v28i110: crack - The Unix Password Cracker, version 4.1, Part01/05
Alec David Muffett
Posting-number: Volume 28, Issue 110
Archive-name: crack/part01
Environment: UNIX
Supersedes: crack: Volume 25, Issue 5-9
This is Crack v4.1, the "Sensible" Unix Password Cracker.
- Documentation is in the directory 'Docs' - go for it...
dicts.rules is now up to 240 entries, mostly thanks to mycroft @
gnu.ai.mit.edu; don't lose heart, its not as bad as all that... 3 weeks
of CPU isn't all that long, really... Seriously, most of the rules
generate really small dictionaries, so it's not all that bad. 8-)
There are several additions to the dictionary rules, notably the
character class commands and the i, o, = and @ commands.
Use of "Crack -R" (as opposed to "Crack -r") is not recommended until I
write v5.0, unless you know exactly what you're doing and why it bombs
out on you...
Also, Crack now fully supports UFC (the latest version of which is to be
posted concurrently with Crack v4.1) - all you should have to do is
unpack the latest version of UFC into the directory
ufc-crypt
which you should create in the Crack installation directory. The
program should do the rest.
--
|+ Alec David Edward Muffett, Unix Programmer and Unemployed Coffee Drinker. +|
|> a...@aber.ac.uk a...@uk.ac.aber aem%ab...@ukacrl.bitnet mcsun!ukc!aber!aem <|
| "I didn't invent the Unix Password Security problem. I just optimised it." |
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 1 (of 5)."
# Contents: BUGS DictSrc DictSrc/jargon Dicts Docs MANIFEST README
# Runtime Scripts Scripts/RCrack Scripts/clean Scripts/crack.mf
# Scripts/do_install Scripts/do_join Scripts/do_pwc Scripts/do_ufc
# Scripts/gecos.rules Scripts/guess2fbk Scripts/install.mf
# Scripts/mrgfbk Scripts/nastygram Scripts/network.conf
# Scripts/plaster Scripts/saltcount Scripts/shadmrg Scripts/spotless
# Scripts/status Sources Sources/Makefile Sources/bytesex.c
# Sources/conf.h Sources/crack-glob.c Sources/crack-glob.h
# Sources/crack-supp.c Sources/crack.h Sources/speeds.c
# Sources/tester.c Sources/testrule.c TODO
# Wrapped by aem@aberfa on Wed Mar 18 14:08:25 1992
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'BUGS' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'BUGS'\"
else
echo shar: Extracting \"'BUGS'\" \(1112 characters\)
sed "s/^X//" >'BUGS' <<'END_OF_FILE'
XBugs as of 1 Mar 1992:-
X
X* Crack: is known to occasionally hang during a "Crack -network" whilst
Xrshing from machine to machine on some architectures. It's a persistent
Xproblem at some sites, when Crack rsh'es to a particular machine and
Xstays there, and thus never calls the next machine.
X
XFIX: mark machines that hang Crack with the "-f" option in network.conf
Xfile, then the 'rsh' will be backgrounded and Crack will continue to the
Xnext machine. The tweak in Crack v4.1 to close descriptors 0->9 on all
Xmachines (esp Apollos) may help this.
X
X* Beta testers on DEC 5500s have reported crack-pwc crashing when
Xcompiled with the optimiser. This apparently doesn't happen using GCC
Xor when optimisation is turned off (heisenbug?)
X
XBe warned.
X
X* Earlyish System V type systems will have problems if the environment
Xvariable SHELL is not set to "/bin/sh" - this is because SV will
Xblithely ignore the "#!/bin/sh" line and invoke a csh anyway, if thats
Xwhat you prefer.
X
XThis is probably most easily diagnosed when Crack bails out like this:
X
X CRACK_HOME=/your/crack/directory: Command not found.
X
X- or similar.
END_OF_FILE
if test 1112 -ne `wc -c <'BUGS'`; then
echo shar: \"'BUGS'\" unpacked with wrong size!
fi
# end of 'BUGS'
fi
if test ! -d 'DictSrc' ; then
echo shar: Creating directory \"'DictSrc'\"
mkdir 'DictSrc'
fi
if test -f 'DictSrc/jargon' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'DictSrc/jargon'\"
else
echo shar: Extracting \"'DictSrc/jargon'\" \(3677 characters\)
sed "s/^X//" >'DictSrc/jargon' <<'END_OF_FILE'
X# From: eric%snark.thyrsus.com%cbm...@net.UU.uunet (Eric S. Raymond)
X# Subject: improved Jargon File wordlist for crack 4.0
X# Eric S. Raymond = er...@snark.thyrsus.com (mad mastermind of TMN-Netnews)
XACK
XALT
XAOS
XBBS
XBFI
XBIFF
XBITNET
XBLT
XBOF
XBQS
XBRS
XBSD
XBWQ
XBartleMUD
XBerzerkeley
XBiCapitalization
XCI
XCLM
XCTY
XDDT
XDEADBEEF
XDEChead
XDP
XDPB
XDPer
XDRECNET
XDWIM
XDiscordianism
XEMACS
XENQ
XEOL
XEOU
XEXCH
XEXE
XEris
XFAQL
XFOAF
XFOD
XFTP
XFUBAR
XFUD
XFidoNet
XFoonly
XFortrash
XGC
XGECOS
XGFR
XGIGO
XGIPS
XGNUMACS
XGOSMACS
XGPL
XGPV
XGodzillagram
XGosperism
XHAKMEM
XHCF
XHHOK
XHHOS
XHLL
XHackintosh
XIMHO
XINTERCAL
XIRC
XIWBNI
XIYFEG
XJEDR
XJFCL
XJRST
XK&R
XKIPS
XLDB
XLER
XLERP
XLN
XLPT
XMEGO
XMFTL
XMIPS
XMOTAS
XMOTOS
XMOTSS
XMacintoy
XMacintrash
XMoof
XNAK
XNMI
XNeWS
XPBD
XPD
XPETSCII
XPOM
XPOPJ
XPPN
XPerl
XQWERTY
XRETI
XRFC
XRFE
XRL
XRSN
XRTFAQ
XRTFM
XRTI
XRTM
XSCSI
XSMOP
XSPACEWAR
XSysVile
XTCB
XTECO
XTELNET
XTLA
XTMRC
XTWENEX
XTeX
XTechRef
XUBD
XUSENET
XUTSL
XUUCPNET
XVAXectomy
XVAXen
XVMS
XVR
XWIBNI
XWOMBAT
XWYSIAYG
XWYSIWYG
XWeenix
XXOFF
XXXX
XYABA
XYAUN
XZork
Xabbrev
Xadger
Xadmin
Xannoybot
Xapp
Xattoparsec
Xautobogotiphobia
Xavatar
Xawk
Xbagbiter
Xbamf
Xbarf
Xbarfulation
Xbarfulous
Xbaz
Xbboard
Xberklix
Xbiff
Xbignum
Xbitblt
Xbixie
Xblargh
Xbletch
Xbletcherous
Xblinkenlights
Xblit
Xblitter
Xblivet
Xbogometer
Xbogon
Xbogosity
Xbogotify
Xboink
Xbonk
Xboxen
Xboxology
Xbozotic
Xbraino
Xbreedle
Xbroket
Xbuglix
Xbytesexual
Xcareware
Xcdr
Xchad
Xchanop
Xcharityware
Xclustergeeking
Xcodewalker
Xcokebottle
Xcomputron
Xcondom
Xcopybroke
Xcopyleft
Xcopywronged
Xcorge
Xcray
Xcrayola
Xcrippleware
Xcrlf
Xcrudware
Xcruft
Xcruftsmanship
Xcrufty
Xcryppie
Xcuspy
Xcybercrud
Xcyberpunk
Xcyberspace
Xdaemon
Xdd
Xdeckle
Xdehose
Xdelint
Xdepeditate
Xdevo
Xdink
Xdoc
Xdoco
Xdodgy
Xdogcow
Xdogwash
Xdongle
Xdonuts
Xdoorstop
Xdroid
Xdynner
Xemail
Xemoticon
Xerve
Xexcl
Xfab
Xfeaturectomy
Xfeep
Xfeeper
Xfilk
Xfinn
Xfirebottle
Xfirefighting
Xfirmy
Xflamage
Xflarp
Xflippy
Xflytrap
Xfollowup
Xfoo
Xfoobar
Xfora
Xfred
Xfrednet
Xfreeware
Xfriode
Xfritterware
Xfrob
Xfrobnicate
Xfrobnitz
Xfrotz
Xfrotzed
Xfrowney
Xfuggly
Xfuzzball
Xgabriel
Xgarply
Xgeef
Xgen
Xgensym
Xgillion
Xglark
Xglassfet
Xglork
Xgnarly
Xgonk
Xgonkulator
Xgonzo
Xgorp
Xgotcha
Xgrault
Xgritch
Xgrok
Xgronk
Xgronked
Xgrunge
Xgubbish
Xguiltware
Xgumby
Xgunch
Xgurfle
Xgweep
Xhackish
Xhackishness
Xhackitude
Xhakspek
Xhandwave
Xhardcoded
Xhardwarily
Xhardwired
Xheisenbug
Xhexit
Xhing
Xhobbit
Xhungus
Xi14y
Xi18n
Xinitgame
Xjupiter
Xkahuna
Xkgbvax
Xklone
Xkluge
Xkremvax
Xkyrka
Xlaundromat
Xlegalese
Xletterbomb
Xlexiphage
Xlivelock
Xliveware
Xlossage
Xluser
Xmacdink
Xmachoflops
Xmacrology
Xmacrotape
Xmaggotbox
Xmandelbug
Xmarketroid
Xmartian
Xmeatware
Xmeeces
Xmeg
Xmegapenny
Xmeme
Xmemetics
Xmenuitis
Xmeta
Xmickey
XmicroLenat
Xminifloppies
Xmoby
Xmoria
Xmouso
Xmudhead
Xmultician
Xmumblage
Xmunchkin
Xnano
Xnanoacre
Xnanobot
Xnanocomputer
Xnanofortnight
Xnanotechnology
Xnastygram
Xneophilia
Xnetburp
Xnetdead
Xnethack
Xnetiquette
Xnetlag
Xnetnews
Xnetrock
Xnewbie
Xnewsfroup
Xnewsgroup
Xnickle
Xnoddy
Xnooze
Xnotwork
Xnuke
Xnybble
Xnyetwork
Xoffline
Xoif
Xooblick
Xop
Xparam
Xparm
Xpayware
Xpdl
Xperf
Xphreaking
Xplayte
Xplingnet
Xplokta
Xplonk
Xplugh
Xpnambic
Xprestidigitization
Xprettyprint
Xproglet
Xpsychedelicware
Xpsyton
Xques
Xquux
Xqux
Xravs
Xregexp
Xretcon
Xretrocomputing
Xrot13
Xsagan
Xsalescritter
Xsalsman
Xsandbender
Xscrewage
Xscrog
Xscrool
Xscrozzle
Xsegfault
Xseggie
Xsegv
Xshareware
Xshelfware
Xshitogram
Xshowstopper
Xsitename
Xskrog
Xslopsucker
Xsmiley
Xsmurf
Xsnarf
Xsneakernet
Xsnivitz
Xsoftcopy
Xsoftwarily
Xsofty
Xspam
Xspl
Xspooge
Xstiffy
Xstubroutine
Xstudlycaps
Xsysadmin
Xsysop
Xtayste
Xterminak
Xterpri
Xthinko
Xthunk
Xtinycrud
Xtoeprint
Xtoto
Xtrit
Xtty
Xtunafish
Xturist
Xtwink
Xtwonkie
Xupload
Xupthread
Xvadding
Xvannevar
Xvaporware
Xvar
Xvaxherd
Xvaxism
Xvaxocentrism
Xvdiff
Xveeblefester
Xverbage
Xvgrep
Xvideotex
Xwabbit
Xwaldo
Xwango
Xwank
Xwannabee
Xwedgie
Xwedgitude
Xweeble
Xweenie
Xwetware
Xwhalesong
Xwhizzy
Xwinkey
Xwinnage
Xwinnitude
Xwirehead
Xwonky
Xworkaround
Xxor
Xxref
Xxyzzy
Xzen
Xzigamorph
Xzipperhead
Xzorch
Xzorkmid
END_OF_FILE
if test 3677 -ne `wc -c <'DictSrc/jargon'`; then
echo shar: \"'DictSrc/jargon'\" unpacked with wrong size!
fi
# end of 'DictSrc/jargon'
fi
if test ! -d 'Dicts' ; then
echo shar: Creating directory \"'Dicts'\"
mkdir 'Dicts'
fi
if test ! -d 'Docs' ; then
echo shar: Creating directory \"'Docs'\"
mkdir 'Docs'
fi
if test -f 'MANIFEST' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'MANIFEST'\"
else
echo shar: Extracting \"'MANIFEST'\" \(2395 characters\)
sed "s/^X//" >'MANIFEST' <<'END_OF_FILE'
X File Name Archive # Description
X-----------------------------------------------------------
X APPENDIX 2 miscellaneous information
X BUGS 1 list of recent bugs and possible fixes
X Crack 2 crack driver shellscript
X DictSrc 1 directory
X DictSrc/bad_pws.dat 2 example extra dictionary
X DictSrc/jargon 1 jargon dictionary contributed by ESR
X Dicts 1 empty directory
X Docs 1 directory
X Docs/readme.ms 4 coarse nroff -ms format documentation
X Docs/readme.txt 5 ascii format documentation
X LICENCE 2 licence document
X MANIFEST 1 THIS FILE
X README 1 EVERYBODY START HERE
X Runtime 1 empty directory
X Scripts 1 scripts directory
X Scripts/Crack.network 2 network driver script
X Scripts/RCrack 1 interface to 'rsh', 'remsh' - whatever
X Scripts/clean 1 tidy-up script
X Scripts/crack.mf 1
X Scripts/dicts.rules 2 rules applied to dictionary words
X Scripts/do_install 1
X Scripts/do_join 1
X Scripts/do_pwc 1
X Scripts/do_ufc 1
X Scripts/gecos.rules 1 rules applied to gecos-generated words
X Scripts/guess2fbk 1 crash recovery script (see docs)
X Scripts/install.mf 1
X Scripts/mrgfbk 1
X Scripts/nastygram 1
X Scripts/network.conf 1
X Scripts/plaster 1 crack control script
X Scripts/saltcount 1
X Scripts/shadmrg 1
X Scripts/spotless 1 tidy up and delete script
X Scripts/status 1
X Sources 1 source code directory
X Sources/Makefile 1
X Sources/bytesex.c 1
X Sources/conf.h 1 configuration header file
X Sources/crack-fcrypt.c 4
X Sources/crack-glob.c 1
X Sources/crack-glob.h 1
X Sources/crack-lib.c 3
X Sources/crack-pwc.c 3 password cracker main file
X Sources/crack-sort.c 2
X Sources/crack-supp.c 1
X Sources/crack.h 1
X Sources/speeds.c 1 benchmark program
X Sources/tester.c 1 fcrypt compatibility program
X Sources/testrule.c 1 dictionary tester program
X TODO 1 List of good ideas I _already_ have
END_OF_FILE
if test 2395 -ne `wc -c <'MANIFEST'`; then
echo shar: \"'MANIFEST'\" unpacked with wrong size!
fi
# end of 'MANIFEST'
fi
if test -f 'README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'README'\"
else
echo shar: Extracting \"'README'\" \(1243 characters\)
sed "s/^X//" >'README' <<'END_OF_FILE'
XThis is Crack v4.1, the "Sensible" Unix Password Cracker.
X
X- Documentation is in the directory 'Docs' - go for it...
X
Xdicts.rules is now up to 240 entries, mostly thanks to mycroft @
Xgnu.ai.mit.edu; don't lose heart, its not as bad as all that... 3 weeks
Xof CPU isn't all that long, really... Seriously, most of the rules
Xgenerate really small dictionaries, so it's not all that bad. 8-)
X
XThere are several additions to the dictionary rules, notably the
Xcharacter class commands and the i, o, = and @ commands.
X
XUse of "Crack -R" (as opposed to "Crack -r") is not recommended until I
Xwrite v5.0, unless you know exactly what you're doing and why it bombs
Xout on you...
X
XAlso, Crack now fully supports UFC (the latest version of which is to be
Xposted concurrently with Crack v4.1) - all you should have to do is
Xunpack the latest version of UFC into the directory
X
X ufc-crypt
X
Xwhich you should create in the Crack installation directory. The
Xprogram should do the rest.
X
XHappy cracking !
X
X--
X|+ Alec David Edward Muffett, Unix Programmer and Unemployed Coffee Drinker. +|
X|> a...@aber.ac.uk a...@uk.ac.aber aem%ab...@ukacrl.bitnet mcsun!ukc!aber!aem <|
X| "I didn't invent the Unix Password Security problem. I just optimised it." |
END_OF_FILE
if test 1243 -ne `wc -c <'README'`; then
echo shar: \"'README'\" unpacked with wrong size!
fi
# end of 'README'
fi
if test ! -d 'Runtime' ; then
echo shar: Creating directory \"'Runtime'\"
mkdir 'Runtime'
fi
if test ! -d 'Scripts' ; then
echo shar: Creating directory \"'Scripts'\"
mkdir 'Scripts'
fi
if test -f 'Scripts/RCrack' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/RCrack'\"
else
echo shar: Extracting \"'Scripts/RCrack'\" \(3370 characters\)
sed "s/^X//" >'Scripts/RCrack' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# For those ignorant of 'rsh', what I am trying to build is a line of
X# the form
X# rsh hostname [-n] [-l remoteuser] command [args ...]
X#
X###
X
Xmachine=`(uname) 2>&1` # What architecture are we on ?
X
X###
X# Map architecture to rsh-equivalent...
X###
X
Xcase $machine in
X "HP*UX") # Hewlett Packard boxen
X remote_shell="remsh"
X ;;
X# "XENIX"|"Xenix") # Just a suggestion...
X# remote_shell="rcmd"
X# ;;
X *) # default
X remote_shell="rsh"
X ;;
Xesac
X
X###
X# Are we going to kick rsh into the background, or are we going to
X# background the thing on the remote end ?
X###
X
Xasynch_mode=""
X
Xif [ "x$1" = "x-asynch" ]
Xthen
X echo "(asynchronous $remote_shell mode)"
X asynch_mode="$1"
X shift
Xelse
X echo "(remotely backgrounded mode)"
Xfi
X
X###
X# Segments of input data to read.
X###
X
Xstartline=$1
Xshift
Xstopline=$1
Xshift
X
Xdatafile=/tmp/rcrk.$$ # temporary data file
X
X###
X# Awk reads from stdin... Create an input file for rsh...
X###
X
Xawk -F: '
XBEGIN {
X usercount = 0;
X saltcount = 0;
X startsalt = '"$startline"';
X stopsalt = '"$stopline"';
X}
X
X{
X if (substr($3, 1, 2) != last)
X {
X saltcount++;
X last = substr($3, 1, 2);
X }
X
X if (saltcount >= startsalt && saltcount <= stopsalt)
X {
X usercount++;
X print $0;
X }
X}' > $datafile
X
X###
X# Test that we should actually bother to do anything.
X###
X
Xnumlines=`wc -l < $datafile`
X
X###
X# Must not quote $numlines here for comparison to work
X###
X
Xif [ $numlines = 0 ]
Xthen
X echo "RCrack: Nothing left to dispatch to remote host."
X rm -f $datafile
X exit 0
Xelse
X echo Salted Segment comprises $numlines users # Don't quote this...
Xfi
X
X###
X# Now for the important bits. Create a diefile pointing to a remote diefile
X# (It's easier to get Crack.network to wire $remotediefile into arglist)
X###
X
Xremhost=$1 # Name of remote host ($2 == Crack path)
Xremotediefile=$3 # Name of remote diefile
Xlocaldiefile=Runtime/DR$remhost$$ # Local pointer to above
X
Xawk -F: '
XBEGIN {
X rshell = "'"$remote_shell"'";
X rhost = "'"$remhost"'";
X rdie = "'"$remotediefile"'";
X rdie = substr(rdie,3,length(rdie) - 2);
X}
X
X$1 == rhost {
X if ($4 != "")
X {
X rshf = "-l " $4 " -n";
X } else
X {
X rshf = "-n";
X }
X if ($5 != "")
X {
X nf = split($5, path, "/");
X ch = path[1];
X for (i = 2; i < nf; i++)
X {
X ch = ch "/" path[i];
X }
X } else
X {
X ch = "'"$CRACK_HOME_UNRES"'";
X }
X}
X
XEND {
X print "#!/bin/sh";
X print "rm $0 && " rshell, rhost, rshf, "\"cd " ch ";" rdie "\"";
X}' < Scripts/network.conf > $localdiefile
X
Xchmod 700 $localdiefile
X
Xif [ "x$asynch_mode" = "x-asynch" ]
Xthen
X if [ "x$CRACK_OUT" != "x" ]
X then
X outfile=$CRACK_OUT/out.r$$
X else
X outfile=./out.r$$
X fi
X
X # 'rsh' traps SIGHUP and survives OK
X
X echo "Invoking: $remote_shell $@ <$datafile >$outfile 2>&1 && rm -f $datafile $localdiefile &"
X $remote_shell "$@" <$datafile >$outfile 2>&1 && rm -f $datafile $localdiefile &
Xelse
X # Perfectly ordinary network crack.
