Recursive script, loop keeps breaking, not sure why.

Submitted by mcgyver666 on Sun, 09/06/2009 - 06:50

***********************************
int main(){
int a = 0;
int b = 0;
int c = 0;
int d = 0;
string output = "";
string myip = getMaliciousIP();
string payload = "If you read this it worked";
string s[];
s = split("a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 0",char(32));
for(a=0;a<=62;a++)
{
for(b=0;b<=62;b++)
{
for(c=0;c<=62;c++)
{
for(d=0;d<=62;d++)
{
output = s[a]+s[b]+s[c]+s[d];
while (fileExists(output)) {
writeFile(output,payload);
}
}
}
}
}
}
*************************************

Ok, so heres the code.

To test and develop, compile it and put it in an attack slot.

Make up a 4 character text file on your HD, I have been using aabc.txt
Put any text u like in it.

Use this script to attack an enemies port.
Go back to your HDD.

The text file you created should now read "If you read this it worked".

This is a standalone section of code from a bigger project.

THE PROBLEM.

After finding a file that matches the string output, It should write to that file, and then continue back into the recursive loop that is generating the filename, but it doesn't. It just stops. I'm not sure why, any ideas?

I have checked for maximum operations and a few other things, I'm fairly confident that so far in early filenames such as aa?? that this is not the issue.

Cheers.

‹ else if(?) Form Submittion ›
Related:

The problem

Submitted by TerribleTrioJoe on Sun, 09/06/2009 - 08:29.

The problem lies in these lines of code:

while (fileExists(output)) {
writeFile(output,payload);
}

What happens here is that if the file exists (as it does) then calling while(fileExists(output)) { ...} generates an infinite loop, so your program will hit max ops in that loop once you find the first file that exists. Instead of this, you should have:

if(fileExists(output)) {
writeFile(output,payload);
}

This only executes once.

Other than that error, nice script. Cheers!

-TTJ

(Im in ur compilerz lolin' ur codez !)

Well, that indeed got it

Submitted by mcgyver666 on Sun, 09/06/2009 - 09:32.

Well, that indeed got it behaving like it was supposed to.

I hit max ops at aap0 :(

WTB more max ops.

You should upgrade you

Submitted by Drizzt_DoUrden on Mon, 09/07/2009 - 06:10.

You should upgrade you account. Its $5/month. It gives you a bunch of things plus you get to help Hack Wars.

Get your own domain name.
Get 4x Max OPs. << -- There you go! :P
Get 4x Max File Characters.
Get email account.

- Drizzt Do'Urden

unfortunately for now drizz,

Submitted by mcgyver666 on Mon, 09/07/2009 - 09:45.

unfortunately for now drizz, 4x won't achieve what I was after. 4000x maybe close :(

Can never hurt to be ambitious though right?

there has to be a limit

Submitted by Silverlight on Mon, 09/07/2009 - 12:50.

the problem is that all scripts are executed on the HW server. Without any ops limit the server -and us players- would suffer from a lot of poor coding.. (like your while mistake)

BTW your brute force file password breaker will try to create 64^4 different passwords and then write them into a file.

So you create 16,777,216 different combinations.
What you need is x-times of that amount in ops. x being the number it takes for one loop to generate one phrase and to write it.

Conclusion: stick to wordlists (with less than 4000 entries) and forget about the brute force method. (If this was intended as a file finder: same as above - but filenames often have more or less than only 4 letters - and you are missing the often used "." in windows machines)

PS:
s = split("a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 0"," ");
makes it easier to read and saves you 1 (in words: ONE) whole HW operation - believe me I tested it.

And I quote, "This is a

Submitted by mcgyver666 on Tue, 09/08/2009 - 03:39.

And I quote, "This is a standalone section of code from a bigger project."

This is just a snippet of code I put together so that I could get help in finding the problem with it. It is indeed part of a file sniffer, and the file names are not written to a file, they are only checked against fileExists. I had originally started with an if, instead of while, but had not been able to get it to work, the cause of this turns out that the check file was too deep into the operation stack, and the script was terminating before it reached it. The hazards of checking too many things at once I guess.

The intention was to get this snippet working as intended, and then include the other sections that would enable it to start with strings of length 1, and grow from there. C'est la vie.

only use global to store last

Submitted by madeinqc on Tue, 09/08/2009 - 06:09.

only use global to store last fileName tested so even if you hit max OP, you can still launch it from where you were. and you could store working result to a file to access them easily :)

yeah I did consider that, but

Submitted by mcgyver666 on Tue, 09/08/2009 - 20:38.

yeah I did consider that, but did a few quick sums, and to get to the 8 digit region, you would still have to launch the attack millions of times. Oh well. It was grand in theory. Thanks for the help everyone.