Results 1 to 7 of 7

Thread: A new tool: RndPasswd

  1. #1
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    4

    Default A new tool: RndPasswd

    Hy Guys, I developed a new small tool to generate random passwords. I want to share it with you. Maybe it can be part of the next Backtrack edition :-)

    A brutal force attack can take days or months to complete if a big password is used. If you have luck, you can speed-up the time to match the password with this program. RndPasswd generates random passwords to be used trough the unix or linux pipe.

    Here is the source code in C. You can compile it with "gcc -o RndPasswd RndPasswd.c":

    Code:
    // RndPasswd - Created by Kalunga (kalunga@inbox.com)
    
    #include <stdio.h>
    
    void showHelp()
    {
    	printf("\nRndPasswd - Created by Kalunga (kalunga@inbox.com)\n\n");
    	printf("A brutal force attack can take days or months to complete if a big\n");
    	printf("password is used. If you have luck, you can speed-up the time to match\n");
    	printf("the password with this program.\n\n");
    	printf("RndPasswd generates random passwords to be used trough the unix or linux pipe.\n\n");
    	printf("Usage: RndPasswd MIN MAX\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX vowels consonants numbers symbols upper\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX off\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX vowels consonants numbers symbols upper off\n\n");
    	printf("MIN:   Is the minimum length of the password to be generated.\n");
    	printf("MAX:   Is the maximal length of the password to be generated.\n\n");
    	printf("       MIN must be less or equal MAX and both must be an integer number\n");
    	printf("       between 1 and 64.\n\n");
    	printf("Vowels, consonants, numbers, symbols and upper:\n\n");
    	printf("       Defines how often these characters would be part of the password (in %%).\n\n");
    	printf("       They must be an integer number between 0 and 100 (without the char %%).\n\n");
    	printf("       All five must be given or omitted.\n\n");
    	printf("       If omitted, the defaults are 35%% vowels, 55%% consonants, 8%% numbers,\n");
    	printf("       2%% symbols and 10%% uppercase.\n\n");
    	printf("       Vowels + consonants + numbers + symbols must be equal 100.\n");
    	printf("       (Uppercase don't count, since they are vowels or consonants)\n\n");
    	printf("       The symbols used are !@#$%%^&*()-_+=~`[]{}|\\:;\"\'<>,.\?/ (and space).\n\n");
    	printf("       You can use the supplied program CharCount to find out how often these\n");
    	printf("       characters appear in your language. The values used by default come\n");
    	printf("       from a big dictionary password file with words from many languages.\n\n");
    	printf("off:   Because many passwords have a first uppercase letter and a number at end,\n");
    	printf("       the program automatic increase the chances of this to happen in 50%%.\n");
    	printf("       If you give \"off\" to this argument, this feature will be switched off.\n\n");
    	printf("Examples:\n\n");
    	printf("       RndPasswd 4 8\n");
    	printf("       Generate passwords between 4 and 8 characters using defaults percentages.\n\n");
    	printf("       RNDPasswd 10 10\n");
    	printf("       Generate passwords always with 10 characters using defaults percentages.\n\n");
    	printf("       RndPasswd 6 10 0 0 100 0 0\n");
    	printf("       Generate passwords between 6 and 10 characters, but only numbers.\n\n");
    	printf("       RndPasswd 8 16 10 50 25 15 40\n");
    	printf("       Generate passwords between 8 and 16 characters, where the chances for\n");
    	printf("       vowels to appear are 10%%, consonants are 50%%, numbers are 25%%,\n");
    	printf("       symbols are 15%% and uppercase are 40%%.\n\n");
    	printf("       RndPasswd 8 16 10 50 25 15 40 off\n");
    	printf("       Generate passwords between 8 and 16 characters, as described above, but\n");
    	printf("       switch off the increase in frequency for the first character to be\n");
    	printf("       uppercase and for the last two characters to be a number.\n\n");
    	printf("       RndPasswd 6 8 off\n");
    	printf("       Generate passwords between 6 and 8 characters and switch off the increase\n");
    	printf("       in frequency for the first character to be uppercase and for the last two\n");
    	printf("       characters to be a number.\n\n");
    	printf("       RndPasswd 8 12 | aircrack-ng -w - -b aa:bb:cc:dd:ee:ff log-01.cap\n");
    	printf("       Used with aircrack-ng.\n\n");
    	printf("       RndPasswd 8 12 | pyrit -r log-01.cap -i - attack_passthrough\n");
    	printf("       Used with pyrit.\n\n");
    }
    