X echo "Invoking: $remote_shell $@ < $datafile"
X $remote_shell "$@" < $datafile
X rm -f $datafile
Xfi
X
Xexit 0
END_OF_FILE
if test 3370 -ne `wc -c <'Scripts/RCrack'`; then
echo shar: \"'Scripts/RCrack'\" unpacked with wrong size!
fi
chmod +x 'Scripts/RCrack'
# end of 'Scripts/RCrack'
fi
if test -f 'Scripts/clean' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/clean'\"
else
echo shar: Extracting \"'Scripts/clean'\" \(447 characters\)
sed "s/^X//" >'Scripts/clean' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xmake -f Scripts/crack.mf clean
X
Xexit 0
END_OF_FILE
if test 447 -ne `wc -c <'Scripts/clean'`; then
echo shar: \"'Scripts/clean'\" unpacked with wrong size!
fi
chmod +x 'Scripts/clean'
# end of 'Scripts/clean'
fi
if test -f 'Scripts/crack.mf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/crack.mf'\"
else
echo shar: Extracting \"'Scripts/crack.mf'\" \(315 characters\)
sed "s/^X//" >'Scripts/crack.mf' <<'END_OF_FILE'
XSRCDIR= Sources
XBIGDICT= Dicts/bigdict
XUFCDIR= ufc-crypt
X
Xall:
X @echo CALL TO CRACK.MF WITH NO TARGET
X
Xspotless: clean
X -rm -f out.* $(BIGDICT)* Dicts/.lock*
X -Scripts/mrgfbk
X
Xclean:
X -rm -f Runtime/D* Runtime/P* Runtime/RD* tmp.* nohup.out
X -( cd $(SRCDIR) && make clean )
X -( cd $(UFCDIR) && make clean )
END_OF_FILE
if test 315 -ne `wc -c <'Scripts/crack.mf'`; then
echo shar: \"'Scripts/crack.mf'\" unpacked with wrong size!
fi
# end of 'Scripts/crack.mf'
fi
if test -f 'Scripts/do_install' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/do_install'\"
else
echo shar: Extracting \"'Scripts/do_install'\" \(759 characters\)
sed "s/^X//" >'Scripts/do_install' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xcrack_arch=$1
X
X###
X# Is there a binaries directory ?
X###
X
Xif [ ! -d $crack_arch ]
Xthen
X mkdir $crack_arch || exit 1
Xfi
X
Xcd $crack_arch || exit 1 # Can we get there from here ?
X
X###
X# Install makefiles in our directory if necessary.
X###
X
Xif [ ! -f Makefile ]
Xthen
X cp $CRACK_HOME/Scripts/install.mf Makefile || exit 1
Xfi
X
Xexit 0
END_OF_FILE
if test 759 -ne `wc -c <'Scripts/do_install'`; then
echo shar: \"'Scripts/do_install'\" unpacked with wrong size!
fi
chmod +x 'Scripts/do_install'
# end of 'Scripts/do_install'
fi
if test -f 'Scripts/do_join' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/do_join'\"
else
echo shar: Extracting \"'Scripts/do_join'\" \(1910 characters\)
sed "s/^X//" >'Scripts/do_join' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# Empty the output file, Error if cannot create
X###
X
Xwarn=$1
Xshift
Xcp /dev/null $warn || exit 1
X
X###
X# Have we got feedback ?
X###
X
Xfbkfiles=`sh -c "echo Runtime/F*"`
Xif [ "$fbkfiles" = "Runtime/F*" ]
Xthen
X fbkfiles=""
Xfi
X
X###
X# As Walt Disney would say, we start with a simple bracket:-
X###
X
X(
X if [ "$fbkfiles" != "" ]
X then
X cat $fbkfiles
X fi
X
X (
X for file in $*
X do
X awk '/^[A-Za-z0-9]/ {print "'"$file"':" $0}' < $file
X done
X ) |
X sort -t: +2
X) |
Xawk -F: '
XBEGIN {
X FS = ":";
X numf = 8; # number of fields in a pwent, + 1
X warn="'"$warn"'";
X date = "'"`date`"'";
X date = substr(date, 5, 15);
X}
X
X/^!fb!/ {
X if ($3 == "N")
X {
X guessable[$2] = "N";
X } else if ($3 == "Y")
X {
X guessable[$2] = "Y";
X decrypt[$2] = $4;
X } else
X {
X print "Strange feedback: ", $0 >> "/dev/tty";
X }
X next;
X}
X
XNF != numf {
X printf("join: Rejected '%s': does not have %d fields\n", \
X $0, numf) >> warn;
X next;
X}
X
X$3 == "" {
X printf("join: %s Warning! %s (%s in %s) has a NULL password!\n", \
X date, $2, $7, $1) >> warn;
X next;
X}
X
Xindex($3, "*") != 0 || \
Xindex($3, "!") != 0 || \
Xindex($3, " ") != 0 {
X printf("join: %s User %s (in %s) has a locked password:- %s\n", \
X date, $2, $1, $3) >> warn;
X next;
X}
X
X{
X if (guessable[$3] == "N")
X {
X next;
X } else if (guessable[$3] == "Y")
X {
X if ($4 == 0)
X {
X msg = "ROOT PASSWORD ";
X } else
X {
X msg = "";
X }
X printf("join: %s Guessed %s%s (%s in %s) [%s] %s\n", \
X date, msg, $2, $8, $1, decrypt[$3], $3) >> warn;
X } else
X {
X print $0;
X }
X}'
X
Xexit 0
END_OF_FILE
if test 1910 -ne `wc -c <'Scripts/do_join'`; then
echo shar: \"'Scripts/do_join'\" unpacked with wrong size!
fi
chmod +x 'Scripts/do_join'
# end of 'Scripts/do_join'
fi
if test -f 'Scripts/do_pwc' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/do_pwc'\"
else
echo shar: Extracting \"'Scripts/do_pwc'\" \(658 characters\)
sed "s/^X//" >'Scripts/do_pwc' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xcrack_arch=$1
X
Xif [ ! -d $crack_arch ]
Xthen
X Scripts/do_install $crack_arch || exit 1
Xfi
X
Xcd $crack_arch || exit 1 # Can we get there from here ?
X
X###
X# Make the password cracker
X###
X
Xmake crack-pwc || exit 1
X
X# bye bye
Xexit 0
END_OF_FILE
if test 658 -ne `wc -c <'Scripts/do_pwc'`; then
echo shar: \"'Scripts/do_pwc'\" unpacked with wrong size!
fi
chmod +x 'Scripts/do_pwc'
# end of 'Scripts/do_pwc'
fi
if test -f 'Scripts/do_ufc' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/do_ufc'\"
else
echo shar: Extracting \"'Scripts/do_ufc'\" \(1437 characters\)
sed "s/^X//" >'Scripts/do_ufc' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# This script tries to provide an intelligent hook to the UFC-crypt library
X###
X
Xif [ "x$CRACK_HOME" = "x" ]
Xthen
X CRACK_HOME=".." # for would-be developers in the Sources dir
Xfi
X
XUFCLIB=libufc.a
XSRCDIR=$CRACK_HOME/Sources
XUFCDIR=$CRACK_HOME/ufc-crypt
X
Xrm -f $SRCDIR/libufc.a # just in case
X
Xecho "Looking for UFC-crypt in $UFCDIR"
X
Xif [ ! -d $UFCDIR ]
Xthen
X echo "Cannot find $UFCDIR - cannot use UFC-crypt on this platform"
X exit 1
Xfi
X
Xcd $UFCDIR || exit 1
X
Xecho "Crack: Trying to compile UFC-crypt (external product by Michael Glad)"
Xecho "Crack: Working in $UFCDIR"
X
Xif [ -f libufc.a ]
Xthen
X echo "Library libufc.a exists. Testing viability..."
X rm -f ufc
X make ufc
X if [ $? = 0 ]
X then
X echo "Testing ufc"
X ./ufc 1
X if [ $? = 0 ]
X then
X echo "Crack will use UFC-crypt on this platform"
X exit 0
X fi
X fi
X echo "Library is unviable on this architecture. Remaking"
Xfi
X
Xmake clean || exit 1
X
Xmake ufc || exit 1
X
Xecho "Testing ufc"
X./ufc 1 || exit 1
X
Xecho "Crack WILL use $UFCDIR/libufc.a on this platform."
Xexit 0
END_OF_FILE
if test 1437 -ne `wc -c <'Scripts/do_ufc'`; then
echo shar: \"'Scripts/do_ufc'\" unpacked with wrong size!
fi
chmod +x 'Scripts/do_ufc'
# end of 'Scripts/do_ufc'
fi
if test -f 'Scripts/gecos.rules' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/gecos.rules'\"
else
echo shar: Extracting \"'Scripts/gecos.rules'\" \(693 characters\)
sed "s/^X//" >'Scripts/gecos.rules' <<'END_OF_FILE'
X###
X# Try to avoid redundancy in this file... AEM
X###
X
X>2
X>2/?ul
X>2/?lu
X>2ud
X>2uf
X>2ur
X>2cf
X>2cr
X>2rc
X>2ld
X>2lf
X>2lr
X>2<8c$!
X>2<8c$.
X>2<8c$?
X>2^($)
X
X>2<8$!
X>2<8$.
X>2<8$0
X>2<8$1
X>2<8$2
X>2<8$3
X>2<8$4
X>2<8$5
X>2<8$6
X>2<8$7
X>2<8$8
X>2<8$9
X
X>2<8/?ul$!
X>2<8/?ul$.
X>2<8/?ul$?
X>2<8/?ul$0
X>2<8/?ul$1
X>2<8/?ul$2
X>2<8/?ul$3
X>2<8/?ul$4
X>2<8/?ul$5
X>2<8/?ul$6
X>2<8/?ul$7
X>2<8/?ul$8
X>2<8/?ul$9
X
X>2<8/?lu$!
X>2<8/?lu$.
X>2<8/?lu$?
X>2<8/?lu$0
X>2<8/?lu$1
X>2<8/?lu$2
X>2<8/?lu$3
X>2<8/?lu$4
X>2<8/?lu$5
X>2<8/?lu$6
X>2<8/?lu$7
X>2<8/?lu$8
X>2<8/?lu$9
X
X!?d>2^0
X!?d>2^1
X!?d>2^2
X!?d>2^3
X!?d>2^4
X!?d>2^5
X!?d>2^6
X!?d>2^7
X!?d>2^8
X!?d>2^9
X
X>2/?ul^0
X>2/?ul^1
X>2/?ul^2
X>2/?ul^3
X>2/?ul^4
X>2/?ul^5
X>2/?ul^6
X>2/?ul^7
X>2/?ul^8
X>2/?ul^9
END_OF_FILE
if test 693 -ne `wc -c <'Scripts/gecos.rules'`; then
echo shar: \"'Scripts/gecos.rules'\" unpacked with wrong size!
fi
# end of 'Scripts/gecos.rules'
fi
if test -f 'Scripts/guess2fbk' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/guess2fbk'\"
else
echo shar: Extracting \"'Scripts/guess2fbk'\" \(859 characters\)
sed "s/^X//" >'Scripts/guess2fbk' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# guess2fbk : generates a 'feedback' file on stdout from output format
X# data. On occasions when emergency construction is useful.
X###
X
Xif [ $# = 0 ]
Xthen
X echo "Usage: $0 outputfile [...]"
X exit 1
Xfi
X
X###
X# Had to modify this awk script now that passwords are turning up with spaces
X###
X
Xcat $* |
Xawk '
X/Guessed/{
X start = index($0, "[");
X stop = index($0, "]");
X print "!fb!:" $NF ":Y:" substr($0, start+1, stop - start - 1)
X}
X' |
Xsort |
Xuniq
X
END_OF_FILE
if test 859 -ne `wc -c <'Scripts/guess2fbk'`; then
echo shar: \"'Scripts/guess2fbk'\" unpacked with wrong size!
fi
chmod +x 'Scripts/guess2fbk'
# end of 'Scripts/guess2fbk'
fi
if test -f 'Scripts/install.mf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/install.mf'\"
else
echo shar: Extracting \"'Scripts/install.mf'\" \(726 characters\)
sed "s/^X//" >'Scripts/install.mf' <<'END_OF_FILE'
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
XSD= ../Sources
XSRC1= $(SD)/conf.h $(SD)/crack-fcrypt.c $(SD)/crack-glob.c
XSRC2= $(SD)/crack-glob.h $(SD)/crack-lib.c $(SD)/crack-pwc.c
XSRC3= $(SD)/crack-sort.c $(SD)/crack-supp.c $(SD)/crack.h
XSRCS= $(SRC1) $(SRC2) $(SRC3)
X
Xcrack-pwc: $(SRCS)
X ( cd $(SD) ; make clean )
X ( cd $(SD) ; make crack-pwc.which )
X cp $(SD)/crack-pwc .
END_OF_FILE
if test 726 -ne `wc -c <'Scripts/install.mf'`; then
echo shar: \"'Scripts/install.mf'\" unpacked with wrong size!
fi
# end of 'Scripts/install.mf'
fi
if test -f 'Scripts/mrgfbk' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/mrgfbk'\"
else
echo shar: Extracting \"'Scripts/mrgfbk'\" \(1243 characters\)
sed "s/^X//" >'Scripts/mrgfbk' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# mrgfbk - a shell script to merge all of your feedback files into one
X# before starting a Crack -F on a set of new dictionaries. This program
X# is called from "Scripts/spotless"
X###
X# mrgfbk takes all the feedback files and filters out all the GUESSED
X# passwords, and saves them to a new feedback file. The UNGUESSED
X# passwords are deleted, so that the new dictionaries can have a go at
X# them
X###
X
Xtf=./mfb$$
X
Xecho ""
Xecho "Saving all CRACKABLE passwords.
XDo you also want to save your UNCRACKABLE passwords ?
XAnswer NO if you have changed some rules or modified source dictionaries
X(default: yes) "
X
Xread answer
X
Xcase $answer in
X [Nn]*)
X cat Runtime/F* |
X awk -F: '$3 == "Y"' |
X sort |
X uniq > $tf
X ;;
X *)
X cat Runtime/F* |
X sort |
X uniq > $tf
X ;;
Xesac
X
Xrm -f Runtime/F*
X
Xcp $tf Runtime/F.merged
X
Xrm -f $tf
X
Xexit 0
END_OF_FILE
if test 1243 -ne `wc -c <'Scripts/mrgfbk'`; then
echo shar: \"'Scripts/mrgfbk'\" unpacked with wrong size!
fi
chmod +x 'Scripts/mrgfbk'
# end of 'Scripts/mrgfbk'
fi
if test -f 'Scripts/nastygram' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/nastygram'\"
else
echo shar: Extracting \"'Scripts/nastygram'\" \(1452 characters\)
sed "s/^X//" >'Scripts/nastygram' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xfor username in $*
Xdo
X mail $username <<EndOfLetter
X `date`
X
XDear $username,
X
XThe login password you use for the account "$username" has been found to
Xbe insecure by the "Crack" password guessing program. You must change
Xyour password as soon as possible.
X
XPasswords which are not easily compromised by programs such as "Crack"
Xare based upon non-dictionary words, hence any word which might appear
Xin a dictionary, EVEN IF IT IS SUPPOSEDLY A OBSCURE WORD is unsuitable.
X
XSimilarly, any password which is derived from your name, department or
Xother personal information is unsuitable because it can be easily
Xguessed.
X
XIt is important that password security be maintained at a high level for
Xthe sake of ALL the people who use these computers. We thank you for
Xyour co-operation in this matter.
X
X Yours,
X
X Alec Muffett, Aberystwyth, UK
X pp Your System Administrator
XEndOfLetter
Xdone
END_OF_FILE
if test 1452 -ne `wc -c <'Scripts/nastygram'`; then
echo shar: \"'Scripts/nastygram'\" unpacked with wrong size!
fi
chmod +x 'Scripts/nastygram'
# end of 'Scripts/nastygram'
fi
if test -f 'Scripts/network.conf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/network.conf'\"
else
echo shar: Extracting \"'Scripts/network.conf'\" \(2365 characters\)
sed "s/^X//" >'Scripts/network.conf' <<'END_OF_FILE'
X###
X# Format of this file:-
X###
X#
X# host:binary type:relative power:rsh user:crack path:crack flags:comment
X#
X# host = hostname to 'rsh' to
X# binary type = type of executable to build on this sort of machine
X# relative power = power of host relative to weakest machine
X# rsh user = username to 'rsh -l' to, if not same as current user.
X# crack path = full path name of Crack on host (deft: $CRACK_HOME/Crack)
X# crack flags = additional flags to add to crack command line on that host
X# comment = anything, really, for your reference
X#
X# 1) Don't bother specifying "-F" amongst "crack flags" as the
X# one which you use on the command line will be passed across.
X#
X# 2) You CAN specify "-f" here, to throw the remote password cracker
X# into foreground mode for non-NFS working, but please read the docs
X# thoroughly first.
X###
X# I have specified relative power here as the number of fcrypts per second
X# that each host is (roughly) capable of. This is a perfectly good way to
X# define relative power, but if you are at a loss, call your weakest machine
X# '1', and measure all others in terms of that.
X###
X
X#### Mainframe power boxes
X#aberda:mipsel:600:::-n10: Mainframe Dec 5830
X#aberdb:mipsel:600:::-n10: Mainframe Dec 5830
X##aberdc:mipsel:1200:::: Mainframe DecStation 5000/200
X#aberdq:sun4:1000:::: Mainframe Sun 4/330
X
X#### Some of the CS machines over an rsh link - souped up Sun 3/50s
X##odin:sun3:50::~aem/Crack/Crack:-n10 -f: Computer Science Server
X##thor:sun3:50::~aem/Crack/Crack:-n10 -f: Computer Science Server
X
X#### Colour DECStation 2100's
X#decgca:mipsel:700:::-n4: Graphics Room DecStation 2100
X#decgcb:mipsel:700:::-n4: Graphics Room DecStation 2100
X#decgcc:mipsel:700:::-n4: Graphics Room DecStation 2100
X#decgcd:mipsel:700:::-n4: Graphics Room DecStation 2100
X##decgce:mipsel:700:::-n4: Nigel's 2100 gets switched off nites
X
X#### Monochrome DECStation 2100's
X#decgma:mipsel:700:::-n4: Graphics Room DecStation 2100
X##decgmb:mipsel:700:::-n4:DecStation 2100 cannabalised for parts
X##decgmc:mipsel:700:::-n4: Graphics Room DecStation 2100
X##decgmd:mipsel:700:::-n4: Graphics Room DecStation 2100
X##decgme:mipsel:700:::-n4: Graphics Room DecStation 2100
X
X#### Sun 3/50C's which are barely worth bothering about
X##sunga:sun3:100:::-n4: Graphics Room Sun 3/50
X##sunga:sun3:100:::-n4: Graphics Room Sun 3/50
X##sunga:sun3:100:::-n4: Graphics Room Sun 3/50
END_OF_FILE
if test 2365 -ne `wc -c <'Scripts/network.conf'`; then
echo shar: \"'Scripts/network.conf'\" unpacked with wrong size!
fi
# end of 'Scripts/network.conf'
fi
if test -f 'Scripts/plaster' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/plaster'\"
else
echo shar: Extracting \"'Scripts/plaster'\" \(664 characters\)
sed "s/^X//" >'Scripts/plaster' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# This program provides a quick network murder if running "Crack -network"
X###
X# The name is Chris Samuel's fault... "Plaster the Cracks" indeed...
X# Mail admiration of this joke to cc...@aber.ac.uk
X###
X
Xfor i in Runtime/D*
Xdo
X echo $i
X $i
Xdone
X
Xexit 0
END_OF_FILE
if test 664 -ne `wc -c <'Scripts/plaster'`; then
echo shar: \"'Scripts/plaster'\" unpacked with wrong size!
fi
chmod +x 'Scripts/plaster'
# end of 'Scripts/plaster'
fi
if test -f 'Scripts/saltcount' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/saltcount'\"
else
echo shar: Extracting \"'Scripts/saltcount'\" \(627 characters\)
sed "s/^X//" >'Scripts/saltcount' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# Count the number of individual salts in do_join format...
