Re: Cracking SSL passwords for fun and profit
On Thu, Nov 27, 2008 at 01:27, Douglas A. Tutty <dtutty@vianet.ca> wrote:
> Do you know what keyspace you used for your password? i.e. how many
> (roughly) characters, were they letters, numbers, punctuation, etc?
I do remember I chose a lowsec one. I.e. it should be [a-zA-Z0-9]{6-8}
> Use your scripting language of choice (e.g. python), create a nested
> loop that generates, in a logical manner, the set of passwords in which
> the correct password will be found. Have this script able to save to a
> file the current loop variables, and load them on startup if given the
> file name as a parameter.
Afaik, there is no easy way to feed a password into SSH. Same as
OpenSSL, it was designed _not_ to accept passwords from the
command line. For example, both will clear STDIN before prompting
for a password.
That being said, it should be doable with expect.
> If you were smart when you did your password, it will take a very long
> time. My guess will be that its the ssh iteration that will soak up
> time, and the use of a scripting language (as opposed to compiled e.g.
> fortran, C, or Ada) will not slow it down.
True. I do not really expect to get a result, either. As I said, it's a project
for fun. I would still prefer a pre-built script as I am rather busy atm
and I would hate myself if I wrote a script and ran it for a month only to
find out that I made a mistake, somewhere ;)
Richard
Reply to: