12 replies to this topic

[haha44]

Hi i want to make a passcracker that guesses different combinations of numbers and letters at a website textbox like myspace
and once pass is found it shows it in a textbox in the program.

I want help making this so that i can learn more vb

thnxs-

[jage]

Show us what you have so far...

[dargueta]

You'll need to know how to communicate with a server (to send password and receive results) and parse HTML to find the password textbox. I'm sure that they have a security feature that prevents brute-force cracking.

[TcM]

Yeah, most probably your IP will get banned after xx tries.

[dargueta]

What you could do is change your IP for every x number of requests. I know there's a way to do it, because my antivirus software went haywire one day and changed my IP every 30 seconds, so I basically couldn't do anything because my Internet connection kept getting cut and reset. I had to disable it.

[o0TheNerd0o]

Even beyond the security features of the server or your own pc, there is still a delay between each attempt and denial (internet latency). The dictionary file you would need to attempt a brute force like this would be massive and take, potentially, months to even get close to any sort of desirable result.

You have to take into account upper case, lower case, numbers and, possibly, special characters. Billions of possibilities. Some websites will even temporarily disable accounts if there are too many unsuccessful login attempts.

Sorry to burst your bubble, but if you're serious about doing this and you're asking as a beginner programmer... its not happening.

[MeTh0Dz]

Dargueta there is no way to actually change your public IP like that.

I guess you could however change the source IP in the IP part of the header, however on Windows past SP2 this is now definitely not possible. "Limited raw sockets".

Just use a function that uses random combinations of characters and the POST function.

[dargueta]

Well, apparently Norton doesn't think so, because it kept requesting a new IP from the DHCP server, which severed my Internet connection for a few seconds before it kicked back in. Look it up on Wikipedia.

Quote

In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server.

[....]

IP addresses can appear to be shared by multiple client devices [...] in which case the real originating IP addresses might be hidden from the server receiving a request [...]

[MeTh0Dz]

Dude DHCP is used in your LAN. It gives you a private IP. You don't use private IPs on the internet. You can change your public IP, it is assigned by your ISP.

That is simply how it is.

[Dren]

You can use a Proxy or VPN Server to change your public IP. And about packet injection in Windows I found a software called Winject i guess. I hate brute force, if you need a password try infecting the victim with a keylogger.

[MeTh0Dz]

Using a Proxy doesn't actually change your public IP, it just makes it look different to the outside world. However in all reality your public IP is still the same thing. But it does what it is supposed to do.

[o0TheNerd0o]

MeTh0Dz|Reb0rn said:

Using a Proxy doesn't actually change your public IP, it just makes it look different to the outside world. However in all reality your public IP is still the same thing. But it does what it is supposed to do.

^---- agree. I use proxies at my work and are in continual contact with our ISP. We still have the same outside address. Whether we use a proxy or VPN, the outside address is still the same.

I think this is kind of a false hope for you dude. There are so many security features that the servers have built in that aren't easily bypassed. I mean, if it was solved as simple as discussing it in a public forum, it wouldn't really be secure would it? Besides, should we actually be helping him do something that is highly illegal?