X###
X
Xawk -F: '
XBEGIN {
X i = 0; # Just in case there is no input
X}
Xsubstr($3, 1, 2) != last {
X i++;
X last = substr($3, 1, 2);
X}
XEND {
X print i;
X}'
X
Xexit 0
END_OF_FILE
if test 627 -ne `wc -c <'Scripts/saltcount'`; then
echo shar: \"'Scripts/saltcount'\" unpacked with wrong size!
fi
chmod +x 'Scripts/saltcount'
# end of 'Scripts/saltcount'
fi
if test -f 'Scripts/shadmrg' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/shadmrg'\"
else
echo shar: Extracting \"'Scripts/shadmrg'\" \(948 characters\)
sed "s/^X//" >'Scripts/shadmrg' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xshadow=/etc/shadow
Xpasswd=/etc/passwd
X
X###
X# Merge /etc/shadow & /etc/passwd for Crack. Assume 7 fields for /etc/passwd,
X# and other for /etc/shadow
X###
X
Xcat $passwd $shadow |
Xawk -F: '
XBEGIN {
X OFS = ":";
X}
X
XNF == 7 {
X pwents[$1] = $0;
X}
X
XNF != 7 {
X shadow_pw[$1] = $2;
X}
X
XEND {
X for (pw_name in pwents)
X {
X fields = split(pwents[pw_name], pwd, ":");
X
X if (shadow_pw[pwd[1]] != "LOCKED")
X {
X print pwd[1], \
X shadow_pw[pwd[1]], \
X pwd[3], \
X pwd[4], \
X pwd[5], \
X pwd[6], \
X pwd[7];
X }
X }
X}'
END_OF_FILE
if test 948 -ne `wc -c <'Scripts/shadmrg'`; then
echo shar: \"'Scripts/shadmrg'\" unpacked with wrong size!
fi
chmod +x 'Scripts/shadmrg'
# end of 'Scripts/shadmrg'
fi
if test -f 'Scripts/spotless' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/spotless'\"
else
echo shar: Extracting \"'Scripts/spotless'\" \(554 characters\)
sed "s/^X//" >'Scripts/spotless' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xecho "Are you sure that you want to do this ? (no)"
Xread ans
X
Xcase $ans in
X [Yy]*)
X make -f Scripts/crack.mf spotless
X ;;
X *)
X ;;
Xesac
X
Xexit 0
END_OF_FILE
if test 554 -ne `wc -c <'Scripts/spotless'`; then
echo shar: \"'Scripts/spotless'\" unpacked with wrong size!
fi
chmod +x 'Scripts/spotless'
# end of 'Scripts/spotless'
fi
if test -f 'Scripts/status' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/status'\"
else
echo shar: Extracting \"'Scripts/status'\" \(630 characters\)
sed "s/^X//" >'Scripts/status' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
Xcat Scripts/network.conf |
Xawk -F: '
X/^[A-Za-z]/{
X print "echo ::: Calling", $1, " :-";
X
X if ($4 == "")
X {
X rshf = "-n";
X } else
X {
X rshf = "-n -l " $4;
X }
X print "rsh ", $1, rshf, "\"uptime ; ps x\"";
X} ' |
Xsh
X
Xexit 0
END_OF_FILE
if test 630 -ne `wc -c <'Scripts/status'`; then
echo shar: \"'Scripts/status'\" unpacked with wrong size!
fi
chmod +x 'Scripts/status'
# end of 'Scripts/status'
fi
if test ! -d 'Sources' ; then
echo shar: Creating directory \"'Sources'\"
mkdir 'Sources'
fi
if test -f 'Sources/Makefile' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/Makefile'\"
else
echo shar: Extracting \"'Sources/Makefile'\" \(1905 characters\)
sed "s/^X//" >'Sources/Makefile' <<'END_OF_FILE'
X###
X# Revised Makefile for Crack v4.1 - AEM, Feb 14 1992
X###
X
XLIBS=
XCFLAGS= -O
XPWC= crack-pwc
XFCRYPT= crack-fcrypt.o
XOBJS= crack-lib.o crack-glob.o crack-supp.o crack-sort.o
XUFCLIB= ../ufc-crypt/libufc.a
XTRUNS= 1000
X
X###
X# The reason for the direct reference to libufc.a is to get round
X# obnoxious problems with ranlibbing a file after copying it on some
X# architectures.
X###
X
X$(PWC).which:
X @echo Choosing between Crack.fcrypt and Crack.ufc
X -((../Scripts/do_ufc && make $(PWC).ufc) || make $(PWC).fcrypt)
X
X$(PWC).fcrypt: $(OBJS) $(FCRYPT) $(PWC).o
X $(CC) $(CFLAGS) -o $(PWC) $(PWC).o $(OBJS) $(FCRYPT) $(LIBS)
X
X$(PWC).ufc: $(OBJS) $(PWC).o
X $(CC) $(CFLAGS) -o $(PWC) $(PWC).o $(OBJS) $(UFCLIB) $(LIBS)
X
Xtestrule: testrule.o crack-lib.o
X $(CC) $(CFLAGS) -o $@ testrule.o crack-lib.o
X
Xtester: tester.o $(OBJS) $(FCRYPT)
X $(CC) $(CFLAGS) -o $@ tester.o $(OBJS) $(FCRYPT)
X
Xspeedufc: speeds.c $(OBJS) $(UFC)
X ../Scripts/do_ufc
X $(CC) $(CFLAGS) -DT1 -o $@ speeds.c $(OBJS) $(UFCLIB)
X
Xspeedfcrypt: speeds.c $(OBJS) $(FCRYPT)
X $(CC) $(CFLAGS) -DT1 -o $@ speeds.c $(OBJS) $(FCRYPT)
X
Xspeedxform: speeds.c $(OBJS) $(FCRYPT)
X $(CC) $(CFLAGS) -DT2 -o $@ speeds.c $(OBJS) $(FCRYPT)
X
Xspeedcrypt: speeds.c $(OBJS) $(FCRYPT)
X $(CC) $(CFLAGS) -o $@ speeds.c $(OBJS) $(FCRYPT)
X
Xtests: tester speedcrypt speedfcrypt speedxform speedufc
X -tester $(TRUNS)
X -speedcrypt
X -speedfcrypt
X -speedxform
X -speedufc
X
Xbytesex: bytesex.o
X $(CC) $(CFLAGS) -o $@ bytesex.o
X
X$(FCRYPT): crack-fcrypt.c crack.h bytesex
X $(CC) $(CFLAGS) `./bytesex` -c crack-fcrypt.c
X
X$(PWC).o: crack.h conf.h
X
Xcrack-glob.o: crack.h
X
Xcrack-lib.o: crack.h conf.h
X
Xcrack-sort.o: crack.h
X
Xcrack-supp.o: crack.h conf.h
X
Xtestrule.o: crack.h
X
Xcrack.h: crack-glob.h
X touch crack.h
X
Xconf.h:
X
Xclean:
X -rm -f *.o *.u *.a *.pixie *.Addrs *.Counts
X -rm -f $(PWC) tester bytesex testrule
X -rm -f speedcrypt speedfcrypt speedxform speedufc
END_OF_FILE
if test 1905 -ne `wc -c <'Sources/Makefile'`; then
echo shar: \"'Sources/Makefile'\" unpacked with wrong size!
fi
# end of 'Sources/Makefile'
fi
if test -f 'Sources/bytesex.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/bytesex.c'\"
else
echo shar: Extracting \"'Sources/bytesex.c'\" \(564 characters\)
sed "s/^X//" >'Sources/bytesex.c' <<'END_OF_FILE'
X#include <stdio.h>
X
Xmain ()
X{
X char *p;
X long int l;
X
X l = 'a' << 24 | 'b' << 16 | 'c' << 8 | 'd';
X p = (char *) &l;
X
X if (sizeof (long int) == 4)
X {
X#ifndef GCC /* gcc tends to make a botch of it */
X puts ("-DFDES_4BYTE");
X#endif
X } else if (sizeof (long int) == 8)
X {
X puts ("-DFDES_8BYTE");
X l <<= 32;
X } else
X {
X printf ("-DFDES_%dBYTE%c", sizeof (long int), 10);
X }
X if (!strncmp (p, "abcd", 4))
X {
X puts ("-DBIG_ENDIAN");
X } else if (!strncmp (p, "dcba", 4))
X {
X puts ("-DLITTLE_ENDIAN");
X }
X exit (0);
X}
END_OF_FILE
if test 564 -ne `wc -c <'Sources/bytesex.c'`; then
echo shar: \"'Sources/bytesex.c'\" unpacked with wrong size!
fi
# end of 'Sources/bytesex.c'
fi
if test -f 'Sources/conf.h' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/conf.h'\"
else
echo shar: Extracting \"'Sources/conf.h'\" \(2202 characters\)
sed "s/^X//" >'Sources/conf.h' <<'END_OF_FILE'
X/*
X * This program is copyright Alec Muffett 1991 except for some portions of
X * code in "crack-fcrypt.c" which are copyright Robert Baldwin, Icarus Sparry
X * and Alec Muffett. The author(s) disclaims all responsibility or liability
X * with respect to it's usage or its effect upon hardware or computer
X * systems, and maintain copyright as set out in the "LICENCE" document which
X * accompanies distributions of Crack v4.0 and upwards.
X */
X
X#undef DEVELOPMENT_VERSION
X
X/*
X * define this symbol if you are on a system where you don't have the
X * strchr() function in your standard library (usually this means you are on
X * a BSD based system with no System 5isms) but you DO have the equivalent
X * index() function.
X */
X
X#undef INDEX_NOT_STRCHR
X
X/*
X * define this if you have a smart toupper() and tolower() (a-la ANSI), which
X * do not generate barf when something which is not a lowercase letter is
X * uppercased, or vice-versa (a-la K&R). Check your manpage or leave it
X * undefined
X */
X
X#undef FAST_TOCASE
X
X/*
X * define this if you are on a Sys V type system with a uname() system call
X * AND YOU HAVE NO gethostname() - it fakes up a BSD gethostname() so you can
X * use CRACK_NETWORK; see crack-port.c
X */
X
X#undef CRACK_UNAME
X
X/*
X * define CRACK_DOTFILES if you want to search the first 1Kb segment of users
X * .plan/.project/.signature files for potential passwords.
X *
X * define CRACK_DOTSANE to likewise do (possibly non-portable) sanity testing
X * on the dotfiles before opening them (check that they are not named pipes,
X * etc...)
X */
X
X#undef CRACK_DOTFILES
X#undef CRACK_DOTSANE
X
X/*
X * define "COMPRESSION" if you have enabled compression in the Crack
X * Shellscript
X *
X * this is enabled by default if you have /usr/ucb/compress; change the pathname
X * of the $compress variable in the Crack script if you use another pathname
X * to get to "compress" and then put the path name of the "pipe to stdout"
X * version of the compression prog here.
X */
X
X#define COMPRESSION
X#define ZCAT "/usr/ucb/zcat" /* as in "zcat Dicts/bigdict.Z" */
X#define PCAT "/usr/bin/pcat"
X
X/*
X * define this if you are using fcrypt() - you might not want to if fcrypt()
X * doesn't work properly
X */
X
X#define FCRYPT
END_OF_FILE
if test 2202 -ne `wc -c <'Sources/conf.h'`; then
echo shar: \"'Sources/conf.h'\" unpacked with wrong size!
fi
# end of 'Sources/conf.h'
fi
if test -f 'Sources/crack-glob.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-glob.c'\"
else
echo shar: Extracting \"'Sources/crack-glob.c'\" \(1388 characters\)
sed "s/^X//" >'Sources/crack-glob.c' <<'END_OF_FILE'
X#include "crack.h"
X
Xchar version[] = "4.1f"; /* version of prog */
Xchar runtime[] = "Runtime";
Xchar feedback_string[] = "!fb!";
Xchar rulefile[] = "Scripts/dicts.rules";
Xchar gecosfile[] = "Scripts/gecos.rules";
Xchar nastygram[] = "Scripts/nastygram";
Xchar zcat[] = ZCAT;
Xchar pcat[] = PCAT;
X
X/* runtime variable declarations */
X
Xint pid; /* current process ID */
Xint pwlength = 8; /* significant length of a password */
Xstruct USER *userroot; /* root of linked list of users */
Xstruct RULE *ruleroot; /* root of linked list of rules */
Xstruct RULE *gecosroot; /* root of linked list of (gecos) rules */
Xstruct DICT *dictroot; /* root of linked list of words */
X
X/* datafile variables */
X
Xchar diefile[STRINGSIZE]; /* where die output goes... */
Xchar feedbackfile[STRINGSIZE]; /* where feedback ouytput goes */
Xchar opfile[STRINGSIZE]; /* where Log() output goes */
Xchar pointfile[STRINGSIZE]; /* checkpointing */
Xchar this_hostname[STRINGSIZE]; /* gethostname() hack */
X
X/* recover variables */
X
Xchar old_hostname[STRINGSIZE]; /* next 4 vars used in recovery */
Xchar old_dictname[STRINGSIZE];
Xchar old_rule[STRINGSIZE];
Xint old_usernum;
Xchar old_username[STRINGSIZE];
X
X/* switches */
Xchar input_file[STRINGSIZE];
Xint foreground_bool;
Xint remote_bool;
Xint nice_value;
Xint recover_bool;
Xchar recover_file[STRINGSIZE];
Xint verbose_bool;
Xchar supplied_name[STRINGSIZE];
Xint mail_bool;
END_OF_FILE
if test 1388 -ne `wc -c <'Sources/crack-glob.c'`; then
echo shar: \"'Sources/crack-glob.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-glob.c'
fi
if test -f 'Sources/crack-glob.h' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-glob.h'\"
else
echo shar: Extracting \"'Sources/crack-glob.h'\" \(958 characters\)
sed "s/^X//" >'Sources/crack-glob.h' <<'END_OF_FILE'
Xextern char version[];
Xextern char runtime[];
Xextern char feedback_string[];
Xextern char rulefile[];
Xextern char gecosfile[];
Xextern char nastygram[];
Xextern char zcat[];
Xextern char pcat[];
Xextern int pid;
Xextern int pwlength;
Xextern struct USER *userroot;
Xextern struct RULE *ruleroot;
Xextern struct RULE *gecosroot;
Xextern struct DICT *dictroot;
Xextern char diefile[STRINGSIZE];
Xextern char feedbackfile[STRINGSIZE];
Xextern char opfile[STRINGSIZE];
Xextern char pointfile[STRINGSIZE];
Xextern char this_hostname[STRINGSIZE];
Xextern char old_hostname[STRINGSIZE];
Xextern char old_dictname[STRINGSIZE];
Xextern char old_rule[STRINGSIZE];
Xextern int old_usernum;
Xextern char old_username[STRINGSIZE];
Xextern char input_file[STRINGSIZE];
Xextern int foreground_bool;
Xextern int remote_bool;
Xextern int nice_value;
Xextern int recover_bool;
Xextern char recover_file[STRINGSIZE];
Xextern int verbose_bool;
Xextern char supplied_name[STRINGSIZE];
Xextern int mail_bool;
END_OF_FILE
if test 958 -ne `wc -c <'Sources/crack-glob.h'`; then
echo shar: \"'Sources/crack-glob.h'\" unpacked with wrong size!
fi
# end of 'Sources/crack-glob.h'
fi
if test -f 'Sources/crack-supp.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-supp.c'\"
else
echo shar: Extracting \"'Sources/crack-supp.c'\" \(3409 characters\)
sed "s/^X//" >'Sources/crack-supp.c' <<'END_OF_FILE'
X/*
X * This program is copyright Alec Muffett 1991 except for some portions of
X * code in "crack-fcrypt.c" which are copyright Robert Baldwin, Icarus Sparry
X * and Alec Muffett. The author(s) disclaims all responsibility or liability
X * with respect to it's usage or its effect upon hardware or computer
X * systems, and maintain copyright as set out in the "LICENCE" document which
X * accompanies distributions of Crack v4.0 and upwards.
X */
X
X#include "crack.h"
X
X#ifdef CRACK_UNAME
X#ifndef AMIGA
X#include <sys/utsname.h>
Xint
Xgethostname (name, namelen)
X char *name;
X int namelen;
X{
X struct utsname uts;
X if (uname (&uts))
X {
X return (-1);
X }
X strncpy (name, uts.nodename, namelen - 1);
X return (0);
X}
X#else
Xint
Xgethostname (name, namelen)
X char *name;
X int namelen;
X{
X strncpy (name, "dougal", namelen);
X return (0);
X}
X#endif /* AMIGA */
X#endif /* CRACK_UNAME */
X
X/* log anything to datafile. */
X
Xvoid
XLog (fmt, a, b, c, d, e, f, g, h, i, j)
X char *fmt;
X long int a, b, c, d, e, f, g, h, i, j;
X{
X long t;
X
X time (&t);
X printf ("pwc: %-15.15s ", ctime (&t) + 4);
X printf (fmt, a, b, c, d, e, f, g, h, i, j);
X fflush (stdout);
X}
X/* print a guess, giving a single place to mod where necessary */
X
Xvoid
XPrintGuess (eptr, guess)
X register struct USER *eptr;
X char *guess;
X{
X eptr -> done = 1;
X eptr -> passwd_txt = Clone (guess); /* ESSENTIAL to FeedBack() */
X
X if (!eptr -> passwd_txt)
X {
X eptr -> passwd_txt = "<Ran out of memory logging this password>";
X }
X Log ("Guessed %s%s (%s in %s) [%s] %s\n",
X (eptr -> passwd.pw_uid ? "" : "ROOT PASSWORD "),
X eptr -> passwd.pw_name,
X eptr -> passwd.pw_shell,
X eptr -> filename,
X guess,
X eptr -> passwd.pw_passwd);
X
X if (mail_bool)
X {
X char dobuff[STRINGSIZE];
X
X sprintf (dobuff, "%s %s", nastygram, eptr -> passwd.pw_name);
X system (dobuff);
X }
X}
X
X
X/* write a pointfile out */
X
Xint
XSetPoint (dict, rule, usernum, username)
X char *dict;
X char *rule;
X int usernum;
X char *username;
X{
X FILE *fp;
X long t;
X
X if (!(fp = fopen (pointfile, "w")))
X {
X perror (pointfile);
X return (-1);
X }
X time (&t);
X
X fprintf (fp, "host=%s pid=%d pointtime=%s", this_hostname, pid, ctime (&t));
X fprintf (fp, "%s\n", this_hostname);
X fprintf (fp, "%s\n", dict);
X fprintf (fp, "%s\n", rule);
X fprintf (fp, "%d\n", usernum);
X fprintf (fp, "%s\n", username);
X
X fclose (fp);
X
X return (0);
X}
X/* read a pointfile in... */
X
Xint
XGetPoint (pf)
X char *pf;
X{
X FILE *fp;
X char buffer[STRINGSIZE];
X
X if (!(fp = fopen (pf, "r")))
X {
X perror (pf);
X return (-1);
X }
X /* junk */
X if (!fgets (buffer, STRINGSIZE, fp))
X {
X return (-2);
X }
X /* hostname */
X if (!fgets (old_hostname, STRINGSIZE, fp))
X {
X return (-3);
X }
X /* dictname */
X if (!fgets (old_dictname, STRINGSIZE, fp))
X {
X return (-4);
X }
X /* rule */
X if (!fgets (old_rule, STRINGSIZE, fp))
X {
X return (-5);
X }
X /* usernum */
X if (!fgets (buffer, STRINGSIZE, fp))
X {
X return (-6);
X }
X /* username */
X if (!fgets (old_username, STRINGSIZE, fp))
X {
X return (-7);
X }
X Trim (old_hostname);
X
X if (strcmp (old_hostname, this_hostname))
X {
X return (-8);
X }
X Trim (old_dictname);
X Trim (old_rule);
X
X old_usernum = atoi (buffer);
X
X Trim (old_username);
X
X fclose (fp);
X
X return (0);
X}
END_OF_FILE
if test 3409 -ne `wc -c <'Sources/crack-supp.c'`; then
echo shar: \"'Sources/crack-supp.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-supp.c'
fi
if test -f 'Sources/crack.h' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack.h'\"
else
echo shar: Extracting \"'Sources/crack.h'\" \(1805 characters\)
sed "s/^X//" >'Sources/crack.h' <<'END_OF_FILE'
X/*
X * This program is copyright Alec Muffett 1991 except for some portions of
X * code in "crack-fcrypt.c" which are copyright Robert Baldwin, Icarus Sparry
X * and Alec Muffett. The author(s) disclaims all responsibility or liability
X * with respect to it's usage or its effect upon hardware or computer
X * systems, and maintain copyright as set out in the "LICENCE" document which
X * accompanies distributions of Crack v4.0 and upwards.
