Instructions for Brute Force Demo Script

Click here to Download script – The password is Open5aseme

This simple script is designed to demonstrate various concepts related to brute force attempts. It has been developed specifically for classroom demonstrations, so I strongly recommend that you only use it within a controlled educational environment.

Before we begin, please note that the script is most effective for passwords that are three, four, or five characters long. While there is no specific limit on the number of passwords it can test or their length, we recommend focusing on these shorter passwords for practicality in the classroom.

To use the script, follow these steps:

1. Ensure that you have a Python environment set up to execute the script. In this example, we will be using Python along with PowerShell, but you can use any tool or environment of your choice.

2. Generate MD5 hashes for passwords of the same length using any suitable tool. For instance:

   – Example 1: Password “985” generates the hash “54a367d629152b720749e187b3eaa11b”

   – Example 2: Password “0%6” generates the hash “9ee543e8dd627f8bb85590a3fafe4164”

   – Example 3: Password “Job” generates the hash “cf51066f49e517f274b8173cc265c60b”

3. Create an input string consisting of the generated MD5 hashes. Separate the hashes with commas and ensure there are no spaces between them. For example: “54a367d629152b720749e187b3eaa11b,9ee543e8dd627f8bb85590a3fafe4164,cf51066f49e517f274b8173cc265c60b”

4. Launch the script, and you will be prompted with a question about having hashes to try. For the purpose of this script, enter “Yes.”

5. Paste or manually enter the MD5 hashes you generated in step 2 when prompted by the script.

6. The script will then ask you to specify the length of the passwords. Note that this script is designed to work with passwords of the same length only. For our examples, we will be using three-character passwords, so enter “3”.

7. Once you have provided the necessary inputs, let the script run. Below is the output

The script will begin generating random passwords and testing them against the provided MD5 hashes. As it runs, here are some observations and lessons you can learn:

– Pay attention to the time it takes to reverse a hash for a three-character password. Compare this to the time required for four or five-character passwords. This demonstrates the impact of password length on the cracking process. The script uses a library that you can explore in the code, and the longer the library, the longer it takes to crack passwords due to the increased number of permutations.

– Keep in mind that the script stores all randomly generated passwords in an array in memory. If you use excessively long passwords, the script may eventually hang due to excessive memory usage. For the sake of a smooth learning experience, it’s recommended to keep the passwords simple.

– The script will update the console output after every 100,000 password attempts. Take note of how quickly it generates these passwords, showcasing the computational speed of the script. If you’re using PowerShell or another terminal, you can redirect the output to a file for later review.

Please remember that this script is intended for educational purposes only and should be used responsibly within a controlled environment.

Scroll to Top