    int main(int argc, char **argv)
    {
    	char b;
    	int i, j, min, max, len, rnd, v, c, n, s, u, flag=0;
    	char vowels[]="aeiou";
    	char consonants[]="bcdfghjklmnpqrstvwxyz";
    	char numbers[]="0123456789";
    	char symbols[]="!@#$%^&*()-_+=~`[]{}|\\:;\"\'<>,.\?/ ";
    	srand(time(NULL));
    
    	// Verify the arguments
    	if(argc!=3 && argc!=4 && argc!=8 && argc!=9)
    	{
    		showHelp();
    		return -1;
    	}
    
    	// Read and test the arguments
    	min=atoi(argv[1]);
    	max=atoi(argv[2]);
    
    	if(min<1 || max<1 || min>64 || max>64)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if(min>max)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==4 && strcmp(argv[3],"off"))
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==9 && strcmp(argv[8],"off"))
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==4 || argc==9)
    		flag=1;
    
    	if (argc==8 || argc==9)
    	{
    		v=atoi(argv[3]);
    		c=atoi(argv[4]);
    		n=atoi(argv[5]);
    		s=atoi(argv[6]);
    		u=atoi(argv[7]);
    	}
    	else
    	{
    		v=35;
    		c=55;
    		n=8;
    		s=2;
    		u=10;
    	}
    
    	if (v<0   || c<0   || n<0   || s<0   || u<0 ||
    	    v>100 || c>100 || n>100 || s>100 || u>100)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (v+c+n+s!=100)
    	{
    		showHelp();
    		return -1;
    	}
    
    	// Generate the passwords
    	for(;;) // 'i' was used here to tests
    	{
    		len=(rand()%(max-min+1))+min;
    		for (j=0;j<len;j++)
    		{
    			rnd=rand()%100;
    			if (rnd<v)
    				b=vowels[rand()%5];
    			else if (rnd>=v && rnd<v+c)
    				b=consonants[rand()%21];
    			else if (rnd>=v+c && rnd<v+c+n)
    				b=numbers[rand()%10];
    			else if (rnd>=v+c+n)
    				b=symbols[rand()%33];
    			if (flag==0 && j==0 && rnd<v+c && rand()%100<u+50)
    				b=b+'A'-'a';
    			else if (rnd<v+c && rand()%100<u)
    				b=b+'A'-'a';
    			if (flag==0 && j>=len-2 && rand()%100<n+50)
    				b=numbers[rand()%(10)];
    			printf("%c",b);
    		}
    		printf("\n");
    	}
    
    	printf("\n");
    	return 0;
    }
    Here is also a program to be used to count characters. You can also compile it with "gcc -o CharCount CharCount.c":

    Code:
    // CharCount - Created by Kalunga (kalunga@inbox.com)
    
    #include <stdio.h>
    
    int main(int argc, char **argv)
    {
    	FILE *f;
    	char byte;
    	unsigned int total=0, vowels=0, consonants=0, numbers=0, symbols=0, upperCase=0, spaces=0, other=0;
    
    	// Verify the arguments
    	if(argc != 2)
    	{
    		printf("\nUsage: CharCount file.txt\n\n");
    		return -1;
    	}
    
    	// Open the file and test it
    	
    	f=fopen(argv[1],"rb");
    	if (f==NULL)
    	{
    		printf("\nError opening %s\n\n",argv[1]);
    		return -1;
    	}
    	