X */
X
X#include <stdio.h>
X#include <ctype.h>
X#include <pwd.h>
X#include <signal.h>
X
X#include "conf.h"
X
X#define STRINGSIZE 256
X
X#ifdef DEVELOPMENT_VERSION
X#define BUILTIN_CLEAR
X#undef BRAINDEAD6
X#define CRACK_UNAME
X#endif
X
Xextern void Trim ();
Xextern char *Reverse ();
Xextern char *Uppercase ();
Xextern char *Lowercase ();
Xextern char *Clone ();
Xextern char *Mangle ();
Xextern int gethostname ();
X
X#ifdef FAST_TOCASE
X#define CRACK_TOUPPER(x) (toupper(x))
X#define CRACK_TOLOWER(x) (tolower(x))
X#else
X#define CRACK_TOUPPER(x) (islower(x) ? toupper(x) : (x))
X#define CRACK_TOLOWER(x) (isupper(x) ? tolower(x) : (x))
X#endif
X
X#ifdef FCRYPT
X#define crypt(a,b) fcrypt(a,b)
X#endif
X
X#ifdef INDEX_NOT_STRCHR
X#define strchr(a,b) index(a,b)
X#endif
X
Xstruct USER
X{
X struct USER *next; /* next users with different salt */
X struct USER *across; /* line of users with same salt */
X char *filename; /* where we got it from */
X char *passwd_txt; /* plaintext of password */
X struct passwd passwd; /* ...guess... */
X int done; /* bool flag */
X};
X
Xstruct DICT
X{
X struct DICT *next; /* simple linked list */
X char word[1]; /* ...<snigger>... */
X};
X
X/* include lyrics of "perfect circle" by R.E.M. at this point */
X
Xstruct RULE
X{
X struct RULE *next;
X char *rule;
X};
X
X#define STRCMP(x,y) ( *(x) == *(y) ? strcmp((x),(y)) : -1 )
X
X#include "crack-glob.h"
END_OF_FILE
if test 1805 -ne `wc -c <'Sources/crack.h'`; then
echo shar: \"'Sources/crack.h'\" unpacked with wrong size!
fi
# end of 'Sources/crack.h'
fi
if test -f 'Sources/speeds.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/speeds.c'\"
else
echo shar: Extracting \"'Sources/speeds.c'\" \(1886 characters\)
sed "s/^X//" >'Sources/speeds.c' <<'END_OF_FILE'
X/*
X * This program is copyright Alec Muffett 1991 except for some portions of
X * code in "crack-fcrypt.c" which are copyright Robert Baldwin, Icarus Sparry
X * and Alec Muffett. The author(s) disclaims all responsibility or liability
X * with respect to it's usage or its effect upon hardware or computer
X * systems, and maintain copyright as set out in the "LICENCE" document which
X * accompanies distributions of Crack v4.0 and upwards.
X */
X
X/* Cray portions Copyright (c) 1992 Tom Hutton. */
X#ifdef cray
X#include <sys/types.h>
X#include <time.h>
X#include <unistd.h>
X#include <ctype.h>
X#else
X#include <sys/time.h>
X#include <signal.h>
X#endif
X#include <stdio.h>
X
X#ifdef cray
X/*
X * Clocks to seconds and seconds to clocks
X */
X
X#define CTOS(X) ((long) ((unsigned) (X) / (long) hz))
X#define STOC(X) ((long) ((X) * hz))
X
Xstatic long hz;
X#endif
X
Xstatic int cnt;
X#define ITIME 10 /* Number of seconds to run test. */
X
Xvoid
XStop ()
X{
X printf ("Did %f %s()s per second.\n",
X ((float) cnt) / ((float) ITIME),
X#ifdef T1
X "fcrypt"
X#else
X#ifdef T2
X "XForm"
X#else
X "crypt"
X#endif
X#endif
X );
X exit (0);
X}
Xmain ()
X{
X#ifdef cray
X static long vtime;
X#else
X struct itimerval itv;
X#endif
X static int quarters[4];
X
X#ifdef cray
X hz = sysconf(_SC_CLK_TCK); /* get # ticks per second */
X vtime = STOC(ITIME);
X#else
X bzero (&itv, sizeof (itv));
X#endif
X
X printf ("Running for %d seconds of virtual time ...\n", ITIME);
X
X#if defined(T1) || defined(T2)
X init_des ();
X#endif
X
X#ifdef cray
X for (cnt = 0;cpused() <= vtime; cnt++)
X#else
X signal (SIGVTALRM, Stop);
X itv.it_value.tv_sec = ITIME;
X itv.it_value.tv_usec = 0;
X setitimer (ITIMER_VIRTUAL, &itv, NULL);
X
X for (cnt = 0;; cnt++)
X#endif
X {
X#ifdef T1
X fcrypt ("fredfred", "eek");
X#else
X#ifdef T2
X XForm (quarters, 0);
X#else
X crypt ("fredfred", "eek");
X#endif
X#endif
X }
X Stop();
X}
END_OF_FILE
if test 1886 -ne `wc -c <'Sources/speeds.c'`; then
echo shar: \"'Sources/speeds.c'\" unpacked with wrong size!
fi
# end of 'Sources/speeds.c'
fi
if test -f 'Sources/tester.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/tester.c'\"
else
echo shar: Extracting \"'Sources/tester.c'\" \(640 characters\)
sed "s/^X//" >'Sources/tester.c' <<'END_OF_FILE'
X#include <stdio.h>
X#include <time.h>
X
Xmain (argc, argv)
X int argc;
X char *argv[];
X{
X register int i;
X long int t;
X
X if (argc < 2)
X {
X exit (1);
X }
X init_des ();
X
X printf ("%s\n", fcrypt ("fredfred", "fredfred"));
X
X if (strcmp (fcrypt ("fredfred", "fredfred"), "frxWbx4IRuBBA"))
X {
X printf ("Version of fcrypt() is not compatible with standard.\n");
X exit (0);
X }
X i = atoi (argv[1]);
X
X printf ("Doing %d fcrypts()\n", i);
X
X time (&t);
X printf ("%s", ctime (&t));
X
X while (i--)
X {
X fcrypt ("fredfred", "fredfred");
X }
X
X time (&t);
X printf ("%s", ctime (&t));
X
X return (0);
X}
END_OF_FILE
if test 640 -ne `wc -c <'Sources/tester.c'`; then
echo shar: \"'Sources/tester.c'\" unpacked with wrong size!
fi
# end of 'Sources/tester.c'
fi
if test -f 'Sources/testrule.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/testrule.c'\"
else
echo shar: Extracting \"'Sources/testrule.c'\" \(517 characters\)
sed "s/^X//" >'Sources/testrule.c' <<'END_OF_FILE'
X#include "crack.h"
X
Xvoid
XLog (a, b, c, d, e, f, g)
X char *a, b, c, d, e, f, g;
X{
X printf (a, b, c, d, e, f, g);
X}
X
Xint
Xmain (argc, argv)
X int argc;
X char *argv[];
X{
X int i;
X char *ptr;
X char buffer[STRINGSIZE];
X
X while (!feof (stdin))
X {
X fgets (buffer, STRINGSIZE - 1, stdin);
X
X Trim (buffer);
X
X for (i = 1; i < argc; i++)
X {
X ptr = Mangle (buffer, argv[i]);
X
X printf ("'%s'('%s') = '%s'\n",
X argv[i],
X buffer,
X ptr ? ptr : "(rejected)");
X }
X }
X return (0);
X}
END_OF_FILE
if test 517 -ne `wc -c <'Sources/testrule.c'`; then
echo shar: \"'Sources/testrule.c'\" unpacked with wrong size!
fi
# end of 'Sources/testrule.c'
fi
if test -f 'TODO' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'TODO'\"
else
echo shar: Extracting \"'TODO'\" \(349 characters\)
sed "s/^X//" >'TODO' <<'END_OF_FILE'
X* replace recover/checkpoint code in entirety
X* make work over rsh link entirely
X* dictionaries shipped from central machine
X* code shipped from central machine (!)
X* regexp rules (is this really necessary ? what syntax the commands ?)
X* bottles of glenmorangie always welcome
X* multiprocessing ability
X
X- most of these will be in v5.0
X - alec
END_OF_FILE
if test 349 -ne `wc -c <'TODO'`; then
echo shar: \"'TODO'\" unpacked with wrong size!
fi
# end of 'TODO'
fi
echo shar: End of archive 1 \(of 5\).
cp /dev/null ark1isdone
MISSING=""
for I in 1 2 3 4 5 ; do
if test ! -f ark${I}isdone ; then
MISSING="${MISSING} ${I}"
fi
done
if test "${MISSING}" = "" ; then
echo You have unpacked all 5 archives.
rm -f ark[1-9]isdone
else
echo You still need to unpack the following archives:
echo " " ${MISSING}
fi
## End of shell archive.
exit 0
exit 0 # Just in case...
Alec David Muffett
Archive-name: crack/part02
Environment: UNIX
Supersedes: crack: Volume 25, Issue 5-9
#! /bin/sh
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 2 (of 5)."
# Contents: APPENDIX Crack DictSrc/bad_pws.dat LICENCE
# Scripts/Crack.network Scripts/dicts.rules Sources/crack-sort.c
# Wrapped by aem@aberfa on Wed Mar 18 14:08:31 1992
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'APPENDIX' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'APPENDIX'\"
else
echo shar: Extracting \"'APPENDIX'\" \(13955 characters\)
sed "s/^X//" >'APPENDIX' <<'END_OF_FILE'
XI'd like to thank Chris Samuel and Peter Grandi for all their help in
Xbeta-testing early versions of Crack, and in Peter's case especially,
Xfor dropping me into the deep end of troff. Die, you bastard. As for
XChris's major contribution, see "Scripts/plaster". 8->
X
XFor the v3.? versions of Crack, I'd like to thank Chris Myers, Randal
XSchwartz, Chris Lewis, and M.Maclaren. Also Brian Tompsett, for
Xpointing me at the now infamous v3.2 bug, and for suggestions, patches,
Xand enormous amounts of debugging information. To him should go the
Xprize for "Most Vociferous Beta Tester Ever".
X
XFor Crack v4.1, the greatest help has come from the members of the crack
Xbeta team, the most vociferous of whom are:
X
Xbr...@gov.llnl.ocelot, cava...@edu.uiuc.cogsci.lees,
Xcs...@uk.ac.coventry.cch, d...@acl.lanl.gov, dow...@gov.ncifcrf,
Xg...@daimi.aau.dk, ki...@engr.washington.edu, ko...@edu.columbia.cs.bach,
Xmo...@edu.uky.engr, myc...@edu.mit.ai.gnu, nel...@edu.orst.cs.storm,
Xne...@edu.colorado.denver.copper, nig...@uk.ac.york.ohm,
Xp...@uk.ac.oxford.convex, ph...@com.sequent, ph...@com.sequent,
Xp...@uk.ac.nott.cs, s...@com.ibm.watson, sha...@edu.purdue.cc.mentor
X
X- especially Fred "Mr Statistics" Korz, Paul Leyland, and shabby@purdue
Xfor all the debugging info. Also a bit thanks to Michael Glad for being
Xso helpful while we were writing a decent software interface between
XCrack and UFC.
X
XI also wish to acknowledge the help of Kent Landfield (moderator of
Xcomp.sources.misc) and Dan "COPS" Farmer, both of them for goading me
Xinto releasing a version of Crack with fcrypt() installed. Without
Xthem, I probably would have been too timid...
X
XFinally, my gratitude goes to my girlfriend Gilly, for her support
Xduring the bad times. You are the everything.
X
X--
XINET: a...@aber.ac.uk JANET: a...@uk.ac.aber BITNET: aem%aber@ukacrl
XUUCP: ...!mcsun!ukc!aber!aem ARPA: aem%uk.ac...@nsfnet-relay.ac.uk
XAlec Muffett, Somewhere in the UK, Probably lying under a tree drinking cider
X
X**********************************************************************
X
XSeveral people have asked me why I don't write Crack so that it
Xdistributes dictionaries over the network and hacks the same password
Xfile on each machine, as opposed to spreading users over the network and
Xusing the same dictionaries.
X
XThere are several reasons for this, which I will outline.
X
XThe reasoning that spreading the dictionaries over the network is faster
Xis correct in the case of cracking the passwords of ONE user - it is
Xmost efficient to run different dictionaries on him on several machines,
Xand you will break his password eventually.
X
XScaling this by a factor of 'n' users causes problems. Firstly, if a
Xmachine guesses one persons password, it must inform all others on the
Xnetwork not to waste time cracking him, but to get on with the other
Xusers. This is difficult and nasty.
X
XSecondly, it is not what Crack was designed to do. The name "Crack" is
Xactually a misnomer - Crack really ought to be called "Passwdcheck" or
Xsomething similar, but such names lack sex appeal.
X
XCrack is not a program designed to break the password of every user in
Xthe file. Rather, it is designed to find weak passwords in the file, by
Xattacking those sorts of bad passwords which are most likely to be used,
Xin the order in which they would most easily be found (ie: are most
Xlikely to be used by a moronic user).
X
XCrack is not designed to break user passwords; it is designed to break
Xpassword files. This is a subtle but important distinction.
X
XIf you want to break into a safe, you do not take a hammer at every bit
Xof it in turn; instead, first you try some simple combinations, then you
Xtry blowing the hinges off, then you get out an acetylene torch and go
Xfor the bolt. If that doesnt work, THEN you start on the walls. You go
Xfor the bits which are most likely to be weak first.
X
XConsider a password file with 'n' users in it. Say that your ordinary,
Xserial password cracker (eg: the one supplied with COPS) has a
Xdictionary of 1000 words, and tries each word 6 ways (upper/lower/mixed
Xcase, permuted with forwards/backwards)
X
XAlso consider that out of that 1000 users, only one (the last one) has a
Xguessable password - "fred".
X
XAlso say that it takes time 'T' seconds to encrypt a word.
X
XIf you use the "try each user in turn" method, like the COPS password
Xcracker, you will have to wait for a time:-
X
X 999 users * 1000 words * 6 ways * T = 5,994,000 T seconds
X
Xbefore you get to that last user. Spreading this load around on a
Xnetwork only alleviates the number of words to be searched (divides them
Xby the number of machines you are working on).
X
XThus, if you use 10 machines, the machine which will guess "fred" will
Xget to that last user in:-
X
X 999 * (1000 / 10) * 6 ways = 599,400 T seconds.
X
XAlternatively you can try it the Crack way - "fred" is a word which
Xappears in a forwards dictionary. You will only wait:-
X
X 999 users * 1000 words * 1st way * T = 999,000 T seconds
X
Xto get to that user. Now split the users across 10 machines (for
Xsimplicity, as outlined above):-
X
X (999 / 10) users * 1000 words * 1st way = 99,900 T seconds
X
XTo get to his password, in ONLY 17% of the time taken by networking
Xusing the serial cracking method. This is only a boundary case, but I
Xhope I have illustrated the concept.
X
X**********************************************************************
X
XCrack has several other optimisations because of its structured password
Xguesses. The figures below are entirely empirical, but I reckon that
Xthey're as good as any:
X
XThe first pass that Crack makes is over the user data user information
Xgleaned from the users' password field. In my test file, this gets
Xabout 4% of the passwords (out of a total of 15% guessed). This pass
Xalso completes very quickly, working as it does from a very small
Xamount of data, but one which is very frequently used for passwords.
X
XThe first sweep of the second pass, consisting of lowercase dictionary
Xwords, gets about another 5% of the passwords. The length of the first
Xsweep depends on how much CPU and how many dictionaries I supply, but
Xusing the Ultrix /usr/dict/words and my bad_pws.dat, over 4 CPUs, it
Xdoesn't take much more that a few hours.
X
XFor the further sweeps, the percentages cracked per sweep tail off, 2%,
X1%, 0.5%... But they are the people with fairly exotic passwords, and
Xit's only common sense that that they will take some time to crack.
X
X**********************************************************************
X
XThere is another major optimisation that I haven't mentioned.
X
XBecause of the way the UNIX crypt() algorithm works, each encryption is
X"salted" with a two letter sequence which is stored as the first two
Xcharacters of the encrypted password. This salting means that the word
X"fred" can be encrypted and appear in a password file in (literally)
Xthousands of different ways - so long as each encryption has a
Xdifferent salt.
X
XHence, it makes sense to do things in this manner:
X
X1) sort and group the input data by encryption salt.
X2) for each different groups' encryption salt
X * get a dictionary word
X * encrypt it using that salt (This is the time consuming bit)
X * compare the encryption with each member of the group with that salt
X * if it matches, you have guessed that users password.
X
XThis knocks (empirical guesswork time again) up to one third of the
Xdictionary encryptions off - thus saving you 0.3 of the time all the
Xdictionary sweeps would ordinarily take.
X
XCrack gives this statistic when it says
X
X pwc: Loaded 'n' password entries into 'm' salted lines. (x%)
X
Xwhere 'x' is the percentage of the total passwords loaded which have
Xdifferent salts.
X
X**********************************************************************
X
XSome people have asked me how to generate safe passwords. This, has
Xbecome a religious issue, and there are now several vociferous
X"password geeks" on USENET, who will say "my method is the best", in
Xthe same way that some mathematicians will try to compare so-called
X"random number generating algorithms".
X
XSuch statements are pointless. I'm sorry for adding to the confusion,
Xbut I must say that I think they are wrong.
X
XOkay, so I am a security fatalist and a security philosopher, but I am
Xnot going to give and hard and fast answers; rather, I'd like to make
Xsome points and recommendations to the people out there. Security isn't
Xa tangible thing, it is applied psychology.
X
XThe whole point of a password is to prevent people accessing your
Xsystem, getting into it from outside. Once someone is inside your
Xsystem, assuming that they have the relevant knowledge of your O/S, it
Xis safest to assume that anyone can get to be 'superuser'. Your only
Xsecurity once someone is on your system is called "security by
Xobscurity". If your user has sufficient knowledge, you've "had it".
X
XThe question isn't "How secure can my system be made?".
X
XThe question really should be, "How much do I care, how much can I trust?".
X
XA system can be perfectly secure without any passwords at all, so long
Xas it is in an environment of people who recognise its purpose and
Xdepend on it. I say this after having had acounts on several 'public'
Xmachines, which could have been taken to bits by any competent Unix
Xperson, but were largely safe - because when someone worked out who did
Xanything nasty, the culprit was ostracised from the community. There
X_is_ a caveat to this, however.
X
XThe problem is the sort of people who go around the world 'collecting'
Xcomputer accounts and breaking machines, those who have either a
Xchildish mentality or an ulterior motive.
X
XThe former are like the little boys who go around breaking windows and
Xvandalising things 'for kicks'. They are the ones who see every
Xpassword file as a "NO ENTRY" sign, and therefore, driven by what they
Xthink is anarchy and fun, they break in and smash the place up. Tell
Xthem that they are behaving like children, and they will behave moreso.
X
XThe latter are driven by personal motives or money. Their reasons are
Xtoo complex for me to analyse here.
X
XThe 'babyish' hackers need a lesson (which I hope that eventually they
Xlearn) that true anarchy is for the general good, and is best achieved
Xby fiat amongst the community. USENET is a good example - there is a
Xlot of petty bickering and arguing, but an incredible amount of good
Xcomes out of it. It is anarchy that the greek philosophers would have
Xapproved of.
X
XWhat I am trying to say is that, when I say that if someone gets into
Xyour system, you've "had it", you should consider whether there is
Xanything to have "had" in the first place. There is no point in getting
Xyourself paranoid over security - if you do, you'll lose out. Don't be
Xtoo paranoid. Be SENSIBLE instead, and secure your system according to
Xit's needs, and not according to some 'holy bible' of absolute security.
X
XIf someone gets into your system, you find out how they did it, patch
Xthe hole, check for back doors, brush yourself off, and start again.
XIt's not the end of the world.
X
XWhat this statement doesn't address (yet) is the needs of system
Xmanagers who have a REAL need for security - be it corporate data or
Xresearch work - on their system. As I have said before, most O/S's have
Xgaping holes in them that cannot be entirely filled, and so the crackers
Xmust be stopped on the doorstep. At the password login.
X
XPeople who say that they have a way of generating safe passwords are
Xmisinformed, IMHO. Saying that the password "wyufwqpl" is secure is as
Xmeaningful as saying that the number "4" is random. Password security,
Xlike any other form of computer security, is not absolute, but should
Xbe taken in context.
X
XYou can't say that a certain method will provide secure, random
Xpasswords, because, in defining an algorithm to create these passwords,
Xyou will use only a subset of all the possible passwords that could ever
Xexist. You have shrunk the 'search space' for the passwords.
X
XSomeone merely has to write a password cracker which will search this
Xsmall subset of passwords, in order to break your system. Passwords
Xgenerated by any algorithm, human or computer based, are merly
Xpseudo-secure, in the same way that numbers can be pseudo-random. For
Xillustration of this aspect of password security, read the document
X"Password Security, A Case History" by Morris and Thompson.
X
XThere is an incredibly large set of possible passwords in the world, and
Xthe best approach toward choosing a password is not to try to find a way
Xto generate 'secure' passwords - there are no such things - but rather
Xyou should learn to choose passwords which are not easily searched for.
XPasswords which are out of the 'search space' of most password crackers
Xlike 'Crack'.
X
XRead the Crack documentation. See what sort of things other programs
Xlike Crack would search for. Think of some yourself. I am not going to
Xspecifically mention methods, you should really work something out for
Xyourself.
