如何使用批處理文件生成暴力破解字符串

Question

我有一些可以破解數字rar文件密碼的代碼。該代碼只是遞增變量的值（從0開始），然後使用unrar命令檢查密碼以unrar。 但我想爲強力攻擊生成字符串。

SET PASSWORD=0 

:START 
SET /A PASSWORD=%PASSWORD%+1 
UNRAR E -INUL -P%PASSWORD% "%PATH%\%NAME%" "%DESTINATION%" 
IF /I %ERRORLEVEL% EQU 0 GOTO CLOSE 
GOTO START 

:CLOSE 
echo Password Cracked... 
echo Password is %PASSWORD% 

這裏

• ％PATH％是路徑，其中RAR文件所在

• ％NAME％是RAR文件的名稱

• ％DESTINATION％是地方文件存儲的unrar後， 在我的代碼目的地是 「％temp％\％RANDOM％」

通過應用此我能夠得到密碼，但對包含字母字符的字符串沒有用處。

如何從「a」開始生成字符串，所以我也能夠破解字母密碼？

Answer 1

我認爲這是一個瘋狂的想法，在CMD /批處理，但它至少聽起來像一個有趣的挑戰。 因此，發揮Professor from Gilligan's Island的作用，我決定嘗試從椰子創建一個粒子加速器。

這是我的項目。使用CMD /批處理可能會有更好的解決方案。我能說的最有利的事情就是它的運作。爲了適應您的目的，請更改:INFINITE_LOOP中的ECHO語句以執行一些有意義的操作，例如試圖解壓縮文件並在成功時退出。

下面是輸出的一個樣本，因爲它運行：

'0' 
'1' 
... 
'9' 
... 
'A' 
'B' 
... 
'Y' 
'Z' 
'a' 
'b' 
... 
'y' 
'z' 
'00' 
'01' 
... 
'zy' 
'zz' 
'000' 
'001' 
... 
'Car' 
'Cas' 
'Cat' 
'Cau' 
'Cav' 
'Caw' 
... 

這個解決方案應該有許多字符工作（CHARSET包含在輸出字符串中使用的所有字符），字符不能是例外只要不以某種方式逃避它們（例如雙引號，百分比（可能？），感嘆號......）。 腳本本身沒有完全清理（您必須手動清除​​），但它並不太雜亂。

@ECHO OFF 
SETLOCAL ENABLEDELAYEDEXPANSION 

SET "CHARSET=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghikjlmnopqrstuvwxyz" 



:: ====================================================================== 
:: Setup 

CALL :CONFIGURE_CHARSET "%CHARSET%" 
REM ECHO MAX_INDEX: !MAX_INDEX! 
REM SET 

:: Put the smallest value in the file. 
SET ITER_FILE=%TEMP%\ITERATOR_%RANDOM%.txt 
ECHO.0>"%ITER_FILE%" 



:: ====================================================================== 
:: Main Loop 

:INFINITE_LOOP 
CALL :READ_ITER "%ITER_FILE%" _ITER_CONTENTS 
ECHO '!_ITER_CONTENTS!' 
CALL :NEXT_ITER "%ITER_FILE%" 

GOTO :INFINITE_LOOP 

EXIT /B 




:: "Increment" the contents of the "state variable" file. 
:NEXT_ITER 
SETLOCAL 
SET "FILE=%~1" 
SET "NEXT_FILE=%TEMP%\ITERATOR_NEXT_%RANDOM%.txt" 
SET CARRY=1 
FOR /F %%n IN (%FILE%) DO (
    IF !CARRY! EQU 1 (
     SET /A I_VALUE=%%n+1 
     IF !I_VALUE! GTR %MAX_INDEX% (
      SET I_VALUE=0 
      SET CARRY=1 
     ) ELSE (
      SET CARRY=0 
     ) 
    ) ELSE (
     SET I_VALUE=%%n 
    ) 
    ECHO !I_VALUE!>>"!NEXT_FILE!" 
) 
REM Add a new digit place. 
IF !CARRY! EQU 1 (ECHO.0>>"!NEXT_FILE!") 
MOVE /Y "%NEXT_FILE%" "%FILE%" >NUL 
ENDLOCAL 
EXIT /B 


:: Read the contents of the "state variable" file and translate it 
:: into a string. 
:: The file is a series of lines (LSB first), each containing a single 
:: number (an index). 
:: Each index represents a single character from the CHARSET. 
:READ_ITER 
SETLOCAL 
SET "FILE=%~1" 
SET "VAR=%~2" 
SET VALUE= 
SET _V= 
FOR /F %%n IN (%FILE%) DO (
    SET "VALUE=!VALUE_%%n!!VALUE!" 
) 
ENDLOCAL && SET %VAR%=%VALUE% 
EXIT /B 



:: Translate the index number to a character. 
:TRANS_INDEX 
SETLOCAL 
SET "VAR=%~1" 
SET "C=%~2" 
SET IDX= 
FOR /L %%i IN (0,1,%MAX_INDEX%) DO (
    IF "!VALUE_%%i!"=="!C!" SET IDX=%%i 
) 
SET "TRANS=!VALUE_%%i!" 
ENDLOCAL && SET "%VAR%=%TRANS%" 
EXIT /B 




:: This is ugly magic. 
:: Create variables to hold the translation of an index to a character. 
:: As a side effect, set MAX_INDEX to the largest used index. 
:CONFIGURE_CHARSET 
SET CONFIG_TEMP=%TEMP%\CONFIG_%RANDOM%.cmd 
IF EXIST "%CONFIG_TEMP%" DEL /Q "%CONFIG_TEMP%" 
CALL :WRITE_CONFIG "%CONFIG_TEMP%" "%~1" 
REM Import all the definitions. 
CALL "%CONFIG_TEMP%" 
EXIT /B 

REM Create a means to "add one" to a value. 
:WRITE_CONFIG 
SETLOCAL 
SET "FILE=%~1" 
SET "STR=%~2" 

REM This is the "index" of the symbol. 
SET "INDEX=%~3" 
IF "!INDEX!"=="" SET INDEX=0 

IF NOT "%STR%"=="" (
    SET "C=!STR:~0,1!" 
    IF NOT "%~4"=="" (
     SET "FIRST=%~4" 
    ) ELSE (
     SET "FIRST=!C!" 
    ) 
    SET "D=!STR:~1,1!" 
    IF "!D!"=="" (
     SET CARRY=1 
     SET "D=!FIRST!" 
    ) ELSE (
     SET CARRY=0 
    ) 
    ECHO SET VALUE_!INDEX!=!C!>>"!FILE!" 

    SET /A NEXT_INDEX=INDEX+1 

    REM Recurse... 
    SET MAX_INDEX=!INDEX! 
    CALL :WRITE_CONFIG "!FILE!" "!STR:~1!" "!NEXT_INDEX!" "!FIRST!" 
    IF !INDEX! GTR !MAX_INDEX! SET MAX_INDEX=!INDEX! 
) 
ENDLOCAL && SET MAX_INDEX=%MAX_INDEX% 
EXIT /B