    	// Read the bytes and print
    
    	while (!feof(f))
    	{
    		fread(&byte,1,1,f); // Read the next byte from the file
    		if (byte=='a' || byte=='e' || byte=='i' || byte=='o' || byte=='u')
    			vowels++;
    		else if (byte=='A' || byte=='E' || byte=='I' || byte=='O' || byte=='U')
    		{
    			vowels++;
    			upperCase++;
    		}
    		else if (byte>'a' && byte <='z')
    			consonants++;
     		else if (byte>'A' && byte<='Z')
    		{
    			consonants++;
    			upperCase++;
    		}
    		else if (byte>='0' && byte<='9')
    			numbers++;
    		else if (byte=='!' || byte=='@' || byte=='#' || byte=='$' || byte=='%'
    		      || byte=='^' || byte=='&' || byte=='*' || byte=='(' || byte==')'
    		      || byte=='-' || byte=='_' || byte=='+' || byte=='=' || byte=='~'
    		      || byte=='`' || byte=='[' || byte==']' || byte=='{' || byte=='}'
    		      || byte=='|' || byte=='\\' || byte==':' || byte==';' || byte=='\"'
    		      || byte=='\'' || byte=='<' || byte=='>' || byte==',' || byte=='.'
    		      || byte=='\?' || byte=='/')
    			symbols++;
    		else if (byte==' ')
    			spaces++;
    		else other++;
    		total++;
    	}
    
    	total=total-other;
    	printf("\nVowels:     %d [%.2f%%]\n",vowels,(float)vowels*100/total);
    	printf("Consonants: %d [%.2f%%]\n",consonants,(float)consonants*100/total);
    	printf("*UpperCase: %d [%.2f%%]\n",upperCase,(float)upperCase*100/total);
    	printf("Numbers:    %d [%.2f%%]\n",numbers,(float)numbers*100/total);
    	printf("Symbols:    %d [%.2f%%]\n",symbols,(float)symbols*100/total);
    	printf("Spaces:     %d [%.2f%%]\n",spaces,(float)spaces*100/total);
    	printf("\n* Upper case characters don't count to the total.\n");
    
    	// Close the file
    	
    	fclose(f);
    	printf("\n");
    	return 0;
    }

  2. #2
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: A new tool: RndPasswd

    Quote Originally Posted by Kalunga View Post
    Hy Guys, I developed a new small tool to generate random passwords. I want to share it with you. Maybe it can be part of the next Backtrack edition :-)

    A brutal force attack can take days or months to complete if a big password is used. If you have luck, you can speed-up the time to match the password with this program. RndPasswd generates random passwords to be used trough the unix or linux pipe.

    Here is the source code in C. You can compile it with "gcc -o RndPasswd RndPasswd.c":

    Code:
    // RndPasswd - Created by Kalunga (kalunga@inbox.com)
    
