
您必须在每个字符之间输入可能的字符,如下所示:
0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k ...

相关问题
最新问题