Brute Force Attack in C#
In Cryptography, Brute force attack means trying every possible key on cipher text until the original translation of plain text obtained. At the minimum attacker should work half of the possible keys to succeeding. That means if there are N possible keys, the attacker should try a minimum of N/2 keys. With the help of Brute force attack, we can also generate possible passwords. In this article, we discuss how to obtain possible passwords by using Brute force attack in C#.
For example, we are trying to find out the password of the admin of the website. The password should be a minimum length of eight characters; password can contain uppercase, lowercase, and special characters combinations. Here we find all possible combinations with password length eight.
Open Microsoft Visual Studio 2015 => Create new Console Application and name it as CSharpBruteForceAttack. Add new class and name it as BruteForceattackCls.cs. Add below code for BruteForceAttackCls class.
using System;
using System.IO;
namespace CSharpBruteForceAttack
{
public class BruteForceCls
{
public char firstchar = '0';
public char lasrchar = 'z';
public int strlength = 8;
//this method guess the passwords with following conditions
//minimum password length - 8
//can contain numbers
//can contain lower case or upper case
//can contain special symbols
public void CreatePasswords(string keys)
{
string passwordFile = @"E:\BruteForce\Passwords.txt";
if (keys.Length == strlength)
{
File.AppendAllText(passwordFile, Environment.NewLine + keys);
}
if (keys.Length == strlength) {
return;
}
for (char c = firstchar; c <= lasrchar; c++)
{
CreatePasswords(keys + c);
}
}
}
}
As shown in the above code, we are forming the password from 0 to z character which includes all numbers, upper and lower case letters, special characters. If the formed password length is eight, it saves the password to Passwords.txt file in E:\BruteForceAttack folder. Call CreatePasswords() method from Main() method as shown below.
using System;
namespace CSharpBruteForceAttack
{
class Program
{
static void Main(string[] args)
{
string strMsg = "This process find outs the password combinations with minimum length of 8 and which conatins ";
for (char c = '0'; c <= 'z'; c++)
{
strMsg = strMsg + c.ToString() + ", " ;
}
var passwrite = new BruteForceCls();
passwrite.CreatePasswords(string.Empty);
Console.WriteLine(strMsg);
Console.ReadLine();
}
}
}
Run the application, and it saves all possible passwords in the Passwords.txt file. We can write a program to call the website by passing every password to identify correct password.
