new feature? or ? multircon

shaquille3 · **Joined:** 14 Mar 2008 23:10 **Posts:** 7

ok , i want to ask you if there is a way to modifie the brute force function of multircon in that way so there is another parameter , like -b defining the max length , -other parameter that defins the minimum lenght.
I find this usefull if you know that the password is like 10 characters , in my case.

If you cand do the modification yourself i would be grateful, but you could also tell me what to modifie in the source code, and i think i would manage to change it myself

aluigi · **Posted:** 15 Apr 2008 20:13

it's enough to modify the source code of multircon.c.
The instruction which reads the passwords from the wordlist is that one at line 358 so if you want to set a minimum of 3 chars and a maximum of 8 it's enough to add the following instruction at line 359:

Code:

if((strlen(bpwd) < 3) || (strlen(bpwd) > 8)) continue;

so that part of the code will looks like

Code:

            while(mybrute_word(brutex, fd) && !bfound) {
               if((strlen(bpwd) < 3) || (strlen(bpwd) > 8)) continue;
                rconbrute(sd, buff, bpwd);
                printf("%-79s\r", bpwd);
                usleep(bdelay);
            }

you could also place an automatic limitation of the passwords just in the tool, so for example if you have a password of 100 chars it will be truncated to how much you desire (truncated instead of being skipped).
It's enough to substituite the 64 at line 334 with the number you desire (like 8 and so on).

shaquille3 · **Joined:** 14 Mar 2008 23:10 **Posts:** 7

thenx for that , i will try it as soon as posible.
Also , how long do you think it will take for 10 characters?

Sethioz · **Posted:** 16 Apr 2008 14:31

i dont know about this one, but ive cracked md5 hashes (which is thousands of times faster, like 4-5 million pass per sec) and 10 char lower_alpha_numeric charset would take years on my 3.3ghz cpu.

aluigi · **Posted:** 16 Apr 2008 16:05

considering 62 chars for alphanumeric charset (26 * 2 + 10) and max 10 chars you have:

62 power 10 = 839299365868340224 tries

can someone check if this number is correct? 8-)
then 839299365868340224 * half second leads to a total time of 116569356370602 hours

Sethioz · **Posted:** 17 Apr 2008 15:27

hehe i was right about my calculation (about md5 hashes), but it would take .. thousands of years for this tool.

well if you have fast connection and fast PC..and/or lots of friends then you can do the following:
get passpro
calculate the start and stop points for like 100-..ppl
then run that many instances and increase cracking process by that many times.

basically passpro is designed for that. so it calculates the start and end points for this process. so you can use 1-infinite pcs to crack and never use dublicated passwords.

ofcourse its always best to use wordlists to crack .. i just dont know if this tool allows to use wordlist.

aluigi · **Posted:** 17 Apr 2008 16:51

Oh I forgot something, due to the usage of the UDP protocol and the absence of a return value from the server in case of error (if the password is wrong you will receive nothing) any number we have pasted becomes just useless since is senseless to spend years with a password if when you catch it the UDP packet goes lost 8-)

Luigi Auriemma

new feature? or ? multircon