    #include <stdio.h>
    
    void showHelp()
    {
    	printf("\nRndPasswd - Created by Kalunga (kalunga@inbox.com)\n\n");
    	printf("A brutal force attack can take days or months to complete if a big\n");
    	printf("password is used. If you have luck, you can speed-up the time to match\n");
    	printf("the password with this program.\n\n");
    	printf("RndPasswd generates random passwords to be used trough the unix or linux pipe.\n\n");
    	printf("Usage: RndPasswd MIN MAX\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX vowels consonants numbers symbols upper\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX off\n");
    	printf("          or\n");
    	printf("       RndPasswd MIN MAX vowels consonants numbers symbols upper off\n\n");
    	printf("MIN:   Is the minimum length of the password to be generated.\n");
    	printf("MAX:   Is the maximal length of the password to be generated.\n\n");
    	printf("       MIN must be less or equal MAX and both must be an integer number\n");
    	printf("       between 1 and 64.\n\n");
    	printf("Vowels, consonants, numbers, symbols and upper:\n\n");
    	printf("       Defines how often these characters would be part of the password (in %%).\n\n");
    	printf("       They must be an integer number between 0 and 100 (without the char %%).\n\n");
    	printf("       All five must be given or omitted.\n\n");
    	printf("       If omitted, the defaults are 35%% vowels, 55%% consonants, 8%% numbers,\n");
    	printf("       2%% symbols and 10%% uppercase.\n\n");
    	printf("       Vowels + consonants + numbers + symbols must be equal 100.\n");
    	printf("       (Uppercase don't count, since they are vowels or consonants)\n\n");
    	printf("       The symbols used are !@#$%%^&*()-_+=~`[]{}|\\:;\"\'<>,.\?/ (and space).\n\n");
    	printf("       You can use the supplied program CharCount to find out how often these\n");
    	printf("       characters appear in your language. The values used by default come\n");
    	printf("       from a big dictionary password file with words from many languages.\n\n");
    	printf("off:   Because many passwords have a first uppercase letter and a number at end,\n");
    	printf("       the program automatic increase the chances of this to happen in 50%%.\n");
    	printf("       If you give \"off\" to this argument, this feature will be switched off.\n\n");
    	printf("Examples:\n\n");
    	printf("       RndPasswd 4 8\n");
    	printf("       Generate passwords between 4 and 8 characters using defaults percentages.\n\n");
    	printf("       RNDPasswd 10 10\n");
    	printf("       Generate passwords always with 10 characters using defaults percentages.\n\n");
    	printf("       RndPasswd 6 10 0 0 100 0 0\n");
    	printf("       Generate passwords between 6 and 10 characters, but only numbers.\n\n");
    	printf("       RndPasswd 8 16 10 50 25 15 40\n");
    	printf("       Generate passwords between 8 and 16 characters, where the chances for\n");
    	printf("       vowels to appear are 10%%, consonants are 50%%, numbers are 25%%,\n");
    	printf("       symbols are 15%% and uppercase are 40%%.\n\n");
    	printf("       RndPasswd 8 16 10 50 25 15 40 off\n");
    	printf("       Generate passwords between 8 and 16 characters, as described above, but\n");
    	printf("       switch off the increase in frequency for the first character to be\n");
    	printf("       uppercase and for the last two characters to be a number.\n\n");
    	printf("       RndPasswd 6 8 off\n");
    	printf("       Generate passwords between 6 and 8 characters and switch off the increase\n");
    	printf("       in frequency for the first character to be uppercase and for the last two\n");
    	printf("       characters to be a number.\n\n");
    	printf("       RndPasswd 8 12 | aircrack-ng -w - -b aa:bb:cc:dd:ee:ff log-01.cap\n");
    	printf("       Used with aircrack-ng.\n\n");
    	printf("       RndPasswd 8 12 | pyrit -r log-01.cap -i - attack_passthrough\n");
    	printf("       Used with pyrit.\n\n");
    }
    
    int main(int argc, char **argv)
    {
    	char b;
    	int i, j, min, max, len, rnd, v, c, n, s, u, flag=0;
    	char vowels[]="aeiou";
    	char consonants[]="bcdfghjklmnpqrstvwxyz";
    	char numbers[]="0123456789";
    	char symbols[]="!@#$%^&*()-_+=~`[]{}|\\:;\"\'<>,.\?/ ";
    	srand(time(NULL));
    
    	// Verify the arguments
    	if(argc!=3 && argc!=4 && argc!=8 && argc!=9)
    	{
    		showHelp();
    		return -1;
    	}
    
    	// Read and test the arguments
    	min=atoi(argv[1]);
    	max=atoi(argv[2]);
    
    	if(min<1 || max<1 || min>64 || max>64)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if(min>max)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==4 && strcmp(argv[3],"off"))
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==9 && strcmp(argv[8],"off"))
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (argc==4 || argc==9)
    		flag=1;
    
    	if (argc==8 || argc==9)
    	{
    		v=atoi(argv[3]);
    		c=atoi(argv[4]);
    		n=atoi(argv[5]);
    		s=atoi(argv[6]);
    		u=atoi(argv[7]);
    	}
    	else
    	{
    		v=35;
    		c=55;
    		n=8;
    		s=2;
    		u=10;
    	}
    
