Brute Force Cracking

Brute force cracking is essentially a trial and error method, just as a safe can be cracked open by trying all possible combinations, passwords can also be cracked in a similar fashion. This is the reason why it is recommended to use passwords that are random, long and include special characters and numbers, as these measures ensure that it takes longer for an attacker to go through all the possibilities. But if you encounter a case where the password is completely alphanumeric and short in length, ie 4-5 characters. Such a password can be easily brute-forced. You can write a script in the language of your choice to accomplish this. For this tutorial we will use a simple bash one-liner to crack a one character password for a binary.

This binary (called bin) only takes small letters as input. Hence using a simple bash loop,

for i in {a..z}; do echo $i | ./bin; done

You can separate the correct output by grepping the success message or in this case, the flag format.

for i in {a..z}; do echo $i | ./bin; done | grep -a "inctf"

Note

Here the -a argument is used for grep so that grep treats the output as a text file rather than a binary file while searching for our string.