Server password bruteforcing

I spent the last two days working on a method for stealing server admin passwords. I figured if I used the altis life database injection that I talked about in my previous post I could inject a server and have the bruteforce run for weeks on end until it finds the admin password.

The first problem in this project is how can I check if a password is the correct admin password?
Well, thanks to Bohemia Interactive, I didn’t have to spend to much time searching. The wiki page for serverCommand clearly documents under it’s Alternative Syntax that the function returns TRUE if the password is valid.

Great! Now I can check if a password is correct, all I need now is a password generator function that will iterate through all possible server passwords. I am actually quite embarrassed by how long this took me to make, I was very tired when I first attempted it….

To start off I would be needing a list of all possible password characters. This is what I included to be broad enough and not too specific.
This is the main generation block. This is what checks the passwords and iterates through the possible combinations. I strongly urge anyone interested in this topic to read over this block and understand it on their own.
In the block you can see I used profileNamespace. I use this to store the last checked letters. If the server reboots or is shut down I need to save my bruteforce progress so I can pick back up close to where I left off. I also use the reverse command to check the generated password both forwards and backwards. If the server has a password like “zaaa” it will take a lot longer to bruteforce than “aaaz”, therefore I check both in order to speed up the checking progress.

If you are a server admin I strongly suggest you increase your server password security. Bruteforcing and Dictionary attacks could become quite common.

If anyone from Bohemia Interactive is reading this, I strongly urge you to think over what you were doing when you decided not to implement a bad-password limit to serverCommand. Things like this are the reason the “createUnit RE” bug was so prevalent and basically made your game unplayable. I also hope you fire some of the script developers. The number of flaws inside the games own script functionality is beyond embarrassing and is currently leading to some Game-Ruining flaws that any AAA game should not have after this many years.

Liked it? Take a second to support Lystic on Patreon!
About Lystic 19 Articles
ArmA Scripter. Former cheater. Always have security in mind.

1 Comment on Server password bruteforcing

  1. Whats the avg. crack time ? most arma servers run on 4790k so they have the Ghz to brute force 🙁

    And yes the Arma engine is so broken

Comments are closed.