    	if (v<0   || c<0   || n<0   || s<0   || u<0 ||
    	    v>100 || c>100 || n>100 || s>100 || u>100)
    	{
    		showHelp();
    		return -1;
    	}
    
    	if (v+c+n+s!=100)
    	{
    		showHelp();
    		return -1;
    	}
    
    	// Generate the passwords
    	for(;;) // 'i' was used here to tests
    	{
    		len=(rand()%(max-min+1))+min;
    		for (j=0;j<len;j++)
    		{
    			rnd=rand()%100;
    			if (rnd<v)
    				b=vowels[rand()%5];
    			else if (rnd>=v && rnd<v+c)
    				b=consonants[rand()%21];
    			else if (rnd>=v+c && rnd<v+c+n)
    				b=numbers[rand()%10];
    			else if (rnd>=v+c+n)
    				b=symbols[rand()%33];
    			if (flag==0 && j==0 && rnd<v+c && rand()%100<u+50)
    				b=b+'A'-'a';
    			else if (rnd<v+c && rand()%100<u)
    				b=b+'A'-'a';
    			if (flag==0 && j>=len-2 && rand()%100<n+50)
    				b=numbers[rand()%(10)];
    			printf("%c",b);
    		}
    		printf("\n");
    	}
    
    	printf("\n");
    	return 0;
    }
    Here is also a program to be used to count characters. You can also compile it with "gcc -o CharCount CharCount.c":

    Code:
    // CharCount - Created by Kalunga (kalunga@inbox.com)
    
    #include <stdio.h>
    
    int main(int argc, char **argv)
    {
    	FILE *f;
    	char byte;
    	unsigned int total=0, vowels=0, consonants=0, numbers=0, symbols=0, upperCase=0, spaces=0, other=0;
    
    	// Verify the arguments
    	if(argc != 2)
    	{
    		printf("\nUsage: CharCount file.txt\n\n");
    		return -1;
    	}
    
    	// Open the file and test it
    	
    	f=fopen(argv[1],"rb");
    	if (f==NULL)
    	{
    		printf("\nError opening %s\n\n",argv[1]);
    		return -1;
    	}
    	
    	// Read the bytes and print
    
    	while (!feof(f))
    	{
    		fread(&byte,1,1,f); // Read the next byte from the file
    		if (byte=='a' || byte=='e' || byte=='i' || byte=='o' || byte=='u')
    			vowels++;
    		else if (byte=='A' || byte=='E' || byte=='I' || byte=='O' || byte=='U')
    		{
    			vowels++;
    			upperCase++;
    		}
    		else if (byte>'a' && byte <='z')
    			consonants++;
     		else if (byte>'A' && byte<='Z')
    		{
    			consonants++;
    			upperCase++;
    		}
    		else if (byte>='0' && byte<='9')
    			numbers++;
    		else if (byte=='!' || byte=='@' || byte=='#' || byte=='$' || byte=='%'
    		      || byte=='^' || byte=='&' || byte=='*' || byte=='(' || byte==')'
    		      || byte=='-' || byte=='_' || byte=='+' || byte=='=' || byte=='~'
    		      || byte=='`' || byte=='[' || byte==']' || byte=='{' || byte=='}'
    		      || byte=='|' || byte=='\\' || byte==':' || byte==';' || byte=='\"'
    		      || byte=='\'' || byte=='<' || byte=='>' || byte==',' || byte=='.'
    		      || byte=='\?' || byte=='/')
    			symbols++;
    		else if (byte==' ')
    			spaces++;
    		else other++;
    		total++;
    	}
    
    	total=total-other;
    	printf("\nVowels:     %d [%.2f%%]\n",vowels,(float)vowels*100/total);
    	printf("Consonants: %d [%.2f%%]\n",consonants,(float)consonants*100/total);
    	printf("*UpperCase: %d [%.2f%%]\n",upperCase,(float)upperCase*100/total);
    	printf("Numbers:    %d [%.2f%%]\n",numbers,(float)numbers*100/total);
    	printf("Symbols:    %d [%.2f%%]\n",symbols,(float)symbols*100/total);
    	printf("Spaces:     %d [%.2f%%]\n",spaces,(float)spaces*100/total);
    	printf("\n* Upper case characters don't count to the total.\n");
    