X
XAt the bottom line, the password "fred" is just as secure (random) as
Xthe password "blurflpox"; the only problem is that "fred" is in a more
Xeasily searched part of the "password space".
X
XBoth of these passwords are more easily found than "Dxk&2+15^N" however.
XNow you must ask yourself if you can cope with remembering "Dxk&2+15^N".
X
X**********************************************************************
X
XSome time ago, I was listening to the REM album 'Green' on the way back
Xfrom the Cropredy folk festival, whilst thinking over things to do to
XCrack, and I was struck (not for the first time) by the words of the
Xfirst verse to 'World Leader Pretend':-
X
X I sit at my table, and wage war upon myself.
X It seems like it's all, it's all for nothing.
X I know the barricades, and I know the mortar in the wall
X I recognise the weapons, I use them well.
X
X This is my mistake, let me make it good,
X I raised the wall, and I will be the one to knock it down...
X
X- writing password cracking programs gets to you after a bit.
END_OF_FILE
if test 13955 -ne `wc -c <'APPENDIX'`; then
echo shar: \"'APPENDIX'\" unpacked with wrong size!
fi
# end of 'APPENDIX'
fi
if test -f 'Crack' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Crack'\"
else
echo shar: Extracting \"'Crack'\" \(6738 characters\)
sed "s/^X//" >'Crack' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.1 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X
X###
X# CRACK_HOME: You must put DOUBLE QUOTES around this and have /bin/csh if
X# you work relative to ~username - this is the Crack installation directory.
X# (currently developing on "dougal")
X###
X
XCRACK_HOME="~aem/dougal/crack41f"
X
X###
X# CRACK_OUT: This is the directory into which all the password guesser
X# output files are to be stored. This affects only the "out*" files, and
X# not "D*" or "P*", due to restraints on the support scripts.
X###
X
XCRACK_OUT="$CRACK_HOME"
X
X###
X# Umask for security's sake - stops files being world readable (if you
X# don't have it in your .login)
X###
X
Xumask 077
X
X###
X# DEFAULT_BIN : For non-network cracks, you can leave this as 'generic'.
X# Setting this to `arch` is non-portable.
X###
X
XDEFAULT_BIN="generic"
X
X###
X# List of standard dictionaries that you should have to provide words;
X#
X###
X
XSTDDICT="/usr/dict/words"
X
X###
X# Compress: name of a compression prog (compress & pack supported) to be
X# applied to the bigdict to save filespace
X###
X
Xcompress="/usr/ucb/compress"
X
X###
X############### FROM HERE ON IN IT'S ALL MY FAULT ###############
X###
X
Xversion="4.1f RELEASE" # version number
Xpwl="" # user specified
Xdomail="" # user specified
Xfgnd="" # user specified
Xremote="" # program specified
Xnice="" # user specified
Xrcvr="" # user specified
Xinputfile="/tmp/pw.$$" # program specified, also in pwc.c
Xverbose="" # user specified
Xcf_file="Scripts/network.conf" # program specified
Xbigdict="Dicts/bigdict" # program specified
Xlockdict="Dicts/.lockfile" # program specified
X
XCRACK_HOME_UNRES="$CRACK_HOME"
X
Xif [ -f "/bin/csh" ] # -x bombs on Ultrix
Xthen
X CRACK_OUT=` /bin/csh -fc "echo $CRACK_OUT" `
X CRACK_HOME=` /bin/csh -fc "echo $CRACK_HOME" `
Xfi
X
Xif [ ! -d "$CRACK_OUT" ]
Xthen
X echo "Warning: CRACK_OUT directory reset to directory '.'"
X CRACK_OUT="."
Xfi
X
Xexport CRACK_HOME
Xexport CRACK_OUT
Xexport DEFAULT_BIN
Xexport CRACK_HOME_UNRES
X
X###
X# Check existance of a home directory
X###
X
Xif [ "$CRACK_HOME" != "" -a -d "$CRACK_HOME" ]
Xthen
X cd $CRACK_HOME || exit 1
Xelse
X echo "Fatal error: the directory $CRACK_HOME does not exist."
X echo ""
X echo "Please set the value of CRACK_HOME in the 'Crack' script to the name of
X echo "the installation directory."
X echo ""
X echo "The current working directory is" `pwd`"
X exit 1
Xfi
X
X###
X# Announce ourselves.
X###
X
Xecho "Crack $version, The Password Cracker (c) Alec D.E. Muffett, 1992"
Xecho "Invoked as: $0 $*"
X
Xif [ $# = 0 ]
Xthen
X echo "Usage: $0 [options] [bindir] passwdfile [...]"
X echo "Or: $0 -network [options] passwdfile [...]"
X echo "Options:-"
X echo " -v - to produce verbose output"
X echo " -nnicevalue - to run niced to 'nicevalue'"
X echo " -rpointfile - to recover a crashed-out job"
X echo " -Rpointfile - to recover (with verify) a crashed-out job"
X echo " -f - to run in foreground (output to stdout)"
X echo " -m - to mail the user a warning message if cracked"
X exit 1
Xfi
X
X###
X# Make the dictionaries. God this is SOOOOO much simpler...
X###
X
Xif [ ! -f $lockdict ]
Xthen
X echo "Making dictionary $bigdict - This may take some time..."
X (
X for dictfile in $STDDICT DictSrc/*
X do
X case $dictfile in
X *.Z)
X zcat $dictfile
X ;;
X *.z)
X pcat $dictfile
X ;;
X *)
X cat $dictfile
X ;;
X esac
X done
X ) |
X grep -v '^#' |
X sort |
X uniq > $bigdict
X
X# I do not do "tr A-Z a-z" here because of words like LaTeX and
X# BiCapitalisation, which are potential passwords, but the structure of
X# which would be irrecoverably destroyed by lowercaseing.
X
X echo touch $lockdict # for future refs.
X touch $lockdict
X
X if [ "x$compress" != "x" -a -f "$compress" ]
X then
X echo $compress $bigdict
X # if this fails, tweak the $compress definition above...
X $compress $bigdict || exit 1
X fi
Xelse
X echo Dictionary Dicts/* intact
Xfi
X
X###
X# Check your invocation...
X###
X
Xif [ "x$1" = "x-network" ]
Xthen
X shift
X Scripts/Crack.network $*
X exit 0
Xfi
X
Xwhile :
Xdo
X case $1 in
X -network)
X echo "Error: -network (if specified) must be first argument"
X exit 1
X ;;
X -X*)
X remote=$1
X shift
X ;;
X -m*)
X domail=$1
X shift
X ;;
X -l*)
X pwl=$1
X shift
X ;;
X -f*)
X fgnd=$1
X shift
X ;;
X -n*)
X nice=$1
X shift
X ;;
X -r*)
X rcvr=$1
X shift
X ;;
X -v*)
X verbose=$1
X shift
X ;;
X -*)
X echo "Error: unknown argument $1"
X shift
X ;;
X *)
X break
X ;;
X esac
Xdone
X
X###
X# Test first non-switch argument for existance, hence where to put binaries
X###
X
Xif [ -f "$1" ]
Xthen
X CRACK_ARCH="$CRACK_HOME/$DEFAULT_BIN"
Xelse
X CRACK_ARCH="$CRACK_HOME/$1"
X shift
Xfi
X
Xexport CRACK_ARCH
X
Xecho "Binary directory: $CRACK_ARCH"
X
X###
X# Make the password cracker
X###
X
XScripts/do_pwc $CRACK_ARCH || exit 1
X
X###
X# Process input to the program
X###
X
Xecho "Sorting data for Crack."
X
Xif [ "x$remote" != "x" ]
Xthen
X cat > $inputfile
Xelse
X out_init=$CRACK_OUT/out.$$
X
X Scripts/do_join $out_init $* > $inputfile || exit 1
X
X if [ "x$domail" != "x" ]
X then
X MISCREANTS=`awk '/Guessed/{print $6}' < $out_init`
X echo Sending Warning Mail to $MISCREANTS
X Scripts/nastygram $MISCREANTS
X fi
X
X if [ "x$fgnd" != "x" ]
X then
X cat $out_init || exit 1
X rm -f $out_init
X fi
Xfi
X
X###
X# Check the runtime scratch file directory for pwc
X###
X
Xif [ ! -d Runtime ]
Xthen
X echo "Creating Runtime Directory."
X mkdir Runtime || exit 1
Xfi
X
X###
X# Kick it off into the background ?
X###
X# This is the message which has drawn the most complaints... However, I
X# have no way of knowing the name in advance, and I can't have crack-pwc
X# print it on stdout due to hanging file descriptors which bollox a
X# network crack. Hence I HAVE to be vague...
X###
X
Xflags="$remote $fgnd $XXdomail $pwl $nice $rcvr $verbose -i $inputfile"
X
Xecho "Flags:" $flags Dicts/*
X
Xif [ "x$fgnd" != "x" ]
Xthen
X echo "Running program in foreground"
X $CRACK_ARCH/crack-pwc $flags Dicts/* < /dev/null 2>&1
Xelse
X echo "Running program in background"
X # Apollos/Suns need first 7 descriptors closed to bg properly
X # from ksh - hence overkill - AEM
X nohup $CRACK_ARCH/crack-pwc $flags Dicts/* </dev/null >/dev/null \
X 2>&1 3>&1 4>&1 5>&1 6>&1 7>&1 8>&1 9>&1 &
X echo "Output will be written to a file in directory $CRACK_OUT"
X echo "named 'out<something>'"
Xfi
X
Xsleep 1
X
Xtest -f nohup.out && rm nohup.out
X
X###
X# There are horrible timeraces involved in removing $tmpfile, so I dont.
X# Crack-pwc does. Still. Hohum.
X###
X
Xexit 0
END_OF_FILE
if test 6738 -ne `wc -c <'Crack'`; then
echo shar: \"'Crack'\" unpacked with wrong size!
fi
chmod +x 'Crack'
# end of 'Crack'
fi
if test -f 'DictSrc/bad_pws.dat' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'DictSrc/bad_pws.dat'\"
else
echo shar: Extracting \"'DictSrc/bad_pws.dat'\" \(6524 characters\)
sed "s/^X//" >'DictSrc/bad_pws.dat' <<'END_OF_FILE'
X0
X1
X123456
X12345678
X2
X3
X4
X5
X6
X7
X8
X9
XA
Xa
Xaaa
Xabc
Xabcd
Xabcde
Xabcdef
Xabcdefg
Xabcdefgh
Xacademia
Xacademic
Xaccess
Xada
Xadmin
XAdrian
XAdrianna
Xaerobics
Xairplane
XAlasdair
Xalbany
Xalbatross
XAlbert
XAlex
XAlexander
Xalf
Xalgebra
Xalias
Xaliases
XAlice
XAlicia
XAlisa
XAlison
XAlistair
XAlister
XAllison
Xalpha
Xalphabet
Xama
Xamadeus
XAmanda
XAmber
Xamorphous
XAmy
Xanalog
Xanchor
XAndrea
Xandromache
XAnduin
Xandy
XAngela
XAngie
Xanimal
Xanimals
XAnita
XAnn
XAnna
XAnne
XAnnette
Xanswer
Xanthropogenic
Xanvils
Xanything
XApril
Xaria
Xariadne
XArlene
Xarrow
XArthur
Xasd
Xasdfgh
Xasm
Xasshole
XAthena
Xatmosphere
Xaztecs
Xazure
XB
Xb
Xbacchus
Xbadass
XBailey
Xbanana
Xbananas
Xbandit
Xbanks
XBarbara
Xbarber
Xbaritone
XBart
XBartman
Xbasic
Xbass
Xbassoon
Xbatch
Xbatman
XBBROYGBVGW
Xbeach
Xbeater
Xbeauty
Xbeaver
XBecky
Xbeethoven
Xbeetledrive
Xbeloved
Xbenz
Xbeowulf
Xberkeley
Xberlin
Xberliner
XBeryl
Xbeta
XBeth
XBetsie
XBetty
XBeverly
Xbicameral
XBishop
Xbitch
Xbizzy
XBob
XBongpoo
Xbradley
XBrandi
XBrandy
XBrenda
Xbrian
XBridget
Xbroadway
Xbsd
Xbuggerall
Xbumbling
Xburgess
Xbuzby
XC
Xc
Xcad
XCalvin
XCamille
Xcampanile
XCandi
XCandy
Xcantor
Xcardinal
XCaren
XCarla
XCarmen
Xcarmen
XCarol
XCarole
XCarolina
Xcarolina
XCaroline
XCarrie
Xcarson
Xcascades
Xcastle
Xcat
XCatherine
XCathy
Xcayuga
XCecily
Xceltics
Xcerulean
Xchange
XCharity
XCharles
Xcharles
Xcharming
Xcharon
Xchat
Xcheesecake
Xchem
Xchemistry
Xchess
Xchester
Xchocolate
XChristina
XChristine
XChristy
Xcigar
XCindy
Xcinelli
Xclass
Xclassic
XClaudia
Xcluster
Xclusters
Xcode
Xcoffee
Xcoke
XCollins
Xcollins
Xcommrades
Xcomputer
Xcomrade
Xcomrades
Xcondo
Xcondom
Xconnect
XConnie
Xconsole
Xcookie
Xcookie
Xcooper
XCornelius
Xcornelius
Xcouscous
Xcreate
Xcreation
Xcreator
Xcreosote
Xcretin
Xcriminal
XCristina
XCrystal
Xcshrc
XCynthia
XD
Xd
Xdaemon
XDaisy
XDana
Xdancer
XDaniel
Xdaniel
XDanielle
Xdanny
Xdapper
Xdata
Xdave
XDawn
XDeb
XDebbie
XDeborah
Xdecember
Xdefault
Xdefoe
Xdeluge
XDenise
XDesiree
Xdesperate
Xdevelop
Xdevice
Xdial
XDiana
XDiane
Xdiet
Xdieter
Xdigital
Xdisc
Xdiscbox
Xdiscovery
Xdisk
Xdisney
Xdog
XDoobrie
Xdos
Xdrought
XDulce
XDuncan
XE
Xe
Xeager
Xearth
Xeasier
Xeasy
Xeatme
Xedges
Xedinburgh
Xedwin
XEdwina
Xegghead
Xeiderdown
XEileen
XEinstein
XElaine
XElanor
Xelephant
XElizabeth
XEllen
Xemail
Xemerald
XEmily
XEmmanuel
Xenemy
Xengine
Xengineer
Xenterprise
Xenzyme
XErica
XErika
XErin
Xersatz
Xestablish
Xestate
Xeternity
Xeuclid
Xeugene
XEvelyn
Xextension
XF
Xf
Xfairway
XFelicia
Xfender
Xfermat
Xferrari
Xfidelity
Xfield
Xfile
Xfinite
Xfishers
Xflakes
Xfloat
Xflower
Xflowers
Xfoolproof
Xfootball
Xforesight
Xformat
Xforsythe
Xfourier
Xfred
Xfriend
Xfrighten
Xfun
Xfunction
Xfungible
XG
Xg
XGabriel
Xgabriel
Xgames
Xgardner
Xgarfield
Xgatt
Xgauss
XGeorge
Xgeorge
XGertrude
Xgertrude
Xgibson
XGilly
XGina
XGinger
Xglacier
Xgnu
Xgolf
Xgolfer
Xgorgeous
Xgorges
Xgosling
Xgouge
Xgraham
Xgrahm
Xgrass
Xgroup
Xgryphon
Xgucci
Xguess
Xguest
Xguitar
Xgumption
Xguntis
Xgweledigaeth
XH
Xh
Xhack
Xhacker
Xhal
Xhamlet
Xhandily
Xhappening
Xharmony
Xharold
XHarvey
Xhawaii
XHeather
Xhebrides
XHeidi
Xheinlein
Xhello
Xhelp
Xherbert
XHiawatha
Xhibernia
Xhidden
XHobbes
Xhobbit
XHolly
Xhomework
Xhoney
Xhorse
Xhorus
Xhutchins
Xhydrogen
XI
Xibm
Xiluvben
Ximbroglio
Ximperial
Xinclude
Xingres
Xingress
XIngrid
Xinna
Xinnocuous
Xinternet
XIrene
Xirishman
Xisis
Xizzy
XJ
Xj
XJackie
XJane
XJanet
XJanice
XJanie
Xjapan
XJasmin
XJean
XJeanne
XJen
XJenni
XJennifer
XJenny
XJessica
Xjester
XJill
Xjixian
XJoanne
XJody
XJohnny
Xjohnny
XJoseph
XJoshua
XJoy
XJoyce
XJudith
XJudy
Xjuggle
XJulia
XJulie
XJune
Xjupiter
XK
Xk
Xkalajira
XKaren
XKarie
XKarina
XKate
XKathleen
XKathrine
XKathy
XKatina
XKatrina
XKelly
XKeri
Xkermit
Xkernel
XKerri
XKerrie
XKerry
Xkey
XKim
XKimberly
Xkipper
Xkirkland
XKitten
Xknight
XKrista
XKristen
XKristi
XKristie
XKristin
XKristine
XKristy
XL
Xl
Xladle
Xlager
Xlambda
Xlamination
XLana
XLara
Xlarkin
Xlarry
XLaura
Xlazarus
XLeah
Xlebesgue
Xlee
Xleland
Xleroy
XLeslie
Xlewis
Xlibrary
Xlight
XLinda
XLisa
Xlisp
XLiz
Xllareggub
Xlock
Xlockout
XLois
XLori
XLorin
XLorraine
XLouis
XLouise
Xlove
XLucy
XLynn
XLynne
XM
Xm
Xmac
Xmacintosh
Xmack
Xmaggot
Xmagic
Xmail
Xmaint
XMalcolm
Xmalcom
Xmanager
XMara
XMarci
XMarcy
XMaria
XMarietta
Xmark
Xmarkus
XMarni
Xmars
Xmarty
Xmarvin
XMary
Xmaster
Xmath
XMaurice
Xmaurice
XMeagan
XMegan
XMelissa
Xmellon
Xmemory
Xmercury
Xmerlin
Xmets
Xmgr
XMichael
Xmichael
XMichele
XMichelle
XMickey
Xmike
Xminimum
Xminsky
Xmit
Xmodem
Xmogul
Xmoguls
XMonica
Xmoose
Xmorley
XMortis
Xmortis
Xmouse
Xmozart
Xmuser
Xmutant
XMVEMJSUNP
XN
Xn
Xnagel
XNancy
Xnapoleon
Xnasa
Xnepenthe
Xneptune
Xness
Xnet
Xnetwork
Xnew
Xnews
Xnewton
Xnext
XNicole
XNita
Xnobody
XNoreen
Xnoxious
Xnuclear
Xnutrition
Xnyquist
XO
Xo
Xoceanography
Xocelot
Xoerhrdle
Xoffice
Xolivetti
XOlivia
Xolivia
Xopen
Xoperator
Xoracle
Xorca
Xorchid
Xorwell
Xosiris
Xoutlaw
Xoxford
XP
Xp
Xpacific
Xpad
Xpainless
Xpakistan
XPam
XPamela
Xpaper
Xpapers
Xpass
Xpassword
XPat
XPatricia
XPatty
XPaula
Xpencil
XPenelope
Xpenguin
Xpenis
Xpeoria
Xpercolate
Xpersimmon
Xpersona
Xpete
Xpeter
Xphilip
Xphoenix
Xphone
XPierre
Xpierre
Xpizza
Xplane
Xplayboy
Xplover
Xpluto
Xplymouth
XPolly
Xpolynomial
Xpondering
Xpork
Xporsche
Xposter
Xpower
Xpraise
Xprecious
Xprelude
Xpresto
Xprince
Xprinceton
Xpriv
Xprivate
Xprivs
Xprofessor
Xprofile
Xprogram
Xprotect
Xprotozoa
Xpub
Xpublic
Xpumpkin
Xpuneet
Xpuppet
XQ
Xq
Xqwerty
Xqwertyui
XR
Xr
Xrabbit
XRachel
XRachelle
Xrachmaninoff
Xrainbow
Xraindrop
Xraleigh
Xrandom
Xrascal
Xreagan
Xreally
XRebecca
Xregional
Xremote
XRenee
Xrick
Xripple
Xrisc
Xrje
XRobin
Xrobot
Xrobotics
XRobyn
XRochelle
Xrochester
Xrodent
Xrolex
Xromano
XRonald
Xronald
XRonnie
Xroot
XRose
Xrosebud
XRosemary
Xroses
Xruben
Xrules
Xruth
XS
Xs
Xsal
XSamantha
XSandra
XSandy
XSara
XSarah
Xsaturn
Xsaxon
Xscamper
Xscheme
Xschool
Xscott
Xscotty
Xsecret
Xsecurity
Xsensor
Xserenity
Xservice
Xsesame
Xsex
XShannon
Xsharc
Xshark
Xsharks
XSharon
Xsharon
Xsheffield
Xsheldon
Xshell
XSherri
XShirley
Xshit
Xshitforbrains
Xshiva
Xshivers
Xshuttle
Xsignature
Xsilverlake
Xsimon
Xsimple
Xsimpsons
Xsinger
Xsingle
Xsirte
Xsmile
Xsmiles
Xsmooch
Xsmother
XSnarfel
Xsnatch
Xsnoopy
Xsoap
Xsocrates
Xsomebody
XSondra
XSonia
XSonya
Xsossina
Xsparrows
Xspit
Xsplatter
Xsplodge
Xspring
Xspringer
Xsquires
XStacey
XStaci
XStacie
XStacy
XSteph
XStephanie
Xstrangle
Xstratford
Xstudent
Xstuttgart
Xsubway
Xsuccess
Xsucker
Xsummer
Xsun
Xsuper
Xsuperstage
Xsuperuser
Xsupport
Xsupported
Xsurfer
XSusan
XSusanne
XSusie
XSuzanne
XSuzie
Xswearer
XSybil
Xsymmetry
Xsys
Xsysadmin
Xsystem
XT
Xt
XTamara
XTami
XTamie
XTammy
Xtangerine
Xtape
XTara
Xtarget
Xtarragon
Xtaylor
Xteabag
Xtech
Xtelephone
Xtemptation
Xtennis
Xterminal
Xtest
Xthailand
Xthanatos
XTheresa
XTiffany
Xtiger
XTina
Xtoggle
Xtomato
Xtopography
Xtortoise
Xtoxic
Xtoyota
XTraci
XTracie
XTracy
Xtrails
Xtransfer
XTrisha
Xtrivial
Xtrombone
Xtty
Xtubas
Xtuttle
XU
Xu
Xumesh
Xunhappy
Xunicorn
Xunix
Xunknown
Xuranus
Xurchin
XUrsula
Xutil
Xutility
Xuucp
XV
Xv
XValerie
Xvasant
Xvenus
XVeronica
Xvertigo
XVicky
Xvillage
Xvirgin
XVirginia
Xvisitor
Xvortex
XW
Xw
Xwargames
XWarren
Xwarren
Xwater
Xweenie
XWendi
XWendy
Xwhatever
Xwhatnot
Xwhiting
XWhitney
Xwhitney
Xwholesale
Xwill
XWilliam
Xwilliam
Xwilliamsburg
XWillie
Xwillie
XWilma
Xwinston
Xwisconsin
Xwizard
Xwizzy
XWOBAFGKMRNS
Xwombat
Xwoodwind
Xword
Xwork
Xwormwood
Xwyoming
XX
Xx
Xxerox
Xxfer
Xxmodem
Xxyz
XY
Xy
Xyaco
Xyang
Xyellowstone
XYolanda
Xyosemite
XZ
Xz
Xzap
Xzerox
Xzimmerman
Xzmodem
Xzxcvbn
END_OF_FILE
if test 6524 -ne `wc -c <'DictSrc/bad_pws.dat'`; then
echo shar: \"'DictSrc/bad_pws.dat'\" unpacked with wrong size!
