228

Bruteforce IRL

So I recently bought my first house (yay!).

Whilst doing the initial viewings I saw the below on the backyard and thought "hey that's neat, I can leave a key in there for when I come in late and my fiancée is asleep.

Fast forward to moving in day and the previous owners hand me the keys so I ask "oh yeah, what's the code for the keysafe" and he just looks at me completely blank, so I'm just like "the box on the wall out back" and he's just like "oh! So that's what that is. No we've never had the code for that, bye."

Being a pen tester I'm just stood there dumbfounded thinking "How the hell can you have a locked box attached to your house and not want to know what is inside!"

Anyway, that brings us to now where I'm stood outside in December on a Sunday morning brute forcing my way into my own keysafe.

I wish this didn't run so many parallels with my work life 😂

Comments
  • 75
    On the other hand you are going to find out how much time it will need to potential intruder to get your door key.
  • 41
    @lig1 currently it's about an hour and I'm wondering if there even is a code or whether this is just an elaborate practical joke.

    Either way I live in rural Derbyshire. I've left my iPhone on top of my car all night before and come back in the morning and it was still there.
  • 47
    @SirusAmory you never know. Some people live for years with old Joomla versions on their sites and then suddenly...
  • 4
    So what was inside?
  • 2
    Commenting to see your results
  • 11
    Try 1337
  • 2
    Also commenting for the results.
  • 1
    Again commenting for result
  • 9
    The code will probably be 9999 in the end...
  • 4
    Did you find 1kg of pure gold? That would be cool
  • 15
    And he later found out that the open button is broken.
  • 2
    Don't give up 😃
  • 1
  • 1
    Commenting for the result too 😃
  • 1
  • 1
  • 1
    Still bruteforcing? =D
  • 1
  • 21
    First try all the 0000/..., 1234/... and 9876/... combinations.

    If that doesn't work push the button/lever to the open position and start rotating the dials until you sense a digit acting differently consistently.

    These boxes are mostly crap (the combination locks even crappier) and even a high quality one will just attract thieves who may have the strength or the tool to open it in no time.

    If you want a key for emergencies buy a small aluminium rod, make/attach a hook on one end and secure the key on the other. Then push it in the ground in your garden or somewhere close by so it's below the surface, no-one can easily see you mess with it and you can remember its position (third brick from the right, under that window, etc).
  • 2
    doot
  • 16
    I bet you'll find a note saying:

    "This was the first place I looked for keys.
    -The Thief"
  • 8
    I know the code. I demand unlimited coffee in return and a job.
  • 2
    I did that on a 3-digit lock. Took about 20 minutes or about 1.5 seconds per combination.
  • 9
    This is gonna turn into an imgur/reddit what's in the safe!
  • 6
    You deserve a stress ball for all that work. ++ it everyone.
  • 48
    There was a key in it.

    I have no idea what I was expecting 😂
  • 1
  • 8
    You're going to need a raspberry pi, five servos,a ball point pen and a few rubber bands.
  • 1
  • 44
    Sorry for keeping you guys in the dark so long. Honestly didn't expect this to get followed by so many people.

    It finally cracked at 5359. About three hours work all in (accounting for me going inside to warm my hands up on some coffee periodically).
  • 4
    @amahlaka I probably would've done too if I'd got to 9999 without success
  • 1
    @amahlaka Hammertime!
  • 2
    @SirusAmory anything fun inside it? Spiders, candy, peach schnapps?
  • 2
    @SirusAmory How could you not tell us what's in there?😱 Don't be so cruel!
  • 2
    @toXel check the comments ;)
  • 16
    @SirusAmory If you move, remember to change the code to 0666, place a picture of Baphomet inside the safe and tell the new residents that you don't know the code.
  • 0
    What was inside?!?!
  • 5
    Is there any way you can make a physical honeypot? 🤔
  • 11
    @g-m-f Well we are not exactly the most dangerous people around too, so I guess that's a good idea.
    Even if they come to steal something after all. If you leave Arch Linux halfway through installation they will take the bait and work on it till morning.
  • 1
    @stable-penguin pretty sure I could, but it'd probably constitute a felony
  • 0
    Grats on the house
  • 2
    @SirusAmory always start in the middle and work outwards
  • 14
    @SirusAmory No. A physical honeypot, as in lets say a key that is marked "inner door" (but fits nowhere) on a double door house*, and then the lockbox wired to a silent 24h zone on your alarm panel, isn't illegal.

    Also place a paper on the window sill, visible from outer through he window, with "keybox code: 1234", so it looks like you accidentially forgot the paper there. (change code to 1234).

    * So the burgular starts attacking the outer door beliving the inner door will be "free", but will instead be picked up by the police because the alarm was tripped early.
  • 0
    Commenting for results also
  • 2
    @JakeHL dude. The results are already there. Look in the comments.
  • 0
    @darksideplease
    Ahh thanks! I had a quick skim, must have missed it.
  • 0
    Try using a lock-picking technique. It's faster 🙂
  • 0
    I really don't understand. Do you not carry your own set of keys from your own house? Why is it easier to store it outside of your house in a box than just putting it in your pocket and carry it around?
  • 2
    Post a job offering asking for degrees in padlocks and experience with bruteforce, gardening, electricity, architect and plumber and that also speaks 4 languages natively to bruteforce your keypad. Oh and don't forget offer them an internship and tell them if you like his job that you'll hire him for future jobs where'll get paid...
  • 0
    Any update for the curious? :D
  • 3
    @Dotwo Did you read the posts above?
Add Comment