    	// Close the file
    	
    	fclose(f);
    	printf("\n");
    	return 0;
    }
    How does the program generating random giberish help you in brute-forcing a long password? Have you heard of the program crunch or how does your program extend the capabilities of crunch? I'm just trying to understand better, in what sittuation will your program benifit someone or how it differs from other known brute-force programs.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    4

    Default Re: A new tool: RndPasswd

    Quote Originally Posted by aerokid240 View Post
    How does the program generating random giberish help you in brute-forcing a long password? Have you heard of the program crunch or how does your program extend the capabilities of crunch? I'm just trying to understand better, in what sittuation will your program benifit someone or how it differs from other known brute-force programs.
    Crunch only works in sequence. I mean, it starts with AAAAA and ends with ZZZZZ, covering all combinations in between. My program don't do that. It only generates random characters with the provided length. If you have "luck", you will find the password. A long password can take months to crack, if attacked in sequence like by Crunch. With my program, maybe (I said maybe) you will find the password faster. It's not a killer tool. It's only one more to try if anything else fail.

    By controlling the frequency of vowels, consonants, numbers, symbols and uppercase characters, you can improve the chances to math a password. So you can generate only numbers, or only lowercase characters, or only uppercase, and so on.

  4. #4
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: A new tool: RndPasswd

    Quote Originally Posted by Kalunga View Post
    Crunch only works in sequence. I mean, it starts with AAAAA and ends with ZZZZZ, covering all combinations in between. My program don't do that. It only generates random characters with the provided length. If you have "luck", you will find the password. A long password can take months to crack, if attacked in sequence like by Crunch. With my program, maybe (I said maybe) you will find the password faster. It's not a killer tool. It's only one more to try if anything else fail.

    By controlling the frequency of vowels, consonants, numbers, symbols and uppercase characters, you can improve the chances to math a password. So you can generate only numbers, or only lowercase characters, or only uppercase, and so on.
    I have created Sbrgen which will generate random passwords, and ALL passwords if chosen. I believe Tha Doct0r has done this as well.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2012
    Posts
    10

    Default Re: A new tool: RndPasswd

    Is this tool takes care of non-repetition of randomly generated passwords?

  6. #6
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    4

    Default Re: A new tool: RndPasswd

    Quote Originally Posted by v1kt0r View Post
    Is this tool takes care of non-repetition of randomly generated passwords?
    No, it doesn't. Verifying every generated password only would make the random process slow and the chances that a password being generated twice is very, very small.

  7. #7
    Member
    Join Date
    Dec 2011
    Posts
    86

    Default Re: A new tool: RndPasswd

    As Bl4cks4b3r said I wrote a bash script that parses crunch's output to remove a customize-able amount of duplicate characters, and customize-able amount of sequential characters as well as to specify a length and charset as well I believe

    granted its not its own program so its a bit slower but it sure helps a bit. I'm not sure if I created a passthrough option for it in my script yet but its certainly doable for my next version

Similar Threads

  1. sectool : Tool for Security Audit Tool and IDS
    By firebits in forum Tool Requests
    Replies: 3
    Last Post: 01-27-2011, 11:23 AM
  2. Tool request: NSAT (network security analysis tool)
    By williamc in forum OLD BT3beta General
    Replies: 10
    Last Post: 06-03-2008, 04:33 PM
  3. SV New Tool - PCP
    By shamanvirtuel in forum OLD Programming
    Replies: 8
    Last Post: 10-11-2007, 10:42 PM
  4. Tool set
    By Xzayl in forum OLD Newbie Area
    Replies: 4
    Last Post: 08-21-2007, 12:18 AM
  5. new tool
    By purehate in forum OLD BackTrack v2.0 Final
    Replies: 3
    Last Post: 08-02-2007, 06:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •