Need to break into a program
I have a very old patient management system and one of the reporting tools requires a password. Unfortunately, no one remembers it. I need a brute force method to crack it.
The password isn't any longer than 8 characters, doesn't contain any symbols, and is not case sensitive (nice security for a medical program, but like I said, it's old :rolleyes:)
If I bring up the password box, it will happily let me enter password after password until the end of time. It's like this program was made to be brute force attacked.
I need to be able to:
enter a word programmatically into the dialog box
press enter or click the OK box
close the failed password message box
rinse and repeat until the failed message box fails to appear
Any suggestions?
Re: Need to break into a program
Think about what you are really asking on an anonymous message board? You should contact the company that created the software.
Re: Need to break into a program
Is the very old system written in .Net? If it is, you could always decompile it, as the password is clearly hardcoded. Otherwise, you would need to get the handle of the password dialog window, and use the send message API to feed it passwords and programmatically click the button, then check each time if the window is still there.
Passwords under 9 characters make brute-forcing feasible, so it will simply become a matter of churning out passwords and passing them to the window.
Re: Need to break into a program
The company doesn't exist anymore dbasnett, there is no one to call. If someone thinks I'm trying to do something illicit and decides not to help me, then so be it. I certainly wouldn’t want anyone to do something they were uncomfortable with.
MaximilianMayrhofer, it's not .NET, the program is more than 20 years old at this point.
I've figured out how to use
Code:
ProcID = Shell("q:\bin\prorun.exe", AppWinStyle.NormalFocus)
and sendkeys to send passwords, press the enter button 2 twice to try the password and to close the failed password box, then it sends a series of backspace commands to delete the failed password.
This would probably work well enough to get me in over the weekend, but if possible, I'd like to actually ID the password incase I need this function again. We are moving to a new system, and this will probably be the last reporting period were I need access to this function, but you never know.
How can I get the handle of the dialog window and how can I test if it came back after entering a password?
Re: Need to break into a program
Quote:
Originally Posted by
KMDcomp
I have a very old patient management system and one of the reporting tools requires a password. Unfortunately, no one remembers it. I need a brute force method to crack it.
The password isn't any longer than 8 characters, doesn't contain any symbols, and is not case sensitive (nice security for a medical program, but like I said, it's old :rolleyes:)
If I bring up the password box, it will happily let me enter password after password until the end of time. It's like this program was made to be brute force attacked.
I need to be able to:
enter a word programmatically into the dialog box
press enter or click the OK box
close the failed password message box
rinse and repeat until the failed message box fails to appear
Any suggestions?
As far as I'm aware, we cannot discuss such a topic. Even though this is for a seemingly legitimate purpose, the knowledge could be used maliciously.
Re: Need to break into a program
Weirddemon is right, but if you take what you already know, and combine that with the GetWindowText() API, you should be able to finish it.
