WhiteWolf Posted December 9, 2019 Share Posted December 9, 2019 Hello, my name is Allen I am currently getting in to the computer world. I had an idea of an injection key logger. But only accepts charicters entered 1-16 charicters that do NOT include a space charicter. Most of our valuable information is written in 1-16 characters without spaces. Please, thoughts negative or positive are greatly appreciated. Link to comment Share on other sites More sharing options...
aethernaut Posted December 10, 2019 Share Posted December 10, 2019 @WhiteWolf An "injection keylogger" sounds like a device that injects data and then records it? That does not make sense to me. Are you suggesting a device that will try to brute force a password of 1-16 characters when plugged in? In that you would find a place where there is a password prompt and then plug in / trigger the device? If so, a simple password (English) of 16 characters with no spaces has 62 possibles for each character (A-Z, a-z, 0-9). To start at 1 character and gradually increase to 16 characters would mean that the device would have to: Try all 62 characters once (621) Then try all combinations of two characters (622) Then try all combinations of three characters (623) Then try all combinations of four characters (624) ... All the way up to all combinations of sixteen characters (6216) Even if your inject device could try 1,000,000,000 passwords per second it would take about 2,550,439,589,685 years to check every one. Of course this does not take into consideration any anti-brute force software on the target system (for example see "fail2ban") or even just having to clear any "Invalid Password" messages. Of course if you meant something else I apologise for not understanding. Link to comment Share on other sites More sharing options...
aethernaut Posted December 10, 2019 Share Posted December 10, 2019 @WhiteWolf Thinking about it, if you meant that the keylogger only recorded text that was 1-16 characters without spaces then that would be pretty much everything typed anyway and recording everything possible is what a keylogger already does. For example if the rule "record any text typed without spaces that is under 16 characters" was applied to your first message you would get (when de-duplicated and sorted), 1-16 a accepts Allen am an appreciated. are But characters charicter. charicters computer currently do entered getting greatly had Hello, I idea in include information injection is key logger. Most my name negative NOT of only or our Please, positive space spaces. that the thoughts to valuable without world. written which is the all the words in the message. Again, if you meant something else I apologise for not understanding. Link to comment Share on other sites More sharing options...
WhiteWolf Posted December 15, 2019 Author Share Posted December 15, 2019 On 12/10/2019 at 9:36 AM, aethernaut said: @WhiteWolf Thinking about it, if you meant that the keylogger only recorded text that was 1-16 characters without spaces then that would be pretty much everything typed anyway and recording everything possible is what a keylogger already does. For example if the rule "record any text typed without spaces that is under 16 characters" was applied to your first message you would get (when de-duplicated and sorted), 1-16 a accepts Allen am an appreciated. are But characters charicter. charicters computer currently do entered getting greatly had Hello, I idea in include information injection is key logger. Most my name negative NOT of only or our Please, positive space spaces. that the thoughts to valuable without world. written which is the all the words in the message. Again, if you meant something else I apologise for not understanding. No you both are correct. I'm new to this computer world. Most of my paragraph would fit that description but again I am typing spaces between words the program would only take the data if there was no space.. I'm just trying to find ways around things and to get in to systems. Thanks guys for not slaying me for a dumb idea. Link to comment Share on other sites More sharing options...
WhiteWolf Posted December 15, 2019 Author Share Posted December 15, 2019 The 16 characters would most likely not be a password but a bank card or something along those lines .. my point was is we know no one is using a 15 letter password.. or a 2 letter password. We can narrow how many charicters and most commonly used ones to help the computer further crack the pass word instead of having it run every option possible.. no ones password is 1, but maybe it could be 1234567 what ever the min character you can set for the password so we lessen the chance of it running those options as well Link to comment Share on other sites More sharing options...
PanicAcid Posted July 7, 2020 Share Posted July 7, 2020 I have no idea what you're actually suggesting. A key logger logs keyboard / HID input and stores it in a text file or sends it off to a remote server if available. Injection is whacking your own payload / data into something else. What you're describing in your last post is parameters for brute forcing like what hashcat can do. Example of you know a password will be 8 uppercase characters you can run hashcat with ?u?u?u?u?u?u?u?u Will cause it to only try possible combinations of 8 chars. You can also set it to alpha numeric 1 to 8 chars etc. If I'm way off here you'll have to provide more info on what you think your idea will achieve. Note most systems will lock out login attempts after X number of failed attempts. Which is why it's usually more desirable to grab credentials that are salted like an NTLMv2 hash and then crack it at your leisure using hashcat. (Obviously plain text passwords are more desirable!) Link to comment Share on other sites More sharing options...
kuyaya Posted July 26, 2020 Share Posted July 26, 2020 On 12/15/2019 at 2:41 PM, WhiteWolf said: The 16 characters would most likely not be a password but a bank card or something along those lines .. my point was is we know no one is using a 15 letter password.. or a 2 letter password. We can narrow how many charicters and most commonly used ones to help the computer further crack the pass word instead of having it run every option possible.. no ones password is 1, but maybe it could be 1234567 what ever the min character you can set for the password so we lessen the chance of it running those options as well You mean that the computer should think like a human and only try passwords that really only humans use? Try rockyou.txt! Those are the 14'443'549 most used passwords. Or you can use the mask function of hashcat, which PanicAcid described above. Or if you want even more advanced stuff, try the rule function of hashcat. You can do things like that every word of a wordlist will be used backwards, or in leetspeak or both together.... Maybe I got the wrong idea of what you're trying to say, but it's kinda hard to understand your english... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.