fi
# end of 'DictSrc/bad_pws.dat'
fi
if test -f 'LICENCE' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'LICENCE'\"
else
echo shar: Extracting \"'LICENCE'\" \(4775 characters\)
sed "s/^X//" >'LICENCE' <<'END_OF_FILE'
X(*
XThis document is freely plagiarised from the 'Artistic Licence',
Xdistributed as part of the Perl v4.0 kit by Larry Wall, which is
Xavailable from most major archive sites
X*)
X
XThis documents purpose is to state the conditions under which this
XPackage (See definition below) viz: The "Crack" Password Cracker, which
Xis copyright Alec David Edward Muffett, may be copied, such that the
XCopyright Holder maintains some semblance of artistic control over the
Xdevelopment of the package, while giving the users of the package the
Xright to use and distribute the Package in a more-or-less customary
Xfashion, plus the right to make reasonable modifications.
X
XSo there.
X
X***************************************************************************
X
XDefinitions:
X
X"Package" refers to the collection of files distributed by the Copyright
XHolder, and derivatives of that collection of files created through
Xtextual modification, or segments thereof.
X
X"Standard Version" refers to such a Package if it has not been modified,
Xor has been modified in accordance with the wishes of the Copyright
XHolder.
X
X"Copyright Holder" is whoever is named in the copyright or copyrights
Xfor the package.
X
X"You" is you, if you're thinking about copying or distributing this
XPackage.
X
X"Reasonable copying fee" is whatever you can justify on the basis of
Xmedia cost, duplication charges, time of people involved, and so on.
X(You will not be required to justify it to the Copyright Holder, but
Xonly to the computing community at large as a market that must bear the
Xfee.)
X
X
X
X"Freely Available" means that no fee is charged for the item itself,
Xthough there may be fees involved in handling the item. It also means
Xthat recipients of the item may redistribute it under the same
Xconditions they received it.
X
X1. You may make and give away verbatim copies of the source form of the
XStandard Version of this Package without restriction, provided that you
Xduplicate all of the original copyright notices and associated
Xdisclaimers.
X
X2. You may apply bug fixes, portability fixes and other modifications
Xderived from the Public Domain or from the Copyright Holder. A Package
Xmodified in such a way shall still be considered the Standard Version.
X
X3. You may otherwise modify your copy of this Package in any way,
Xprovided that you insert a prominent notice in each changed file stating
Xhow and when AND WHY you changed that file, and provided that you do at
Xleast ONE of the following:
X
Xa) place your modifications in the Public Domain or otherwise make them
XFreely Available, such as by posting said modifications to Usenet or an
Xequivalent medium, or placing the modifications on a major archive site
Xsuch as uunet.uu.net, or by allowing the Copyright Holder to include
Xyour modifications in the Standard Version of the Package.
X
Xb) use the modified Package only within your corporation or
Xorganization.
X
Xc) rename any non-standard executables so the names do not conflict with
Xstandard executables, which must also be provided, and provide separate
Xdocumentation for each non-standard executable that clearly documents
Xhow it differs from the Standard Version.
X
Xd) make other distribution arrangements with the Copyright Holder.
X
X4. You may distribute the programs of this Package in object code or
Xexecutable form, provided that you do at least ONE of the following:
X
Xa) distribute a Standard Version of the executables and library files,
Xtogether with instructions (in the manual page or equivalent) on where
Xto get the Standard Version.
X
Xb) accompany the distribution with the machine-readable source of the
XPackage with your modifications.
X
Xc) accompany any non-standard executables with their corresponding
XStandard Version executables, giving the non-standard executables
Xnon-standard names, and clearly documenting the differences in manual
Xpages (or equivalent), together with instructions on where to get the
XStandard Version.
X
Xd) make other distribution arrangements with the Copyright Holder.
X
X5. You may charge a reasonable copying fee for any distribution of this
XPackage. You may charge any fee you choose for support of this Package.
XYOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
Xdistribute this Package in aggregate with other (possibly commercial)
Xprograms as part of a larger (possibly commercial) software distribution
Xprovided that YOU DO NOT ADVERTISE this package as a product of your
Xown.
X
X6. The name of the Copyright Holder may not be used to endorse or
Xpromote products derived from this software without specific prior
Xwritten permission.
X
X7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
XWARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
XMERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
X
X The End
END_OF_FILE
if test 4775 -ne `wc -c <'LICENCE'`; then
echo shar: \"'LICENCE'\" unpacked with wrong size!
fi
# end of 'LICENCE'
fi
if test -f 'Scripts/Crack.network' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/Crack.network'\"
else
echo shar: Extracting \"'Scripts/Crack.network'\" \(3786 characters\)
sed "s/^X//" >'Scripts/Crack.network' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program is copyright Alec Muffett 1991, and is provided as part of
X# the Crack v4.0 Password Cracking package. The author disclaims all
X# responsibility or liability with respect to it's usage or its effect
X# upon hardware or computer systems, and maintains copyright as set out in
X# the "LICENCE" document which accompanies distributions of Crack v4.0 and
X# upwards. So there...
X###
X# This program reads the network.conf and breaks up the sorted password
X# file and runs RCrack to kick Crack up on all the machines and feeds
X# the file to it.
X###
X# Okay, if you don't like this bit of code, YOU think of a totally
X# portable way to do this - in shell scripts without using PERL - Alec.
X###
X
Xcf=Scripts/network.conf
Xtf=/tmp/mcp.$$
X
X###
X# Check that the config file is in place
X###
X
Xif [ ! -f $cf -o ! -s $cf ]
Xthen
X echo "Crack.network: empty or missing config file: $cf"
X exit 1
Xfi
X
X###
X# Parse arguments
X###
X
Xargs=""
Xfiles=""
Xdomail=""
X
Xfor i in $*
Xdo
X if [ -f "$i" ]
X then
X files="$files $i"
X else
X case $i in
X -f*)
X echo "Crack: -f option on COMMAND LINE incompatible with networking - Ignored"
X ;;
X -m*)
X domail="$i"
X args="$args $i"
X ;;
X *)
X args="$args $i"
X ;;
X esac
X fi
Xdone
X
X###
X# Get on with your proper job
X###
X
Xecho "Merging input data."
X
Xif [ "$CRACK_OUT" != "" ]
Xthen
X warn=$CRACK_OUT/out.$$
Xelse
X warn=out.$$
Xfi
X
XScripts/do_join $warn $files > $tf
X
Xif [ "x$domail" != "x" ]
Xthen
X MISCREANTS=`awk '/Guessed/{print $6}' < $warn`
X echo Sending Warning Mail to $MISCREANTS
X Scripts/nastygram $MISCREANTS
Xfi
X
X###
X# Statistics gathering
X###
X
Xlines=`wc -l < $tf`
Xsaltlines=`Scripts/saltcount < $tf`
X
X# Must not quote $lines/$saltlines here for comparison to work
Xif [ $lines = 0 -o $saltlines = 0 ]
Xthen
X echo "Crack: no uncracked input to distribute."
X exit 1
Xfi
X
Xecho "Starting analysis for Network-Crack."
X
Xcat $cf |
Xgrep -v '^#' |
Xgrep -v '^$' |
Xsort -t: +2 -n |
Xawk -F: '
XBEGIN {
X hostcount = 0;
X totalweight = 0;
X linecount = '"$lines"';
X saltlinecount = '"$saltlines"';
X iargs = "'"$args"'";
X file = "'"$tf"'";
X}
X
X/^[a-zA-Z0-9]/ {
X hostname[hostcount] = $1;
X bintype[hostcount] = $2;
X relpow[hostcount] = $3;
X powtot += $3;
X
X if (index($6, "-f") == 0)
X {
X asynch[hostcount] = "";
X } else
X {
X asynch[hostcount] = "-asynch";
X }
X
X crackf[hostcount] = $6 " " iargs; # useropts go second get priority
X
X if ($4 == "")
X {
X rshuser[hostcount] = "";
X } else
X {
X rshuser[hostcount] = "-l " $4;
X crackf[hostcount] = crackf[hostcount] " -U" $4;
X }
X
X if ($5 == "")
X {
X crackp[hostcount] = "$CRACK_HOME_UNRES/Crack";
X } else
X {
X crackp[hostcount] = $5;
X }
X
X crackf[hostcount] = iargs " " $6;
X hostcount++;
X}
X
XEND {
X done = 1;
X slice = 0.0;
X remainder = 0.0;
X todo = saltlinecount;
X print "echo Users:", linecount;
X print "echo Salts:", saltlinecount;
X print "echo Remote Hosts:", hostcount;
X print "echo Total power:", powtot;
X
X for (i = 0; i < hostcount; i++)
X {
X if (i < hostcount - 1)
X {
X# This balancing algorithm by: geo...@au.edu.monash.cc.moa (George Scott)
X# its wonderful - AEM
X slice = relpow[i] / powtot; # fraction
X slice *= todo; # percentage
X slice = int(slice); # round down
X todo -= slice; # remainder
X powtot -= relpow[i];
X } else
X {
X slice = todo; # fastest machine gets the rest.
X todo = 0;
X }
X if (slice > 0)
X {
X print "echo Calling", hostname[i], "for", slice, "different salts";
X
X line = sprintf( \
X "Scripts/RCrack %s %d %d %s %s \"%s\" %s %s %s < %s", \
X asynch[i], \
X done, \
X done + slice - 1, \
X hostname[i], \
X rshuser[i], \
X crackp[i], \
X "-XRuntime/RD'"$$"'." i, \
X crackf[i], \
X bintype[i], \
X file);
X# print "echo", line;
X print line;
X }
X done += slice;
X }
X}' | sh # I'll bet you didn't expect this...
X
Xrm $tf
Xexit 0
END_OF_FILE
if test 3786 -ne `wc -c <'Scripts/Crack.network'`; then
echo shar: \"'Scripts/Crack.network'\" unpacked with wrong size!
fi
chmod +x 'Scripts/Crack.network'
# end of 'Scripts/Crack.network'
fi
if test -f 'Scripts/dicts.rules' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/dicts.rules'\"
else
echo shar: Extracting \"'Scripts/dicts.rules'\" \(10425 characters\)
sed "s/^X//" >'Scripts/dicts.rules' <<'END_OF_FILE'
X###
X# Description file for Crack dictionary processor. ADE Muffett, Mar 1992
X###
X# Ordinary Commands:
X# : = no-op - do nothing to the input word
X# <n = reject word UNLESS it is < n characters long, where n = 0-9a-z
X# >n = reject word UNLESS it is > n characters long, where n = 0-9a-z
X# ^x = prepend character 'x' to word
X# $y = append character 'y' to word
X# l = force word to be lowercase
X# u = force word to be uppercase
X# c = force word to be capitalised
X# r = reverse word: "Fred" -> "derF"
X# d = duplicate word: "Fred" -> "FredFred"
X# f = reflect word: "Fred" -> "FredderF"
X# p = make best attempt to pluralise a lowercase word
X# onx = overstrike character in position 'n' (start at 0) with character 'x'
X# nb: little overflow checking is done, so use '<' and '>' carefully
X# inx = insert character 'x' in position 'n' (start at 0) and shift the rest
X# of the input string right.
X# eg: i3* on "wibble" yields "wib*ble"; i0* on "wibble" yields "*wibble"
X# nb: if n > strlen(input), character 'x' will be appended
X# xnm = extract substring from position n (start at 0) for up to m characters
X# eg: using x27 on "autobogotification" yields "tobogot"
X# eg: using x3a on "autobogotification" yields "obogotific" (10 chars)
X# nb: little overflow checking is done, so use '<' and '>' carefully
X###
X# Commands which may utilise character classes: (note special use of '?')
X# sxy = replace (swap) all 'x' in the word with 'y'
X# s?cy = replace all characters of class 'c' in the word with y
X# @x = purge all 'x' from the word
X# @?c = purge all characters of class 'c' from the word
X# !y = reject word if it contains character 'y'
X# !?c = reject word if it contains a character in class 'c'
X# /x = reject word unless it contains character 'x'
X# /?c = reject word unless it contains a character in class 'c'
X# =nx = reject word unless char at position 'n' is equal to x
X# =n?c = reject word unless char at position 'n' is in class 'c'
X# nb: the word always starts at position 0
X###
X# Character classes for use in above:
X# ?? matches "?"
X# ?v matches vowels aeiou
X# ?c matches consonants bcdfghjklmnpqrstvwxyz
X# ?w matches whitespace (space, tab)
X# ?p matches punctuation .,:;'"?!`
X# ?s matches symbols $%^&*()-_+=|\[]{}#@/~
X# ?l matches lowercase letters
X# ?u matches uppercase letters
X# ?d matches any digit
X# ?a matches any letter of the alphabet
X# ?x matches any letter of the alphabet, or any digit (ie: is alphanumeric)
X# The complement of a class may be matched by the uppercase of it's letter
X# ie: where ?d == DIGITS, ?D == NON-DIGITS, and so on.
X###
X# Many people haven't realised that the above is a complete language; ie:
X# if you want to create a dictionary of short words with "123" appended,
X# use "<6l$1$2$3".
X###
X# A FINAL NOTE: remember that very few users are aware that passwords
X# stop at 8 chars long; so, while it IS worthwhile to check for words
X# being 8 or more chars long before appending a character, it is NOT
X# worthwhile to do the same when prepending characters. Hence:-
X#
X# "williamsburgh" -> "williams" }\
X# "williamsburgh1" -> "williams" }/~~~Will be uniqued.
X# "1williamsburgh" -> "1william"
X#
X###
X# So, here we go; try to order these in the order most likely to be a
X# password. First we try to make selections from the pure alphabetic
X# words in the dicts, then we get onto the weird stuff.
X######################################################################
X
X# Force every pure alphabetic word lowercase and try it
X# NOT-CONTAIN ANY NON-ALPHA, LOWERCASE
X!?Al
X
X# Pluralise every significant one of the above
X# MORE-THAN 2, NOT-CONTAIN ANY NON-ALPHA, LOWERCASE, PLURALISE
X>2!?Alp
X
X# Try variations of anything that is not pure alnum
X# CONTAIN ANY NON-ALNUM
X/?X
X# CONTAIN ANY NON-ALNUM, CONTAIN ANY UPPER, LOWERCASE
X/?X/?ul
X
X# Any alphaword >2 & <8 chars long, append a digit or simple punctuation
X# since few ppl add non alpha chars to a already non-alpha word
X# MORE-THAN 2, LESS-THAN 8, NOT ANY NON-ALPHA, LOWERCASE, APPEND <whatever>
X>2<8!?Al$0
X>2<8!?Al$1
X>2<8!?Al$2
X>2<8!?Al$3
X>2<8!?Al$4
X>2<8!?Al$5
X>2<8!?Al$6
X>2<8!?Al$7
X>2<8!?Al$8
X>2<8!?Al$9
X>2<8!?Al$!
X>2<8!?Al$.
X>2<8!?Al$?
X>2<8!?Al$ :
X# trailing colon (no-op) on last line delimits space character.
X
X# Lowercase every pure alphabetic word and reverse it
X# MORE-THAN 2, NOT-CONTAIN ANY NON-ALPHA, LOWERCASE, REVERSE
X>2!?Alr
X
X# Capitalise every pure alnum word (ie: not anything which is not alnum)
X# MORE-THAN 2, NOT-CONTAIN ANY NON-ALNUM, CAPITALISE
X>2!?Xc
X
X# Anything uppercase
X# MORE-THAN 2, NOT-CONTAIN ANY NON-ALNUM, UPPERCASE
X>2!?Xu
X
X# Pure alphabetic words with vowels removed which are still fairly long
X# NOT-CONTAIN ANY NON-ALPHA, CONTAIN ANY VOWEL, PURGE ANY VOWEL, MORE-THAN 3
X!?A/?v@?v>3
X
X# Look, I'm getting really bored of this monotone uppercase typing, so
X# if it's OK with you, I'll drop the commentaries on each rule. You
X# should have got the idea by now...
X
X# Longish pure words lowercased and reflected
X>2!?Alf
X
X# Words containing whitespace, which is then squeezed out
X/?w@?w>3
X
X# In a similar vein, words with punctuation, squeezed out
X/?p@?p>3
X
X# Reasonably short words, duplicated. eg: "fredfred"
X>1<7!?Ald
X
X###
X# >From: myc...@edu.mit.ai.gnu
X# >In addition to the standard dicts.rules, I use the following set. You
X# >can guess what it does.
