Using for loop to brute-force a password
Solution 1
Brace expansion: Only consecutive characters are allowed
Hirachical for-loops: This is a waste of cmd-lines
I think I got a nice way: Use eval and brace expansion
$ cat charList
a,b,_,X,5,1,' ',-,')',3
$ eval echo "{$(cat charList)}{$(cat charList)}{$(cat charList)}"
Unfortunately I have no bash now, but this should do it:
$ eval "for word in {$(cat charList)}{$(cat charList)}; do echo '${word}'; done"
Solution 2
Factory reset
Why not just factory reset the router and gain access that way? Will be less time consuming and can get back in, in a matter of minutes.
For loops
If you must with for loops:
$ cat charlist
a
b
c
d
e
f
g
And this construct:
$ for i in $(cat charlist); do for j in $(cat charlist); do echo $i$j;done;done
Example
$ for i in $(cat charlist); do for j in $(cat charlist); do \
echo $i$j;done;done | tail -5
gc
gd
ge
gf
gg
Take the | tail -5 off to get the full list.
Using brace expansion
You can also get Bash to create the sets of characters like this:
$ echo {a..z}
a b c d e f g h i j k l m n o p q r s t u v w x y z
$ echo {1..20}
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Example
$ for i in {a..z}; do for j in {a..z}; do echo $i$j;done;done | tail -5
zv
zw
zx
zy
zz
Additionally you can forgo using loops all together and just have the brace expansions do all the work for you:
$ echo {a..z}{a..z}
Example
$ echo {a..z}{a..z} | cut -d" " -f1-10
aa ab ac ad ae af ag ah ai aj
Again just drop the | cut -d" " -f1-10, this is to limit the amount of output for display purposes in my answer to the first 10 combinations.
Related videos on Youtube
04 : 12
01 : 49 : 07
14 : 23
04 : 13
02 : 41
Comments
-
Tik0 over 1 year
I just wanted to brute-force my old router but the for-loop was really amateur style. How to write a nice for-loop, if I only know the charaters included? Found already that page but it does not include my case. I though of something like the following, but obviously it does not work:
for word in $(cat charList)$(cat charlist); do echo ${word}; done-
slm over 10 yearsWhat does charlist contain? -
lynxlynxlynx over 10 yearsSurely you don't mean to imply the password has only two characters?
-
frostschutz over 10 yearsMost routers can be reset so they will accept a standard password.
-
Tik0 over 10 yearsSure I can reset my router but I am asking for a NICE way to write for-loops which can brute force my router.
-
-
Lekensteyn over 10 yearsWhat a waste of keyboard buttons, you can also combine the brace expansion:
echo {a..z}{a..z}. -
slm over 10 years@Lekensteyn - thanks I was getting to that one next, I hadn't hit submit yet on that add.
-
slm over 10 years@Lekensteyn - teaching someone how to fish is never a waste of keyboard buttons. I'm sorry you're so negative on educating others.
-
Bernhard over 10 yearsJust to add: if the charlist would contain, e.g
a,b,f,o,r, you would, using brace expansion, do:echo {a,b,f,o,r}{a,b,f,o,r} -
Lekensteyn over 10 years@slm I didn't meant to be so negative, I am sorry if it appeared as such.
-
slm over 10 years@Lekensteyn - No biggie. Thanks for getting back.
-
Tik0 over 10 years@slm: Thanks for the answer, but that is what I meant with not a nice way. Hirachical for-loops are crap and the brace expansion is very limited regarding non-consecutive characters.
-
frostschutz over 10 yearsIt's easy to add a grep to filter out unwanted combinations, but the brace expansion will soon be too slow as the number of possible combination grows. Hierarchical for may not look nice but may be the better tool in some situations.
-
frostschutz over 10 yearsIt's still brace expansion, though...
-
slm over 10 years@Tik0 - hierarchical for-loops may be perceived "crap" but they harness what computers do best. Let us know if you find something better, I"m not aware of any other technique. There's a reason that brute force is the least desirable option.
-
Tik0 over 10 yearsYes, it's brace expansion but such that I can use any character. Even spaces or cmds, which makes the brute-forceing to a one-liner ;).
