Simple Brute force script

NiubbosAttNum3 · March 2, 2022, 6:15pm

Hi
I started making a project for fun and to learn something about brute forcing, I made a script for the client and the server and now the problem is that I don’t know how to make a script for actual brute forcing. I have a variable with the correct password, list of characters and password length. The problem is that I don’t know how to make a function that will make every possible combination out of it. If someone could explain it to me or give me a code example I would be very grateful.

DamSam127 · March 2, 2022, 6:20pm

well you could make a list of each character and attempt to use every character for every spot… uh this is harder to explain than i thought XD

basically you can define a max size ( eg. 15 characters max ) and a table of each possible input ( different characters )

then somehow you would lineup all of the possibilities

something probably like:
start with all a’s
aaaaaaaaaaaaaaa ( 15 a’s )
then legit figure out how to try every possibility
xd I would need some time to figure out how to get every possibility.

NiubbosAttNum3 · March 2, 2022, 6:25pm

Thanks for replying, I’m stuck at the exact same step as you. I have the list and the loop I just don’t know how to make it work. Cause it has to loop through every character for character at index 1 in the password, then for index 2 and 3 (if it’s 3 characters long), but then it also has to change character at index 1 to let’s say a b and then loop through all the possible characters for index 2 and 3, and do that till character at index 1 has looped all the way and then do that for the next one and next one. I hope my message is readable and understandable.

DamSam127 · March 2, 2022, 6:29pm

we could probably keep a table of each varriation

like:

{
a,
aa,
ab,
}

and keep adding to this to find new possiblities

NiubbosAttNum3 · March 2, 2022, 6:30pm

That’s what the brute force function has to figure out, I can’t just put all the possible combinations myself cause that ruins the point and will take a very long time with more complicated passwords.

DamSam127 · March 2, 2022, 6:31pm

ohh no i meant the code does this
let me make an example

tlr22 · March 2, 2022, 6:32pm

Well you can make a recursive function

local bruteforce
function bruteforce(prefix, desiredlength)
    prefix = prefix or “”
    for _,ch in pairs(validCharList) do
        if string.length(prefix) == desiredlength then
            local pass= testPassword(prefix .. ch)
            if pass then return pass end
        else
            local pass = bruteforce(prefix .. ch, desiredlength)
            if pass then return pass end
        end
    end
end

Something like that. I wrote it on mobile so I might have made a mistake though.

DamSam127 · March 2, 2022, 6:33pm

hehe yea thats what im thinking

NiubbosAttNum3 · March 2, 2022, 6:37pm

Thank you for replying, I have a question. What is the prefix for/what should I put in?

tlr22 · March 2, 2022, 6:39pm

It actually should be an empty string or nil. I should have made that variable last tbh. It just is so that the recursive function can pass info

tlr22 · March 2, 2022, 6:41pm

Basically the function goes through every character in your list and calls the function again, but this time adds the start of the password to prefix so that the next function knows where the previous was at. Then it goes through every character again but adds it to prefix. It calls itself until it hits the desiredlength.

NiubbosAttNum3 · March 2, 2022, 6:46pm

Thanks for explaining. I tried it
code:

local smallAlphabet = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "Z"}
local bigAlphabet = {"A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"}
local numbers = {"1", "2", "3", "4", "5", "6", "7", "8", "9", "0"}
local characterList = {}

local function makeCharacterList()
	for i, letter in ipairs(smallAlphabet) do
		table.insert(characterList, letter)
	end
	for i, Bletter in ipairs(bigAlphabet) do
		table.insert(characterList, Bletter)
	end
	for i, number in ipairs(numbers) do
		table.insert(characterList, number)
	end
end

makeCharacterList()

local password = "hello"

local function testPassword(pass)
	if tostring(pass) == password then
		return true
	end
end

local function bruteforce(desiredlength)
	local prefix = ""
	for _,ch in ipairs(characterList) do
		print(ch)
		if string.len(prefix) == desiredlength then
			local pass = testPassword(prefix .. ch)
			if pass then
				print("Password Cracked")
				return pass
			end
		else
			local pass = bruteforce(prefix .. ch)
			if pass then
				print("Password Cracked")
				return pass
			end
		end
	end		
end

bruteforce(5)

But it just lags a bit when I run it and then does nothing.
Also output if that helps with anything:

tlr22 · March 2, 2022, 6:57pm

You have to leave prefix as the first parameter. It is used by the function, but only internally. Just put it as nil when you call.

tlr22 · March 2, 2022, 6:58pm

The reason is the function calls itself and passes in prefix as the first parameter.

NiubbosAttNum3 · March 2, 2022, 7:09pm

I added a print for the ch parameter in the loop and all it does it prints “a” and then the script gets exhausted even with a wait() in the loop.

tlr22 · March 2, 2022, 7:15pm

You should do

print(prefix .. ch)

instead which is the whole password. And if it’s going on forever then something is wrong. You should also print(string.length(prefix)). The length of prefix is how it determines to stop

commitblue · March 2, 2022, 7:18pm

Brute forcing is the slowest way to crack the password, and the only way at the same time. If it was just some number only password I would definetly use an for i loop. If it does contain letters you need to use random generated words, it can be found above but suggestion: you should ignore used password if it failed

NiubbosAttNum3 · March 2, 2022, 7:30pm

Thank you so much, after finding out what’s wrong and fixing it (it called bruteforce function again but without the desiredlength). I got it to work!
Also if anyone else would come about this post here is the full script with a list of characters:

local smallAlphabet = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "Z"}
local bigAlphabet = {"A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"}
local numbers = {"1", "2", "3", "4", "5", "6", "7", "8", "9", "0"}
local characterList = {}

local function makeCharacterList()
	for i, letter in ipairs(smallAlphabet) do
		table.insert(characterList, letter)
	end
	for i, Bletter in ipairs(bigAlphabet) do
		table.insert(characterList, Bletter)
	end
	for i, number in ipairs(numbers) do
		table.insert(characterList, number)
	end
end

makeCharacterList()

local password = "hello"

local function testPassword(pass)
	if tostring(pass) == password then
		return true
	end
end

local function bruteforce(prefix, desiredlength)
	prefix = prefix or ""
	for _,ch in ipairs(characterList) do
		wait(0.001)
		if string.len(prefix) == desiredlength then
			print(prefix .. ch)
			local pass = testPassword(prefix .. ch)
			if pass then
				print("Password Cracked: " .. prefix .. ch)
				return pass
			end
		else
			local pass = bruteforce(prefix .. ch, desiredlength)
			if pass then
				print("Password Cracked: " .. prefix .. ch)
				return pass
			end
		end
	end		
end
bruteforce(nil, 5)

tlr22 · March 2, 2022, 7:35pm

The only thing I would suggest is actually flipping the variables prefix and desiredlength like I should have at the start. It’s really just a small improvement so you can call it with just the number instead of having to type nil or “” as the first parameter.

DamSam127 · March 2, 2022, 7:39pm

just fyi both of your z’s in your characters table are capitols