Crack 4 digit password using putty or VT100 Emulator

Question

Okay, so I have a hardware device that I have to connect to using putty. The device is protected by a 4 digit password. So I know there are 10,000 combinations and I know the device takes 5 seconds between each wrong password. So it'll take approx. 13 hours to complete.

TL;DR

How can I enter every combination into a putty window? I was thinking like a macro of some sort. Because the device I'm connecting to is like a hyper-terminal vt100 connection.

Update: When I connect to the device, I can interface with some things. But when I press 'E' to edit the MAP on the device. it tells me to enter the 4 digit password.

0fnt · Accepted Answer · 2010-09-11T20:30:24.600

2

This might help. This is interfacing ssh using python. http://www.linuxplanet.com/linuxplanet/tutorials/6618/1/ Shouldn't be difficult to learn if you know python. You can do it on cygwin.

How could i have forgotten expect???? Use autoexpect to generate a script and then use some scripting lanaguage to substitue different passwords and you're done.

edited Sep 11 '10 at 20:30

answered Sep 11 '10 at 20:12

0fnt

2,001

Bavi_H · Answer 2 · 2010-09-11T22:13:48.080

Tera Term Pro is a terminal emulator that can connect to a serial port and has a macro language.

In Tera Term Pro, go to Help → Index → MACRO help to read about the macro language. Look at the example macro files (.ttl files) for examples.

Here's an example macro to get you started. Save the following text into a file named pinsearch.ttl. To start the macro, go to Control → Macro and open the pinsearch.ttl file. To pause or stop the macro, click on the MACRO window and use the Pause or End buttons.

for i 0 9999

  int2str i_text i
  strlen i_text
  len = result

  if len=1 then
    pin_text = "000"
  elseif len=2 then
    pin_text = "00"
  elseif len=3 then
    pin_text = "0"
  else
    pin_text = ""
  endif

  strconcat pin_text i_text

  send "E"
  wait "password?"

  send pin_text
  wait "ok" "wrong"

  if result=1 goto found_it

  wait "command?"

next

messagebox "Didn't find password" ""
end

:found_it
messagebox pin_text ""
end

score 0 · Answer 3 · answered Sep 11 '10 at 19:32

You can likely accomplish this by writing an autohotkey script. Or, if you know another scripting language, write a bruteforcer in that. You may also be able to find some premade ssh bruteforcing tool somewhere that will let you define the keyspace as 4 char passwords, all digits.

score 0 · Answer 4 · answered Sep 11 '10 at 20:14

0

There is a huge list of of password cracking tools at sectools.org/crackers.html

As for your situation, I suggest using THC Hydra (#3 on the sectools' list) which you can download from http://freeworld.thc.org/thc-hydra/

answered Sep 11 '10 at 20:14

Tal

115

Crack 4 digit password using putty or VT100 Emulator

4 Answers4