From f90caf071409125d440233c553f826dd107d5e69 Mon Sep 17 00:00:00 2001 From: James Shuttleworth Date: Mon, 12 Oct 2020 14:00:04 +0100 Subject: [PATCH] Shortened dictionary and added basic and intermediate skeletons --- dictionaries/base.txt | 235 +------------------------------------- download_targets.sh | 2 +- src/brute_intermediate.py | 85 ++++++++++++++ 3 files changed, 87 insertions(+), 235 deletions(-) create mode 100755 src/brute_intermediate.py diff --git a/dictionaries/base.txt b/dictionaries/base.txt index 1adae87..d18e5e9 100644 --- a/dictionaries/base.txt +++ b/dictionaries/base.txt @@ -1,265 +1,32 @@ abroad -account -acrobat -across -action -actions -actors -adaptor -adopted -advisor afford airport -alcohol -allowed -allows -almost -amazon -amongst -amount -amounts -analog -anatomy anchor andorra -angola another -anthony -antonio -anybody -anymore -anyone -apollo -approve -approx -arizona -arnold -around -artwork -atomic -auction -auditor -aurora -author -authors -awesome -balloon -ballot -bangkok -boards -boating -bolivia -bondage -boolean -bosnia -brandon -broader -buffalo -cameron -cannon -canyon -capitol -carbon -carlos -carroll -cartoon -casino -casinos -catalog -caution -chicago -coaches -coastal coated -coating -coleman -collar -combat -command -compact -company -compaq -compare -contact -contain -cottage -courage -creator -croatia -dakota -dayton -deborah -dialog -diamond -diploma -dollar -dollars -domain -domains -donald -donate -donated -dosage -douglas -dragon -ecuador -erotica -estonia -factor -factors -factory -famous -fashion -favors -favour -flavor -floral -florida -footage -formal -format -formats -formula -forward -georgia -glasgow -global -halfcom -hampton -handjob -harbor -harbour -harmony -harold -holiday -holland -hotmail -howard -jackson -jordan -joshua -journal -karaoke -korean -labour -laptop -laptops -latino -layout -lebanon -leonard -loaded -loading -locale -locally -locate -located -locator -logical -lolita -madison -madonna -mailto -marion -minolta -modular -moldova -monaco -monday -monica -montana -morgan -mozilla -narrow -nation -nations -normal -norman -norway -oakland -obtain -ontario -operate -optical -optimal -oracle -orange -organic -orgasm -orlando -orleans -ottawa -overall -passion -pastor -patrol -payroll -phantom -playboy -podcast -poland -pontiac -popular -portal -postage -postal -potato -program -prozac -radios -rainbow -random -ratios -raymond -realtor -reason -reasons -reload -removal -roland romance -romania -ronald rotary royalty salmon -scholar -scotia -seafood season -seasons senator shadow -shadows -shannon -sharon -slovak social solaris -somalia station stomach storage tattoo -taylor -thomas -throat -tobacco tobago tomato toolbar -toshiba totally totals -toward -towards -toyota tractor upload various vocals voltage warrior -watson -weapon -weapons + diff --git a/download_targets.sh b/download_targets.sh index 1b844c3..db57c44 100755 --- a/download_targets.sh +++ b/download_targets.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -bins=(basic1 basic2 basic3 intermediate1) +bins=(basic1 basic2 basic3 intermediate1 intermediate2 intermediate3) rm -f targets/* diff --git a/src/brute_intermediate.py b/src/brute_intermediate.py new file mode 100755 index 0000000..a72e125 --- /dev/null +++ b/src/brute_intermediate.py @@ -0,0 +1,85 @@ +#!python3 +from brutus import Binary + +def wordsFromFile(filePath): + """ Read lines from a file containing one word per line and return a list of the words + Args: + filePath: the absolute or relative path of the file to be read + Returns: + a list of the words from the file, stripped of whitespace + """ + f=open(filePath,"r") + out=[] + for l in f.readlines(): + w=l.strip() + if len(w)>0: + out.append(w.lower()) + f.close() + return out + +def breakBinary(target, promptText, failText, guesses): + """" Break into the given target binary. + Assumes "intermeduate level binary, with dictionary words + Args: + target: path to the binary. e.g. "./bins/basic1" + promptText: text to look for in the output that signals a password is required. e.g. "Password:" + failText: text that indicates an attempt failed. e.g. "Password Incorrect" + guesses: list of words to try as passwords + Returns: + None: if no successful attempt was made + string: a successful password""" + + for g in guesses: + + #The actual attempt + b=Binary(target) + b.run() + success=b.attempt(promptText,g, failText) + + + if success: + print(f"The Guess '{g}' appears to be correct") + return g #Return the answer. No need to "break" because the return exits the function + else: + print(f"guess: {g} - Password incorrect!") + return None #If we get here, it means we didn't return earlier in the loop with a successful guess + + +if __name__=="__main__": + + #Load the dictionary + words=wordsFromFile("dictionaries/base.txt") + + + ### YOUR CODE HERE + ### Currently it passes in the plain words + ### Change the line "words2=words" so that the list "words2" contains your guesses + ### You need to create a word list that has the dictionary words in PLUS + ### 1. Each word with all 0-9 digits appended (so 'swordfish' would be 'swordfish0', 'swordfish1' etc. + ### 2. Each word turned into "l33t-5p34k" + ### Each o becomes 0, each i becomes 1, each a becomes 4, each s becomes 5, each e becomes 3 + ### 'swordfish' becomes '5w0rdf15h', for example + ### You can assume case (upper/lower) will not need to be changed + + words2=words + + + # Create a simple menu system to pick the binary we want to force + targets=[] + targets.append(["targets/intermediate1","Password:", "Password Incorrect"]) + targets.append(["targets/intermediate2","Secret code:", "Auth Failure"]) + targets.append(["targets/intermediate3","Enter Credentials:", "Invalid Credentials"]) + + print("Intermediate Binary Breaker") + print("Which binary do you want to brute force?") + + for c in range(len(targets)): + print(f"{c}: {targets[c][0]}") + + selection=int(input("Enter the number of the binary to be forced: ")) + + if 0 <= selection < len(targets): + target=targets[selection] + breakBinary(target[0],target[1],target[2], words2) + else: + print("Invalid selection")