1
00:00:00,390 --> 00:00:01,350
Welcome back everyone.

2
00:00:01,350 --> 00:00:04,780
And let's continue with the coding of our brute force sir.

3
00:00:04,950 --> 00:00:10,680
You will notice right away that we're going to start it rather the same as our vulnerability scanner.

4
00:00:10,710 --> 00:00:15,360
By prompting the users to input three different things that we are going to store into three different

5
00:00:15,360 --> 00:00:18,020
variables and use throughout our program.

6
00:00:18,090 --> 00:00:23,070
Now two of those three things are going to be the exact same as the number vulnerability scanner and

7
00:00:23,070 --> 00:00:26,850
the third one is going to be the user name for the same account.

8
00:00:26,850 --> 00:00:30,660
So first thing we're going to prompt the user is to enter the host.

9
00:00:30,660 --> 00:00:34,730
So the actual IP address to the target that they want to connect to.

10
00:00:34,740 --> 00:00:36,330
So we're going to type it right here.

11
00:00:36,330 --> 00:00:49,640
INPUT AND LET'S said the plus sign and then target address so the user can specify the target address.

12
00:00:49,670 --> 00:00:54,080
The second thing we are going to need is going to be the user name for the account that we are trying

13
00:00:54,080 --> 00:01:00,440
to brute force which in our case if you're using that selectable as I am is going to be MSF admin.

14
00:01:00,470 --> 00:01:00,880
All right.

15
00:01:00,890 --> 00:01:08,840
So we're going to input right here at the plus sign once again and as stage user name.

16
00:01:10,580 --> 00:01:16,810
And the last thing that we want prompt the user is to input the file or the file name from which we

17
00:01:16,810 --> 00:01:19,070
are going to read the passwords.

18
00:01:19,070 --> 00:01:19,540
All right.

19
00:01:19,580 --> 00:01:22,850
So input file let's call it like that.

20
00:01:22,850 --> 00:01:32,030
And we're going to type input single quotes plus sign and then passwords file.

21
00:01:33,480 --> 00:01:35,390
All right so simple as that.

22
00:01:35,390 --> 00:01:40,770
Once the user specifies all of these three things we are ready to start running our program.

23
00:01:40,820 --> 00:01:45,500
The first thing that we're going to take a look at is whether the user name specified the actual password

24
00:01:45,500 --> 00:01:47,190
file correctly.

25
00:01:47,440 --> 00:01:50,250
And we're going to do that using the OS library.

26
00:01:50,270 --> 00:01:52,730
So we're going to see whether this file actually exists.

27
00:01:52,730 --> 00:01:58,220
If it doesn't exist we're going to print to the user file doesn't exist.

28
00:01:58,220 --> 00:01:58,550
OK.

29
00:01:58,580 --> 00:02:04,970
So now in order to actually do that we're going to use an if statement and we're going to call the OS

30
00:02:04,970 --> 00:02:08,170
library with the path and Dot exists.

31
00:02:08,180 --> 00:02:13,970
Now there's always the path that exists will check for a specified path whether that path simply exists

32
00:02:14,000 --> 00:02:14,780
or not.

33
00:02:14,780 --> 00:02:22,730
Basically it performs the same thing as its name says so or as the path that exists and in the brackets

34
00:02:22,730 --> 00:02:25,010
we specify the actual path to the file.

35
00:02:25,010 --> 00:02:33,110
So in our case that will be input file and if it equals equals to false since the sexual function will

36
00:02:33,110 --> 00:02:34,650
return True and False True.

37
00:02:34,670 --> 00:02:37,850
If the file exists and false if it doesn't exist.

38
00:02:37,880 --> 00:02:41,000
So in this case if it doesn't exist we're going to print

39
00:02:46,430 --> 00:02:49,940
that file doesn't exist.

40
00:02:49,940 --> 00:02:55,430
And we also want to make sure that we all read here slash path in case the user specifies path and not

41
00:02:55,430 --> 00:02:57,200
just the file name.

42
00:02:57,200 --> 00:03:03,470
And then we're going to use this this library in order to exit the program with no one so sees that

43
00:03:03,470 --> 00:03:05,570
exits in case that file doesn't exist.

44
00:03:05,570 --> 00:03:10,030
So the user can actually rerun the program and specify the correct file.

45
00:03:10,190 --> 00:03:15,740
Right now if we did all of this we need to actually proceed with the main part of the program which

46
00:03:15,740 --> 00:03:19,340
is going to be the comparison of the passwords with the same client.

47
00:03:19,670 --> 00:03:25,370
So in order to do that we're going to have to open file first and to open these passwords file we simply

48
00:03:25,370 --> 00:03:30,160
just use the same thing as from the vulnerability scanner which is the statement with the open.

49
00:03:30,200 --> 00:03:36,110
And then we specify the file name in our case it is stored inside the input file variable and then we

50
00:03:36,110 --> 00:03:37,770
open it up for reading.

51
00:03:37,850 --> 00:03:44,060
Once we do that we simply create the file descriptor name which is going to be just file and then we

52
00:03:44,060 --> 00:03:46,550
check all the passwords.

53
00:03:46,550 --> 00:03:47,660
Line by line.

54
00:03:47,660 --> 00:03:55,820
So for each line in file dot read lines and keep in mind that you need to use read line with s and the

55
00:03:55,820 --> 00:04:01,700
results of read line but read line will only read character one by one and one to make sure we read

56
00:04:01,700 --> 00:04:03,770
lines so we read line by line.

57
00:04:03,770 --> 00:04:04,990
All right.

58
00:04:05,120 --> 00:04:08,240
Once it reads the line that line will be a password.

59
00:04:08,240 --> 00:04:12,220
And we're going to set it so password equals line.

60
00:04:12,560 --> 00:04:18,140
And that line we want to strip out any character that we don't need for example the new line character

61
00:04:18,410 --> 00:04:20,630
we don't really need it inside of the string.

62
00:04:20,630 --> 00:04:25,580
So we're going to strip any unnecessary thing and store it in a new variable that we just created which

63
00:04:25,580 --> 00:04:27,670
is going to be called password.

64
00:04:27,680 --> 00:04:28,270
All right.

65
00:04:28,670 --> 00:04:35,840
Once we have the password ready to test then we can simply just try to connect with that password.

66
00:04:35,840 --> 00:04:41,740
And in order to do that we're going to use a function as a sage underscore woops as the sage underscore

67
00:04:41,750 --> 00:04:46,190
connect with these specified password.

68
00:04:46,190 --> 00:04:50,250
Now you might notice right away that this is Red underline.

69
00:04:50,660 --> 00:04:55,810
And the reason why this red underlined is because this function doesn't even exist.

70
00:04:55,850 --> 00:04:58,360
Now you might be asking why are we using it if it doesn't exist.

71
00:04:58,370 --> 00:05:02,120
Well we're going to code it in the next video and inside of this function.

72
00:05:02,120 --> 00:05:07,670
We're going to use the parameter library in order to automate the search connection to the target.

73
00:05:07,670 --> 00:05:08,100
All right.

74
00:05:08,120 --> 00:05:13,040
So that would be about it for this tutorial and I will see you in the next lecture by.