X# I've tidied this up a bit (I hope) - alec
X###
X>2/asa2l
X>2/asa4l
X>2/ese3l
X>2/hsh4l
X>2/isi1l
X>2/lsl1l
X>2/oso0l
X>2/sss$l
X>2/asa2/hsh4l
X>2/asa2/sss$l
X>2/asa4/hsh4l
X>2/ese3/asa2l
X>2/ese3/asa4l
X>2/ese3/hsh4l
X>2/ese3/sss$l
X>2/isi1/asa2l
X>2/isi1/asa4l
X>2/isi1/ese3l
X>2/isi1/hsh4l
X>2/isi1/sss$l
X>2/lsl1/asa2l
X>2/lsl1/asa4l
X>2/lsl1/ese3l
X>2/lsl1/hsh4l
X>2/lsl1/isi1l
X>2/lsl1/oso0l
X>2/lsl1/sss$l
X>2/oso0/asa2l
X>2/oso0/asa4l
X>2/oso0/ese3l
X>2/oso0/hsh4l
X>2/oso0/isi1l
X>2/oso0/sss$l
X>2/sss$/asa4l
X>2/sss$/hsh4l
X>2/asa2/sss$/hsh4l
X>2/ese3/asa2/hsh4l
X>2/ese3/asa2/sss$l
X>2/ese3/asa4/hsh4l
X>2/ese3/sss$/asa4l
X>2/ese3/sss$/hsh4l
X>2/isi1/asa2/hsh4l
X>2/isi1/asa2/sss$l
X>2/isi1/asa4/hsh4l
X>2/isi1/ese3/asa2l
X>2/isi1/ese3/asa4l
X>2/isi1/ese3/hsh4l
X>2/isi1/ese3/sss$l
X>2/isi1/sss$/asa4l
X>2/isi1/sss$/hsh4l
X>2/lsl1/asa2/hsh4l
X>2/lsl1/asa2/sss$l
X>2/lsl1/asa4/hsh4l
X>2/lsl1/ese3/asa2l
X>2/lsl1/ese3/asa4l
X>2/lsl1/ese3/hsh4l
X>2/lsl1/ese3/sss$l
X>2/lsl1/isi1/asa2l
X>2/lsl1/isi1/asa4l
X>2/lsl1/isi1/ese3l
X>2/lsl1/isi1/hsh4l
X>2/lsl1/isi1/sss$l
X>2/lsl1/oso0/asa2l
X>2/lsl1/oso0/asa4l
X>2/lsl1/oso0/ese3l
X>2/lsl1/oso0/hsh4l
X>2/lsl1/oso0/isi1l
X>2/lsl1/oso0/sss$l
X>2/lsl1/sss$/asa4l
X>2/lsl1/sss$/hsh4l
X>2/oso0/asa2/hsh4l
X>2/oso0/asa2/sss$l
X>2/oso0/asa4/hsh4l
X>2/oso0/ese3/asa2l
X>2/oso0/ese3/asa4l
X>2/oso0/ese3/hsh4l
X>2/oso0/ese3/sss$l
X>2/oso0/isi1/asa2l
X>2/oso0/isi1/asa4l
X>2/oso0/isi1/ese3l
X>2/oso0/isi1/hsh4l
X>2/oso0/isi1/sss$l
X>2/oso0/sss$/asa4l
X>2/oso0/sss$/hsh4l
X>2/sss$/asa4/hsh4l
X>2/ese3/asa2/sss$/hsh4l
X>2/ese3/sss$/asa4/hsh4l
X>2/isi1/asa2/sss$/hsh4l
X>2/isi1/ese3/asa2/hsh4l
X>2/isi1/ese3/asa2/sss$l
X>2/isi1/ese3/asa4/hsh4l
X>2/isi1/ese3/sss$/asa4l
X>2/isi1/ese3/sss$/hsh4l
X>2/isi1/sss$/asa4/hsh4l
X>2/lsl1/asa2/sss$/hsh4l
X>2/lsl1/ese3/asa2/hsh4l
X>2/lsl1/ese3/asa2/sss$l
X>2/lsl1/ese3/asa4/hsh4l
X>2/lsl1/ese3/sss$/asa4l
X>2/lsl1/ese3/sss$/hsh4l
X>2/lsl1/isi1/asa2/hsh4l
X>2/lsl1/isi1/asa2/sss$l
X>2/lsl1/isi1/asa4/hsh4l
X>2/lsl1/isi1/ese3/asa2l
X>2/lsl1/isi1/ese3/asa4l
X>2/lsl1/isi1/ese3/hsh4l
X>2/lsl1/isi1/ese3/sss$l
X>2/lsl1/isi1/sss$/asa4l
X>2/lsl1/isi1/sss$/hsh4l
X>2/lsl1/oso0/asa2/hsh4l
X>2/lsl1/oso0/asa2/sss$l
X>2/lsl1/oso0/asa4/hsh4l
X>2/lsl1/oso0/ese3/asa2l
X>2/lsl1/oso0/ese3/asa4l
X>2/lsl1/oso0/ese3/hsh4l
X>2/lsl1/oso0/ese3/sss$l
X>2/lsl1/oso0/isi1/asa2l
X>2/lsl1/oso0/isi1/asa4l
X>2/lsl1/oso0/isi1/ese3l
X>2/lsl1/oso0/isi1/hsh4l
X>2/lsl1/oso0/isi1/sss$l
X>2/lsl1/oso0/sss$/asa4l
X>2/lsl1/oso0/sss$/hsh4l
X>2/lsl1/sss$/asa4/hsh4l
X>2/oso0/asa2/sss$/hsh4l
X>2/oso0/ese3/asa2/hsh4l
X>2/oso0/ese3/asa2/sss$l
X>2/oso0/ese3/asa4/hsh4l
X>2/oso0/ese3/sss$/asa4l
X>2/oso0/ese3/sss$/hsh4l
X>2/oso0/isi1/asa2/hsh4l
X>2/oso0/isi1/asa2/sss$l
X>2/oso0/isi1/asa4/hsh4l
X>2/oso0/isi1/ese3/asa2l
X>2/oso0/isi1/ese3/asa4l
X>2/oso0/isi1/ese3/hsh4l
X>2/oso0/isi1/ese3/sss$l
X>2/oso0/isi1/sss$/asa4l
X>2/oso0/isi1/sss$/hsh4l
X>2/oso0/sss$/asa4/hsh4l
X>2/isi1/ese3/asa2/sss$/hsh4l
X>2/isi1/ese3/sss$/asa4/hsh4l
X>2/lsl1/ese3/asa2/sss$/hsh4l
X>2/lsl1/ese3/sss$/asa4/hsh4l
X>2/lsl1/isi1/asa2/sss$/hsh4l
X>2/lsl1/isi1/ese3/asa2/hsh4l
X>2/lsl1/isi1/ese3/asa2/sss$l
X>2/lsl1/isi1/ese3/asa4/hsh4l
X>2/lsl1/isi1/ese3/sss$/asa4l
X>2/lsl1/isi1/ese3/sss$/hsh4l
X>2/lsl1/isi1/sss$/asa4/hsh4l
X>2/lsl1/oso0/asa2/sss$/hsh4l
X>2/lsl1/oso0/ese3/asa2/hsh4l
X>2/lsl1/oso0/ese3/asa2/sss$l
X>2/lsl1/oso0/ese3/asa4/hsh4l
X>2/lsl1/oso0/ese3/sss$/asa4l
X>2/lsl1/oso0/ese3/sss$/hsh4l
X>2/lsl1/oso0/isi1/asa2/hsh4l
X>2/lsl1/oso0/isi1/asa2/sss$l
X>2/lsl1/oso0/isi1/asa4/hsh4l
X>2/lsl1/oso0/isi1/ese3/asa2l
X>2/lsl1/oso0/isi1/ese3/asa4l
X>2/lsl1/oso0/isi1/ese3/hsh4l
X>2/lsl1/oso0/isi1/ese3/sss$l
X>2/lsl1/oso0/isi1/sss$/asa4l
X>2/lsl1/oso0/isi1/sss$/hsh4l
X>2/lsl1/oso0/sss$/asa4/hsh4l
X>2/oso0/ese3/asa2/sss$/hsh4l
X>2/oso0/ese3/sss$/asa4/hsh4l
X>2/oso0/isi1/asa2/sss$/hsh4l
X>2/oso0/isi1/ese3/asa2/hsh4l
X>2/oso0/isi1/ese3/asa2/sss$l
X>2/oso0/isi1/ese3/asa4/hsh4l
X>2/oso0/isi1/ese3/sss$/asa4l
X>2/oso0/isi1/ese3/sss$/hsh4l
X>2/oso0/isi1/sss$/asa4/hsh4l
X>2/lsl1/isi1/ese3/asa2/sss$/hsh4l
X>2/lsl1/isi1/ese3/sss$/asa4/hsh4l
X>2/lsl1/oso0/ese3/asa2/sss$/hsh4l
X>2/lsl1/oso0/ese3/sss$/asa4/hsh4l
X>2/lsl1/oso0/isi1/asa2/sss$/hsh4l
X>2/lsl1/oso0/isi1/ese3/asa2/hsh4l
X>2/lsl1/oso0/isi1/ese3/asa2/sss$l
X>2/lsl1/oso0/isi1/ese3/asa4/hsh4l
X>2/lsl1/oso0/isi1/ese3/sss$/asa4l
X>2/lsl1/oso0/isi1/ese3/sss$/hsh4l
X>2/lsl1/oso0/isi1/sss$/asa4/hsh4l
X>2/oso0/isi1/ese3/asa2/sss$/hsh4l
X>2/oso0/isi1/ese3/sss$/asa4/hsh4l
X>2/lsl1/oso0/isi1/ese3/asa2/sss$/hsh4l
X>2/lsl1/oso0/isi1/ese3/sss$/asa4/hsh4l
X# Bleagh! pant, pant - alec
X
X# Oddly enough, people prefixing passwords with numbers is quite a lot
X# rarer than suffixing numbers. Hence, we are further down the file
X# before trying this. Oh well, let's nail the buggers anyway...
X>2<8l^ :
X>2l^0
X>2l^1
X>2l^2
X>2l^3
X>2l^4
X>2l^5
X>2l^6
X>2l^7
X>2l^8
X>2l^9
X
X# Capitalise and then reverse every word (eg: "derF")
X>2!?Xcr
X
X# Reverse and then capitalise every alphabetic word (eg: "Derf")
X>2rc
X
X# Pure words capitalised with various ejaculatory punctuation added
X# eg: "Cats!" for Andrew Floyd-Drebber fans...
X>2<8!?Ac$!
X>2<8!?Ac$.
X>2<8!?Ac$?
X
X# Uppercase words with various things appended or swapped out
X>2<8u$!
X>2<8u$.
X>2<8u$?
X>2/OsO0u
X
X# Really weird uppercase variations
X>2ud
X>2uf
X>2ur
X
X# Yes, I know all this looks like line noise, but I haven't put regexp in yet.
END_OF_FILE
if test 10425 -ne `wc -c <'Scripts/dicts.rules'`; then
echo shar: \"'Scripts/dicts.rules'\" unpacked with wrong size!
fi
# end of 'Scripts/dicts.rules'
fi
if test -f 'Sources/crack-sort.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-sort.c'\"
else
echo shar: Extracting \"'Sources/crack-sort.c'\" \(5383 characters\)
sed "s/^X//" >'Sources/crack-sort.c' <<'END_OF_FILE'
X#include "crack.h"
X#define Compare(a,b) (strcmp(a,b))
X
X/*
X * Sort a list of struct DICT by using an iterative bottom-up merge sort.
X * This particular piece of code took me ages to do (well, 2 days + 3 weeks
X * research) and provides a FAST way of sorting a linked list without the
X * overhead of increasing memory usage via malloc() or brk(). Why ? Because I
X * have to assume that there is no more memory, thats why. It's all Brian
X * Thompsett's fault! Really! Filling the swapspace on a SparcStation2 and
X * expecting Crack to survive! Argh! 8-)
X */
X
X/* Since this code is so nice, I'll comment it fairly thoroughly */
X
Xstruct DICT *
XSortDict (chain3, listlength)
X register struct DICT *chain3;
X long int listlength;
X{
X /* misc counters */
X register int i;
X long int discarded;
X
X /* 2^n for n = 0..x */
X long int n;
X
X /* head of the first extracted subchain */
X register struct DICT *chain1;
X
X /* head of second subchain */
X register struct DICT *chain2;
X
X /* useful temp pointer */
X register struct DICT *scratch;
X
X /* PTR TO ELEMENT containing TAIL of unsorted list pre-merging */
X struct DICT *lead_in;
X
X /* PTR TO HEAD of unsorted list after extracting chains */
X struct DICT *lead_out;
X
X /* dummy structures used as fenceposts */
X struct DICT dummy1;
X struct DICT dummy2;
X
X /* Put the incoming list into 'dummy1' posthole */
X dummy1.next = chain3;
X
X /* For values of n = 2^(0..30) limited by listlength */
X for (n = 1L; n < listlength; n *= 2)
X {
X /* Store place to get/put head of list in 'lead_in' */
X lead_in = &dummy1;
X
X /* Set chain1 to the head of unsorted list */
X for (chain1 = lead_in -> next; chain1; chain1 = lead_in -> next)
X {
X /* Break connection head and chain1 */
X lead_in -> next = (struct DICT *) 0;
X
X /* Extract up to length 'n', park on last element before chain2 */
X for (i = n - 1, scratch = chain1;
X i && scratch -> next;
X scratch = scratch -> next)
X {
X i--;
X };
X
X /* If chain1 is undersized/exact, there is no chain2 */
X if (i || !scratch -> next)
X {
X /* put chain1 back where you got it and break */
X lead_in -> next = chain1;
X break;
X }
X /* Get pointer to head of chain2 */
X chain2 = scratch -> next;
X
X /* Break connection between chain1 & chain2 */
X scratch -> next = (struct DICT *) 0;
X
X /* Extract up to length 'n', park on last element of chain2 */
X for (i = n - 1, scratch = chain2;
X i && scratch -> next;
X scratch = scratch -> next)
X {
X i--;
X };
X
X /* Even if it's NULL, store rest of list in 'lead_out' */
X lead_out = scratch -> next;
X
X /* Break connection between chain2 & tail of unsorted list */
X scratch -> next = (struct DICT *) 0;
X
X /* Now, mergesort chain1 & chain2 to chain3 */
X
X /* Set up dummy list fencepost */
X chain3 = &dummy2;
X chain3 -> next = (struct DICT *) 0;
X
X /* While there is something in each list */
X while (chain1 && chain2)
X {
X /* Compare them */
X i = Compare (chain1 -> word, chain2 -> word);
X
X if (i < 0)
X {
X /* a < b */
X chain3 -> next = chain1;
X chain3 = chain1;
X chain1 = chain1 -> next;
X } else if (i > 0)
X {
X /* a > b */
X chain3 -> next = chain2;
X chain3 = chain2;
X chain2 = chain2 -> next;
X } else
X {
X /*
X * a == b. Link them both in. Don't try to get rid of the
X * multiple copies here, because if you free up any
X * elements at this point the listsize changes and the
X * algorithm runs amok.
X */
X chain3 -> next = chain1;
X chain3 = chain1;
X chain1 = chain1 -> next;
X chain3 -> next = chain2;
X chain3 = chain2;
X chain2 = chain2 -> next;
X }
X }
X
X /*
X * Whatever is left is sorted and therefore linkable straight
X * onto the end of the current list.
X */
X
X if (chain1)
X {
X chain3 -> next = chain1;
X } else
X {
X chain3 -> next = chain2;
X }
X
X /* Skip to the end of the sorted list */
X while (chain3 -> next)
X {
X chain3 = chain3 -> next;
X }
X
X /* Append this lot to where you got chain1 from ('lead_in') */
X lead_in -> next = dummy2.next;
X
X /* Append rest of unsorted list to chain3 */
X chain3 -> next = lead_out;
X
X /* Set 'lead_in' for next time to last element of 'chain3' */
X lead_in = chain3;
X }
X }
X
X /* Now, Uniq the list */
X discarded = 0;
X
X /* Chain1 to the head of the list, Chain2 to the next */
X chain1 = dummy1.next;
X chain2 = chain1 -> next;
X
X /* While not at end of list */
X while (chain2)
X {
X /* Whilst (chain1) == (chain2) */
X while (!Compare (chain1 -> word, chain2 -> word))
X {
X /* Bump the discard count */
X discarded++;
X
X /* Store the next element */
X scratch = chain2 -> next;
X
X /* Get some memory back */
X free (chain2); /* ...<snigger>... */
X
X /* Assign the skip, break if you run off the end of list */
X if (!(chain2 = scratch))
X {
X break;
X }
X }
X
X /* Set comparison ptr to new element or terminate */
X chain1 -> next = chain2;
X
X /* If not terminated */
X if (chain2)
X {
X /* set the compared pointer to its successor */
X chain1 = chain2;
X chain2 = chain2 -> next;
X }
X }
X
X Log ("Sort discarded %ld words; FINAL DICTIONARY SIZE: %ld\n",
X discarded,
X listlength - discarded);
X
X return (dummy1.next);
X}
END_OF_FILE
if test 5383 -ne `wc -c <'Sources/crack-sort.c'`; then
echo shar: \"'Sources/crack-sort.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-sort.c'
fi
echo shar: End of archive 2 \(of 5\).
cp /dev/null ark2isdone
Alec David Muffett
Archive-name: crack/part04
Environment: UNIX
Supersedes: crack: Volume 25, Issue 5-9
#! /bin/sh
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 4 (of 5)."
# Contents: Docs/readme.ms Sources/crack-fcrypt.c
# Wrapped by aem@aberfa on Wed Mar 18 14:08:37 1992
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'Docs/readme.ms' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Docs/readme.ms'\"
else
echo shar: Extracting \"'Docs/readme.ms'\" \(28998 characters\)
sed "s/^X//" >'Docs/readme.ms' <<'END_OF_FILE'
X.de C
X.ie n .B "\\$1" \\$2
X.el .CW "\\$1" \\$2
X..
X.TL
X"Crack Version 4.1"
X.br
XA Sensible Password Checker for Unix
X.AU
XAlec D.E. Muffett
X.AI
XUnix Software Engineer
XAberystwyth, Wales, UK
X.I "(a...@aber.ac.uk or alec_m...@hicom.lut.ac.uk)"
X.AB
X.B Crack
Xis a freely available program designed to find standard Unix
Xeight-character DES encrypted passwords by standard guessing techniques
Xoutlined below. It is written to be flexible, configurable and fast,
Xand to be able to make use of several networked hosts via the Berkeley
X.C rsh
Xprogram (or similar), where possible.
X.AE
X.NH 1
XStatement of Intent
X.LP
XThis package is meant as a proving device to aid the construction of
Xsecure computer systems. Users of Crack are advised that they may get
Xseverly hassled by authoritarian type sysadmin dudes if they run Crack
Xwithout proper authorisation.
X.NH 1
XIntroduction to Version 4.0
X.LP
XCrack is now into it's fourth version, and has been reworked extensively
Xto provide extra functionality, and the purpose of this release is to
Xconsolidate as much of this new functionality into as small a package as
Xpossible. To this end, Crack may appear to be less configurable: it has
Xbeen written on the assumption that you run a fairly modern Unix, one
Xwith BSD functionality, and then patched in order to run on other
Xsystems.
X.LP
XThis, surprisingly enough, has led to neater code, and has made possible
Xthe introduction of greater flexibility which supercedes many of the
Xoptions that could be configured in earlier versions of Crack. In the
Xsame vein, some of the older options are now mandatory. These, such as
X.I "feedback mode"
Xand
X.C CRACK_PRINTOUT
Xare no longer supported as options and probably never will be again.
XThere is just a lot of wastage in not running with them, and too many
Xdependencies in other functions to bother programming around them.
X.LP
XThe user interface is basically identical to the previous versions,
Xalthough some people have asked about providing X-windows GUI's to
XCrack, I think it would be a waste of time to do so. Crack has far
Xless options than your ordinary version of
X.C /bin/ls .
X.NH 1
XIntroduction to Version 4.1
X.LP
XVersion 4.1 of the Crack program is an attempt to extend the features
Xintroduced in v4.0 and provide hooks for external libraries such as
XMichael Glad's wonderful
X.B UFC
Xcrypt() implementation, which (on some platforms) can outperform my
Xfcrypt() by a factor of 3. I have also been burdened with the task of
Xmaking Crack's memory handling bombproof (hah!) in the vague hope that
Xit will survive running out of memory on small machines.\**
X.FS
X- or even on large ones. Brian Tompsett at Hull tweaked Crack v3.3
Xuntil it could run to completion after filling the swapspace on each of a
Xnetwork of SparcStation2's. Due to restructuring work on v4.0, I have
Xhad to write my own sorting algorithm & re-implement all of his tweaks
Xfrom scratch, and can only hope that I have emulated the bombproofness
Xof this desirable (?) functionality.
X.FE
X.LP
XThe extensions that I mention above regard the addition of extra
Xprimitives to the dictionary processing language which permit the
Xproduction of more concise dictionaries containing words, more of which
Xare likely to be passwords. The idea is to gain efficiency by removing
Xsome of the dross from the generated dictionaries.
X.LP
XCrack should (generally) be more disk-space efficient now that the
Xprogram can spot dictionaries which have been compressed using
X.I compress
Xor
X.I pack
Xand will uncompress them on the fly as necessary (using
X.I zcat
Xor
X.I pcat
Xrespectively).\**
X.FS
XNote to people who are short on memory or swap: do remember that to do
Xthis Crack will have to
X.I fork()
X(via
X.I popen() )
Xand might not be able to create the uncompressing process. Hence, if
Xyou intend to swaplock your machine, don't compress the dictionaries.
XSwitch this off by editing the
X.C Crack
Xshellscript.
X.FE
X.NH 1
XCrack Methodology - Part 1: Internals
X.LP
XCrack takes as its input a series of password files and source
Xdictionaries. It merges the dictionaries, turns the password files into
Xa sorted list, and generates lists of possible passwords from the merged
Xdictionary or from information gleaned about users from the password
Xfile.
XIt does
X.B not
Xattempt to remedy the problem of allowing users to have guessable
Xpasswords, and it should
X.B NOT
Xbe used in place of getting a really good, secure
X.C passwd
Xprogram replacement.\**
X.FS
XSee the end of ths document for more information about
X.I passwd
Xreplacements.
