Re: Brute forcing account logins.

Wow, that's funny! Though I'm sure not for your client. Has anyone tried calling the previous employees? Perhaps one of them could be persuaded to come in and unlock the routers in exchange for beer money.

Do the routers respond to multiple accounts? Perhaps the solution set is not 40 x 40 but a single password may unlock multiple routers?

Your code idea may be a case of premature optimization. Assuming 40 routers times 40 passwords; four seconds to type each one in and a four second backoff; typing each in would consume less that four hours. Could you write and debug your code in that time? Plus writing your code would be a non-parallel task whereas cracking the routers could be partitioned out to multiple 'work units'.

As for the Linux boxes I know there are craker programs out there. I have a disk with a Live Linux distro on it that cracks a Windoz box in about 20 seconds from power on to thank-you-very-much. I believe it uses Ophcrack. Linux may be only slightly tougher to crack . John-the-Ripper is another password cracker.

s//----->\t/;$~="JAPH";s//\r<$~~/;{s|~$~-|-~$~|||s |-$~~|$~~-|||s,<$~~,<~$~,,s,~$~>,$~~>,, $|=1,select$,,$,,$,,1e-1;print;redo}

Comment on Re: Brute forcing account logins.

Replies are listed 'Best First'.

Re^2: Brute forcing account logins.
by jhourcle (Prior) on Apr 29, 2008 at 19:27 UTC

Your code idea may be a case of premature optimization. Assuming 40 routers times 40 passwords; four seconds to type each one in and a four second backoff; typing each in would consume less that four hours.

You forget that he also said they don't know which accounts -- if there were multiple staff members (which I assume there were, based on the comments), you've just increased the complexity of the problem.

Personally, I'd look at using Expect (it's been a few years since I've done similar work ... there's now an Expect::Simple which might be easier to learn)

[reply]


No such thing as a small change
	PerlMonks