Digital Solutions

Brute force

A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.

passwordToCrack = "hi"

letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
first = 0
second = 0
for first in range(0,26):
  for second in range(0,26):
    combination = letters[first] + letters[second]
    print(combination + ' ', end=' ')
    if combination == passwordToCrack:
      break
  if combination == passwordToCrack:
    break
  else:
    print('<br>', end='')
print("password found:", combination)

In combination with the Python Requests library, values can be posted to a server as they would a normal HTML authentication form:

import requests
urlToCrack = 'http://127.0.0.1:5000/login_post'

letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
one = 0
two = 0
three = 0
for one in range(0,26):
  for two in range(0,26):
    for three in range(0,26):
      combination = letters[one] + letters[two] + letters[three]
      values = {'username': 'admin', 'password': password} #can find the POST variables by looking at the names of the HTML form controls
      response = requests.post(url, data = values)
      print(password, response.text)
      if response.text != "unauthorized":
         exit()

The Python programming language enables the user to write a script to quickly test a web server with a range of values.

An alternate way of constructing the double for loop nest above is shown below. This is for preference only.

passwordToCrack = "hi"

letters = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']

first = 0
second = 0
for first in range(0,26):
  for second in range(0,26):
    combination = letters[first] + letters[second]
    print(combination + ' ', end=' ')
    if combination == passwordToCrack:
      break
  else: #else used as syntactic sugar for 'then' in this case
    print('<br>', end='')
    continue
  break
print("password found:", combination)

try:
  first = 0
  second = 0
  for first in range(0,26):
    for second in range(0,26):
      combination = letters[first] + letters[second]
      print(combination + ' ', end=' ')
      if combination == passwordToCrack:
        raise Exception('password found')
    print('<br>', end='')
except Exception:
  print("password found:", combination)