我有一些代码可以破解数字rar文件密码。该代码只会增加变量的值(从0开始),我使用它来使用unrar命令对乌托尔的密码进行检查。但是我想生成蛮力攻击的字符串。
SET PASSWORD=0
:START
SET /A PASSWORD=%PASSWORD%+1
UNRAR E -INUL -P%PASSWORD% "%PATH%%NAME%" "%DESTINATION%"
IF /I %ERRORLEVEL% EQU 0 GOTO CLOSE
GOTO START
:CLOSE
echo Password Cracked...
echo Password is %PASSWORD%
在这里
%路径%是RAR文件位于
的路径%名称%是RAR文件的名称
%destination%是在unrar之后存储文件的地方, 在我的代码目的地中是"%temp%%random%"
通过应用此信息,我可以获取密码,但是它对包含alpha字符的字符串没有用。
我如何从" a"开始生成字符串,因此我也可以破解字母密码?
我认为这是在CMD/批次中做的疯狂想法,但这至少听起来像是一个有趣的挑战。因此,扮演吉利根岛教授的角色,我决定尝试从椰子建造一个粒子加速器。
这是我的条目。使用CMD/批次可能会有更好的解决方案。我能说的最有利的事情是它起作用。要适应您的目的,请更改ECHO内部的CC_1语句做一些有意义的事情,例如尝试解压缩文件并在成功中退出。
这是输出运行时的样本:
'0'
'1'
...
'9'
...
'A'
'B'
...
'Y'
'Z'
'a'
'b'
...
'y'
'z'
'00'
'01'
...
'zy'
'zz'
'000'
'001'
...
'Car'
'Cas'
'Cat'
'Cau'
'Cav'
'Caw'
...
此解决方案应与许多字符(CHARSET包含在输出字符串中使用的所有字符)一起使用,除了不能简单地分配的字符而不以某种方式逃脱的字符(例如,双引号,百分比(也许?)(也许?),感叹,...)。该脚本本身并未完全清理(您必须手动删除%ITER_FILE%),但这并不是太混乱了。
@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "CHARSET=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghikjlmnopqrstuvwxyz"
:: ======================================================================
:: Setup
CALL :CONFIGURE_CHARSET "%CHARSET%"
REM ECHO MAX_INDEX: !MAX_INDEX!
REM SET
:: Put the smallest value in the file.
SET ITER_FILE=%TEMP%ITERATOR_%RANDOM%.txt
ECHO.0>"%ITER_FILE%"
:: ======================================================================
:: Main Loop
:INFINITE_LOOP
CALL :READ_ITER "%ITER_FILE%" _ITER_CONTENTS
ECHO '!_ITER_CONTENTS!'
CALL :NEXT_ITER "%ITER_FILE%"
GOTO :INFINITE_LOOP
EXIT /B
:: "Increment" the contents of the "state variable" file.
:NEXT_ITER
SETLOCAL
SET "FILE=%~1"
SET "NEXT_FILE=%TEMP%ITERATOR_NEXT_%RANDOM%.txt"
SET CARRY=1
FOR /F %%n IN (%FILE%) DO (
IF !CARRY! EQU 1 (
SET /A I_VALUE=%%n+1
IF !I_VALUE! GTR %MAX_INDEX% (
SET I_VALUE=0
SET CARRY=1
) ELSE (
SET CARRY=0
)
) ELSE (
SET I_VALUE=%%n
)
ECHO !I_VALUE!>>"!NEXT_FILE!"
)
REM Add a new digit place.
IF !CARRY! EQU 1 (ECHO.0>>"!NEXT_FILE!")
MOVE /Y "%NEXT_FILE%" "%FILE%" >NUL
ENDLOCAL
EXIT /B
:: Read the contents of the "state variable" file and translate it
:: into a string.
:: The file is a series of lines (LSB first), each containing a single
:: number (an index).
:: Each index represents a single character from the CHARSET.
:READ_ITER
SETLOCAL
SET "FILE=%~1"
SET "VAR=%~2"
SET VALUE=
SET _V=
FOR /F %%n IN (%FILE%) DO (
SET "VALUE=!VALUE_%%n!!VALUE!"
)
ENDLOCAL && SET %VAR%=%VALUE%
EXIT /B
:: Translate the index number to a character.
:TRANS_INDEX
SETLOCAL
SET "VAR=%~1"
SET "C=%~2"
SET IDX=
FOR /L %%i IN (0,1,%MAX_INDEX%) DO (
IF "!VALUE_%%i!"=="!C!" SET IDX=%%i
)
SET "TRANS=!VALUE_%%i!"
ENDLOCAL && SET "%VAR%=%TRANS%"
EXIT /B
:: This is ugly magic.
:: Create variables to hold the translation of an index to a character.
:: As a side effect, set MAX_INDEX to the largest used index.
:CONFIGURE_CHARSET
SET CONFIG_TEMP=%TEMP%CONFIG_%RANDOM%.cmd
IF EXIST "%CONFIG_TEMP%" DEL /Q "%CONFIG_TEMP%"
CALL :WRITE_CONFIG "%CONFIG_TEMP%" "%~1"
REM Import all the definitions.
CALL "%CONFIG_TEMP%"
EXIT /B
REM Create a means to "add one" to a value.
:WRITE_CONFIG
SETLOCAL
SET "FILE=%~1"
SET "STR=%~2"
REM This is the "index" of the symbol.
SET "INDEX=%~3"
IF "!INDEX!"=="" SET INDEX=0
IF NOT "%STR%"=="" (
SET "C=!STR:~0,1!"
IF NOT "%~4"=="" (
SET "FIRST=%~4"
) ELSE (
SET "FIRST=!C!"
)
SET "D=!STR:~1,1!"
IF "!D!"=="" (
SET CARRY=1
SET "D=!FIRST!"
) ELSE (
SET CARRY=0
)
ECHO SET VALUE_!INDEX!=!C!>>"!FILE!"
SET /A NEXT_INDEX=INDEX+1
REM Recurse...
SET MAX_INDEX=!INDEX!
CALL :WRITE_CONFIG "!FILE!" "!STR:~1!" "!NEXT_INDEX!" "!FIRST!"
IF !INDEX! GTR !MAX_INDEX! SET MAX_INDEX=!INDEX!
)
ENDLOCAL && SET MAX_INDEX=%MAX_INDEX%
EXIT /B
递归完成工作!
我知道我有点晚了,但是我认为此代码效果很好,而且也很快:
@echo off
title bruteforce
setlocal enableDelayedExpansion
echo:
echo Brute Force Attack:
echo -------------------
echo:
set /p input="Amount of digits: "
set /a depth=%input%-1
echo:
set /p possibleChars="Possible Characters: "
echo:
for /l %%y in (0, 1, %depth%) do (
set chars[%%y]=0
)
call :next 0
echo:
pause
exit
:next
setLocal
set /a d=%1
for %%x in (%possibleChars%) do (
set chars[%d%]=%%x
if %d% lss %depth% (
call :next !d!+1
) else (
set password=
for /l %%c in (0, 1, %depth%) do (
set password=!!password!!chars[%%c]!!
)
echo !password!
)
)
在我的笔记本电脑上,它打印有关每秒1500个组合,您可以使用我刚刚打印过的密码变量来完成您想做的任何事情!
重要:
该程序的第一部分要求您在运行时索要密码的时间和可能的字符!
您必须在每个字符之间输入具有空间的可能字符,例如:
0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K ...