Crack 4 digit password using putty or VT100 Emulator

Okay, so I have a hardware device that I have to connect to using putty. The device is protected by a 4 digit password. So I know there are 10,000 combinations and I know the device takes 5 seconds between each wrong password. So it'll take approx. 13 hours to complete.

TL;DR

How can I enter every combination into a putty window? I was thinking like a macro of some sort. Because the device I'm connecting to is like a hyper-terminal vt100 connection.

Update: When I connect to the device, I can interface with some things. But when I press 'E' to edit the MAP on the device. it tells me to enter the 4 digit password.

Kelbizzle

Posted 2010-09-11T19:10:47.947

Reputation: 1 808

I don't know the answer, but: PuTTY suggests Windows, and Windows supports other freeware SSH clients as well. Such as Cygwin, which opens up a world of scripting. Any reason why you specifically want PuTTY? – Arjan – 2010-09-11T19:14:23.053

It's the only way I know how to connect to this device :-(

It uses HyperTerminal or a VT100 emulator. – Kelbizzle – 2010-09-11T20:00:50.457

Ok, so not necessarily PuTTY then. What about some other emulator that allows for scripting itself? Or, in the old days, many terminal programs allowed for reading a file with commands, to set the connection details et al, or to fetch data. Such command files might not allow for true scripting (such as writing loops). But generating a single (but huge) command file with all 10,000 possibilities might be much easier than trying to script PuTTY? – Arjan – 2010-09-11T20:51:20.577

Aha, your question actually mentioned that VT100; I totally missed that, and so did others given the answers. When people see PuTTY, they think SSH, I guess. Why not remove PuTTY from the question...? – Arjan – 2010-09-11T20:54:27.563

Yea, that makes sense. I went the single huge file route using autohotkey http://pastebin.ca/1938488

– Kelbizzle – 2010-09-11T22:16:13.940

Answers

This might help. This is interfacing ssh using python. http://www.linuxplanet.com/linuxplanet/tutorials/6618/1/ Shouldn't be difficult to learn if you know python. You can do it on cygwin.

How could i have forgotten expect???? Use autoexpect to generate a script and then use some scripting lanaguage to substitue different passwords and you're done.

0fnt

Posted 2010-09-11T19:10:47.947

Reputation: 1 741

Tera Term Pro is a terminal emulator that can connect to a serial port and has a macro language.

In Tera Term Pro, go to Help → Index → MACRO help to read about the macro language. Look at the example macro files (.ttl files) for examples.

Here's an example macro to get you started. Save the following text into a file named pinsearch.ttl. To start the macro, go to Control → Macro and open the pinsearch.ttl file. To pause or stop the macro, click on the MACRO window and use the Pause or End buttons.

for i 0 9999

  int2str i_text i
  strlen i_text
  len = result

  if len=1 then
    pin_text = "000"
  elseif len=2 then
    pin_text = "00"
  elseif len=3 then
    pin_text = "0"
  else
    pin_text = ""
  endif

  strconcat pin_text i_text

  send "E"
  wait "password?"

  send pin_text
  wait "ok" "wrong"

  if result=1 goto found_it

  wait "command?"

next

messagebox "Didn't find password" ""
end

:found_it
messagebox pin_text ""
end

Bavi_H

Posted 2010-09-11T19:10:47.947

Reputation: 6 137

You can likely accomplish this by writing an autohotkey script. Or, if you know another scripting language, write a bruteforcer in that. You may also be able to find some premade ssh bruteforcing tool somewhere that will let you define the keyspace as 4 char passwords, all digits.

Ryan Gooler

Posted 2010-09-11T19:10:47.947

Reputation: 1 844

I wast thinking this also. But I'm in no position to begin reading about writing a brute force script.

I have found a couple of options but nothing to just simply enter 0000-9999 into a window, wait 5 seconds in between, and move to the next. – Kelbizzle – 2010-09-11T20:01:41.300

There is a huge list of of password cracking tools at sectools.org/crackers.html

As for your situation, I suggest using THC Hydra (#3 on the sectools' list) which you can download from http://freeworld.thc.org/thc-hydra/

Tal

Posted 2010-09-11T19:10:47.947

Reputation: 115

Hydra looked promising but the option i select for putty which is "serial" . – Kelbizzle – 2010-09-11T20:21:31.533