DEV Community

Cover image for Genetic algorithms for brute forcing
Paula
Paula

Posted on

Genetic algorithms for brute forcing

Due to my work I tend to use brute force lists a lot, mostly to test incorrect login management. Sometimes I feel I get really close to correct passwords either guessing or using profiling tools. I don't know if some of you, when it comes to change the default or old passwords you just take your old one and change it a bit. That's mostly wrong btw.

In any case recently I felt like hand-writing customized lists out of guessing on a text file was a poorly decision, so I decided to create a command that creates fitted guessing options from a fitting range using a genetic algorithm. I created a gitlab repo in order to share it and I'd like to improve it, mostly because I know C++ might not be the best option and also because I'm open to suggestions, in general.

If you are curious please check and merge request your ideas!

Example of use with a sample guessed password and the desired fitness 2:

$ ./jockpass myPasswordGu3ss 2
Enter fullscreen mode Exit fullscreen mode

Top comments (9)

Collapse
 
serializator profile image
Julian

I'm all but familiar with C++ and biology wasn't my strong suit so I gotta give kudos for not only the functional aspect of the tool you wrote but the way it's written as well. A combination of the terminology used in naming (kinda implicit to do when you use a genetic algorithm but still) and the simple but thoughtful comments really made it understandable for me. ๐Ÿ˜‰๐Ÿ™

Collapse
 
terceranexus6 profile image
Paula

Happy to hear that!

Collapse
 
5422m4n profile image
Sven Kanoldt

Nice idea! If I got it right, you want to find similar passwords for a given one that you already know? To try out those, because a user might just have used it in a slightly different variation?

In your fitness function you check for quality if each letter. The more exact machtes, the higher the fitness. Is that right?

You could also toy around with a levenshtein distance or consider a lead speak distance. So that for example an i and an 1 are more close to each other. From what I have learned, sometimes certain letters are replaced by number counterparts. And considering that in the fitness function might yield interesting results.

Besides that, I would actually give it a try in Rust, just out of curiosity.

Collapse
 
terceranexus6 profile image
Paula

This is wonderful thank you. Actually a friend of mine told me today to try out keyboard proximity as a fact as well? so many awesome ideas.

If you know Rust I'd love for a merge request!

Collapse
 
sturzl profile image
Avery

This is awesome! You should add your repo to the list of projects at the bottom of this page: github.com/OWASP/www-community/blo...

I'm sure some people who are looking for this kind of tool will find it there. Just for your reference here is where that page is hosted: owasp.org/www-community/Fuzzing

As far as improvements, there is a ton of research out there, sorry I don't have time to read through your code right now but I will sometime this weekend.

Collapse
 
terceranexus6 profile image
Paula

Thank you so much!

Collapse
 
Sloan, the sloth mascot
Comment deleted
Collapse
 
terceranexus6 profile image
Paula

Looking forward to see it!

Collapse
 
bgalvao profile image
Bernardo

How do you measure fitness of a candidate password? I tend to see password checking as this true or false response, which makes it hard to guide the searching performed by the GA.