X.FE
X.LP
XThe above paragraphs define the purpose of Crack, and embody a great
Xdeal of hard work, screams of
X.I Eureka! ,
Xdrunkeness, and a fair amount of swearing too. There is a lot
Xof thinking, philosophy, and empirical guesswork behind the way that
XCrack attacks password files, and although it is not perfect, I
Xcertainly hope that Crack will out-do most of it's competitors.
X.LP
XCrack works by making many individual passes over the password entries
Xthat you supply to it. Each pass generates password guesses based upon
Xa sequence of rules, supplied to the program by the
Xuser. The rules are specified in a simplistic language in the files
X.C gecos.rules
Xand
X.C dicts.rules ,
Xto be found in the
X.C Scripts
Xdirectory.
XThe distinction between these two files will be made clear later.
X.LP
XThe rules are written as a simple string of characters, with one rule to
Xa line. Blank lines, and comment lines beginning with a hash character
X.B #
Xare ignored. Trailing whitespace is also ignored. The instructions in
Xthe rule are followed from left to right, and are applied to the
Xdictionary words one by one, as the words are loaded. Some simple
Xpattern matching primitives are provided for selection purposes, so that
Xif the dictionary word does not match the pattern, it is ignored. This
Xsaves on time and memory. Before carrying on, I suggest that you browse
Xthrough
X.C Scripts/dicts.rules ,
Xtake a look at the rules supplied as defaults, and try to work out what
Xthey do.
X.LP
XThe rules are stored in two different files for two different purposes.
XRules in
X.C Scripts/gecos.rules
Xare applied to data generated by Crack from the pw_gecos and pw_gecos
Xentries of the user's password entry. The data fed to the gecos rules
Xfor the user
X.I "aem",
Xwho is
X.I "Alec David Muffett, Systems"
Xwould be:
X.I "aem",
X.I "Alec",
X.I "David",
X.I "Muffett",
X.I "Systems",
Xand a series of permutations of those words, either re-ordering the
Xwords and joining them together (eg:
X.I "AlecMuffett" ),
Xor making up new words based on initial letters of one word taken with
Xthe rest of another (eg:
X.I "AMuffett" ).\**
X.FS
X- and
X.I ASystems
Xand
X.I DSystems ,
Xand
X.I MSystems ,
Xetc... because Crack does not differentiate. Hence, care should be
Xtaken to check for redundancy when adding new rules, so as not to waste
Xtime during the gecos pass.
X.FE
X.LP
XThe entire set of rules in gecos.rules is applied to each of these
Xwords, which creates many more permutations and combinations, all of
Xwhich are tested. Hence testing the password gecos information under
XCrack v4.0 and upwards takes somewhat longer than previously, but it is
Xfar more thorough.
X.sp 1v
X.LP
XAfter a pass has been made over the data based on gecos information,
XCrack makes further passes over the password data using successive rules
Xfrom the
X.C Scripts/dicts.rules
Xby loading the whole of
X.C Dicts/bigdict
Xfile into memory, with the rule being applied to each word from that
Xfile. This generates a
X.I "resident dictionary" ,
Xwhich is sorted and uniqued so as to prevent wasting time on repetition.
XAfter each pass is completed, the memory used by the resident dictionary
Xis freed up, and (hopefully) re-used when the next dictionary is loaded.
X.LP
XThe
X.C Dicts/bigdict
Xdictionary is created by Crack by merging, sorting, and uniq'ing the
Xsource dictionaries, which are to be found in the directory
X.C DictSrc
Xand which may also be named in the Crack shellscript, via the
X.C $STDDICT
Xvariable. (The default value of $STDDICT is
X.C /usr/dict/words ).
X.LP
XThe file
X.C DictSrc/bad_pws.dat
Xis a dictionary which is meant to provide many of those common but
Xnon-dictionary passwords, such as
X.I 12345678
Xor
X.I qwerty .
X.LP
XIf you wish to provide a dictionary of your own, just copy it into the
X.C DictSrc
Xdirectory (use
X.C compress
Xon it if you wish to save space; Crack will unpack it whilst generating
Xthe big dictionary) and then delete the contents of the
X.C Dicts
Xdirectory by running
X.C Scripts/spotless .
XYour new dictionary will be merged in on the next run. For more
Xinformation on dictionary attacks, see the
X.I excellent
Xpaper called "Foiling the Cracker: A Survey of, and Improvements to,
XPassword Security" by Daniel Klein, available from
X.I "ftp.sei.cmu.edu"
Xin
X.I "~/pub/dvk/passwd.*" .
XAlso, please read the
X.C APPENDIX
Xfile supplied with this distribution.\**
X.FS
XExtra dictionaries (those detailed in Dan Klein's paper) can be
Xobtained via anonymous FTP from
X.I ftp.uu.net
X(137.39.1.9) as
X.I ~/pub/dictionaries.tar.Z ;
Xor check an
X.I Archie
Xdatabase for other possible sources of dictionaries.
X.FE
X.LP
XHaving described the method of cracking, perhaps we should now
Xinvestigate the algorithm used to overlay the cracking mechanism.
X.NH 1
XCrack Methodology - Part 2: Feedback Filters
X.LP
XAs is stated above, Crack permutes and loads dictionaries directly
Xinto memory, sorts and uniques them, before attempting to use each of
Xthe words as a guess for each users' password. If Crack correctly
Xguesses a password, it marks the user as
X.I done
Xand does not waste
Xfurther time on trying to break that users password.
X.LP
XOnce Crack has finished a dictionary pass, it sweeps the list of users
Xlooking for the passwords it has cracked. It stores the cracked passwords
Xin both plaintext and encrypted forms in a
X.I "feedback file"
Xin the directory
X.C Runtime .
XFeedback files have names of the form
X.C Runtime/F* .
X.LP
XThe purpose of this is so that, when Crack is next invoked, it may
Xrecognise passwords that it has successfully cracked before, and filter
Xthem from the input to the password cracker. This provides an
X.I instant
Xlist of crackable users who have not changed their passwords since the
Xlast time Crack was run. This list appears in a file with name
X.C out*
Xin the
X.C $CRACK_OUT
Xdirectory, or on
X.I stdout ,
Xif foreground mode is invoked (see
X.I Options ,
Xbelow).
X.LP
XIn a similar vein, when a Crack run terminates normally, it writes out
Xto the feedback file all encrypted passwords that it has
X.B NOT
Xsucceeded in cracking. Crack will then ignore all of these passwords
Xnext time you run it.
X.LP
XObviously, this is not desirable if you frequently change your
Xdictionaries or rules, and so there is a script provided,
X.C Scripts/mrgfbk
Xwhich sorts your feedback files, merges them into one, and optionally
Xremoves all traces of 'uncrackable' passwords, so that your next Crack
Xrun can have a go at passwords it has not succeeded in breaking before.
X.LP
X.C Mrgfbk
Xis invoked automatically if you run
X.C Scripts/spotless .
X.NH 1
XCrack Methodology - Part 3: Execution and Networking
X.LP
XEach time Crack is invoked, whether networked or not, it generates a
X.I diefile
Xwith a name of the form
X.C Runtime/D*
X(for network cracks, this file is generated by RCrack, and is of the form
X.C Runtime/DR*
Xwhich points to a
X.B real
Xdiefile, named
X.C Runtime/RD*
X- see below for details).
X.LP
XThese diefiles contain debugging information about the job, and are
Xgenerated so that all the jobs on the entire network can be called
Xquickly by invoking
X.C Scripts/plaster .
XDiefiles delete themselves after they have been run.
X.LP
XAs you will read in the sections below, Crack has a
X.C "-network"
Xoption: This is designed to be a simple method of automatically
Xspreading the load of password cracking out over several machines on a
Xnetwork, preferably if they are connected by some form of networked
Xfilestore.
X.LP
XWhen
X.C "Crack -network"
Xis invoked, it filters its input in the ordinary way, and then splits
Xits load up amongst several machines which are specified in the file
X.C Scripts/network.conf .
X.LP
XThis file contains a series of hostnames, power ratings, flags, etc,
Xrelevant to the running of Crack on each machine. Crack then calls
X.C Scripts/RCrack
Xto use the
X.C rsh
Xcommand (or similar) to invoke Crack on the other hosts. See the RCrack
Xscript, and the example network.conf file for details.
X.NH 1
XInstallation
X.LP
XCrack is one of those most unusual of beasties, a self-installing
Xprogram. Some people have complained about this apparent weirdness, but
Xit has grown up with Crack ever since the earliest network version, when
XI could not be bothered to log into several different machines with
Xseveral different architectures, just in order to build the binaries.
XOnce the necessary configuration options have been set, the executables
Xare created via
X.C make
Xby running the Crack shellscript .
X.LP
XCrack's configuration lies in two files, the
X.C Crack
Xshell script, which contains all the installation specific configuration
Xdata, and the file
X.C Sources/conf.h ,
Xwhich contains configuration options specific to various binary platforms.
X.LP
XIn the Crack shellscript, you will have to edit the
X.C CRACK_HOME
Xvariable to the correct value. This variable should be set to an
Xabsolute path name (names relative to
X.I ~username
Xare OK, so long as you have some sort of
X.C csh )
Xthrough which the directory containing Crack may be accessed on
X.B ALL
Xthe machines that Crack will be run on. There is a similar variable
X.C CRACK_OUT
Xwhich specifies where Crack should put its output files - by default,
Xthis is the same as
X.C "$CRACK_HOME" .
X.LP
XYou will also have to edit the file
X.C Sources/conf.h
Xand work out which switches to enable. Each
X.C #define
Xhas a small note explaining its purpose. Where I have been in doubt about
Xthe portability of certain library functions, usually I have re-written
Xit, so you should be OK. Let me know of your problems, if you have any.
X.LP
XIf you will be using
X.C "Crack -network"
Xyou will then have to generate a
X.C Scripts/network.conf
Xfile. This contains a list of hostnames to
X.C rsh
Xto, what their
X.I "binary type"
Xis (useful when running a network Crack on several different
Xarchitectures), a guesstimate of their
X.I "relative power"
X(take your slowest machine as unary, and measure all others relative to
Xit), and a list of per-host
X.I flags
Xto
X.B add
Xto those specified on the
X.C Crack
Xcommand line, when calling that host. There is an example of such a
Xfile provided in the Scripts directory - take a look at it.
X.LP
XIf ever you wish to specify a more precise figure as to the relative
Xpower of your machines, or you are simply at a loss, play with the
Xcommand
X.C "make tests"
Xin the source code directory. This can provide you with the number of
Xfcrypt()s that your machine can do per second, which is a number that
Xyou can plug into your
X.C network.conf
Xas a measure of your machines' power (after rounding the value to an
Xinteger).
X.NH 1
XUsage
X.LP
XOkay, so, let's assume that you have edited your
X.C Crack
Xscript, and your
X.C Sources/conf.h
Xfile, where do you go from here ?
X.LP
X.DS B
X.fi
X.C Crack
X[\c
X.I options ]
X[\c
X.I bindir ]
X.C /etc/passwd
X[...other passwd files]
X.sp 1v
X.C "Crack -network"
X[\c
X.I options ]
X.C /etc/passwd
X[...other passwd files]
X.DE
X.LP
XWhere
X.B bindir
Xis the optional name of the directory where you want the binaries
Xinstalled. This is useful where you want to be able to run versions of
XCrack on several different architectures. If
X.B bindir
Xdoes not exist, a warning will be issued, and the directory created.
X.QP
XNote:
X.B bindir
Xdefaults to the name
X.C generic
Xif not supplied.
X.QP
X.LP
X.B "Notes for Yellow Pages (NIS) Users:"
XI have occasional queries about how to get Crack running from a YP
Xpassword file. There are several methods, but by far the simplest is to
Xgenerate a passwd format file by running:-
X.DS B
X.C "ypcat passwd > passwd.yp"
X.DE
Xand then running Crack on this file.
X.NH 1
XOptions
X.IP "\fB-f\fP"
XRuns Crack in
X.I foreground
Xmode, ie: the password cracker is not backgrounded, and messages appear
Xon stdout and stderr as you would expect. This option is only really
Xuseful for very small password files, or when you want to put a wrapper
Xscript around Crack.
X.IP
XForeground mode is disabled if you try running
X.C "Crack -network -f"
Xon the command line, because of the insensibility of
X.C rsh ing
Xto several machines in turn, waiting for each one to finish before
Xcalling the next. However, please read the section about
X.I "Network Cracking without NFS/RFS" ,
Xbelow.
X.IP "\fB-v\fP"
XSets verbose mode, whereby Crack will print every guess it is trying on
Xa per-user basis. This is a very quick way of flooding your filestore,
Xbut useful if you think something is going wrong.
X.IP "\fB-m\fP"
XSends mail to any user whose password you crack by invoking
X.C Scripts/nastygram
Xwith their username as an argument. The reason for using the script is
Xso that a degree of flexibility in the format of the mail message is
Xsupplied; ie: you don't have to recompile code in order to change the
Xmessage.\**
X.FS
XI'm uncertain about the wisdom of mailing someone like this. If someone
Xbrowses your cracked user's mail somehow, it's like a great big neon
Xsign pointing at the user saying "This Is A Crackable Account - Go For
XIt!". Not to mention the false sense of security it engenders in the
XSystem Manager that he's "informed" the user to change his password.
XWhat if the user doesn't log on for 3 months? However, so many people
Xhave wired it into their own versions of Crack, I suppose it
X.B must
Xbe provided... AEM
X.FE
X.IP "\fB-nvalue\fP"
XSets the process to be
X.C nice() ed
Xto
X.I value ,
Xso, for example, the switch
X.C \&-n19
Xsets the Crack process to run at the lowest priority.
X.IP "\fB-network\fP"
XThrows Crack into network mode, in which it reads the
X.C Scripts/network.conf
Xfile, splits its input into chunks which are sized according to the
Xpower of the target machine, and calls
X.C rsh
Xto run Crack on that machine. Options for Crack running on the target
Xmachine may be supplied on the command line (eg: verbose or recover
Xmode), or in the network.conf file if they pertain to specific hosts
X(eg:
X.C nice()
Xvalues).
X.IP "\fB-r<pointfile>\fP"
XThis is only for use when running in
X.I recover
Xmode. When a running Crack starts pass 2, it periodically saves its
Xstate in a
X.I pointfile ,
Xwith a name of the form
X.C "Runtime/P.*"
XThis file can be used to recover where you were should a host crash.
XSimply invoke Crack in
X.B exactly
Xthe same manner as the last time, with the addition of the
X.C "-r"
Xswitch, (eg:
X.C "-rRuntime/Pfred12345" )
Xswitch. Crack will startup and read the file, and jump to roughly where
Xit left off. If you are cracking a very large password file, this can
Xsave oodles of time after a crash.
X.IP
XIf you were running a
X.I network
XCrack, then the jobs will again be spawned onto all the machines of the
Xoriginal Crack. The program will then check that the host it is running
Xon is the same as is mentioned in the pointfile. If it is not, it will
Xquietly die. Thus, assuming that you supply the same input data and do
Xnot change your
X.C network.conf
Xfile, Crack should pick up where it left off. This is a bit inelegant,
Xbut it's better than nothing at the moment.
X.IP
XThe method of error recovery outlined above causes headaches for users
Xwho want to do multiprocessing on parallel architectures. Crack is in
Xno way parallel, and because of the way it's structured (reading stdin
Xfrom shellscript frontends) it is a pain to divide the work amongst
Xseveral processes via
X.C fork() ing.
X.IP
XThe hack solution to get several copies of Crack running on one machine
Xwith
X.I n
Xprocessors at the moment is to insert
X.I n
Xcopies of the entry for your parallel machine into the
X.C Scripts/network.conf
Xfile. If you use the
X.C \&-r
Xoption in these circumstances however, you will get
X.I n
Xcopies of the recovered process running, only one of them will have the
Xcorrect input data.
X.IP
XThe old solution to this problem (see old documentation if you are
Xinterested) has been negated by the introduction of feedback mode, so
Xthe best bet in this particular situation is to wait until the other
Xjobs are done (and have written out lists of uncrackable passwords), and
Xthen re-start the jobs from scratch. Anyone whose password was not
Xcracked on the first run will be ignored on the second, if they have not
Xchanged it since. This is inelegant, but it's the best I can do in the
Xlimited time available.
X.NH
XSupport Scripts
X.LP
XThe
X.C Scripts
Xdirectory contains a small number of support and utility scripts, some
Xof which are designed to help Crack users check their progress.
XBriefly, the most useful ones are:-
X.IP "\fBScripts/shadmrg\fP"
XThis is a small (but hopefully readable) script for merging
X.C /etc/passwd
Xand
X.C /etc/shadow
Xon System V style shadow password systems. It produces the merged data
Xto stdout, and will need redirecting into a file before Crack can work
Xon it. The script is meant to be fairly lucid, on the grounds that I
Xworry that there are many shadowing schemes out there, and perhaps not
Xall have the same data format.
X.IP
X.B "I have not"
Xwired this facility into the Crack command itself because the world does
X.B NOT
Xrevolve around System V yet, regardless of what some people would have
Xme believe, and I believe that the lack of direct support for NIS
Xoutlined above, sets a precedent. There are just too many
Xincompatibilities in shadow password schemes for me to hardwire
Xanything.
X.IP "\fBScripts/plaster\fP"
Xwhich is named after a dumb joke, but is a simple frontend to the
X.C "Runtime/D*"
Xdiefiles that each copy of the password cracker generates. Invoking
X.C Scripts/plaster
Xwill kill off all copies of the password cracker you are running, over
Xthe network or otherwise.
X.IP "\fBScripts/status\fP"
XThis script
X.C rsh es
Xto each machine mentioned in the
X.C Scripts/network.conf
Xfile, and provides some information about processes and uptime on that
Xmachine. This is useful when you want to find out just how well your
Xpassword crackers are getting on during a
X.C "Crack -network" .
X.IP "\fBScripts/{clean,spotless}\fP"
XThese are really just frontends to a makefile. Invoking
X.C Scripts/clean
Xtidies up the Crack home directory, and removes probably unwanted files,
Xbut leaves the pre-processed dictionary
X.C bigdict
Xintact.
X.C Scripts/spotless
Xdoes the same as
X.C Scripts/clean
Xbut obliterates
X.C bigdict
Xand old output files too, and compresses the feedback files into one.
X.IP "\fBScripts/nastygram\fP"
XThis is the shellscript that is invoked by the password cracker to send
Xmail to users who have guessable passwords, if the
X.C -m
Xoption is used. Edit it at your leisure to suit your system.
X.IP "\fBScripts/guess2fbk\fP"
XThis script takes your
X.C out*
Xfiles as arguments and reformats the 'Guessed' lines into a slightly
Xmessy
X.I feedback
Xfile, suitable for storing with the others.
X.IP
XAn occasion where this might be useful is when your cracker has guessed
Xmany peoples passwords, and then died for some reason (a crash?) before
Xwriting out the guesses to a feedback file. Running
X.DS B
X.C "Scripts/guess2fbk out* >> Runtime/F.new"
X.DE
Xwill save the work that has been done.
X.NH 1
XNetwork Cracking without NFS/RFS
X.LP
XFor those users who have some form of
X.C rsh
Xcommand, but do not have a a networked filestore running between hosts,
Xthere is now a solution which will allow you to do networked cracking,
Xproposed to me by Brian Tompsett at Hull. Personally, I consider the
Xidea to be potty, but it fills in missing functionality in a wonderfully
Xtacky manner.
X.LP
XFrom the documentation above, you will note that Crack will undo the
X.C "-f"
X.I "(output in foreground)"
Xoption, if it is invoked with the
X.C "-network"
Xswitch at the same time (see the
X.I Options
Xsection above). This is true, but it does not apply if you specify
X.C "-f"
Xoption in the
X.C network.conf
Xfile.
X.LP
XThe practical upshot of doing this is that remote copies of Crack
Xcan be made to read from
X.I stdin
Xand write to
X.I stdout
Xover a network link, and thus remote processing is accomplished. I have
Xtweaked Crack in such a way, therefore, that if the
X.C "-f"
Xoption is specified amongst the crack-flags of a host in the
Xnetwork.conf, rather than backgrounding itself on the remote host, the
X.C rsh
Xcommand on the
X.B server
Xis backgrounded, and output is written directly to the files on the
Xserver's filestore.
X.LP
XThere are restrictions upon this method, mostly involving the number of
Xprocesses that a user may run on the server at any one time, and that
Xyou will have to collect feedback output together manually (dropping it
Xinto the
X.C Runtime
Xdirectory on the server). However, it works. Also, if you try to use
X.C rsh
Xas another user, you will suffer problems if
X.C rsh
Xinsists on reading something from your terminal (eg: a password for the
Xremote account). Also, recovering using checkpointing goes out the
Xwindow unless you specify the name of the pointfile as it is named
Xon the remote machine.
X.NH 1
XUFC Support and notes on fast crypt() implementations
X.LP
XThe stdlib version of the
X.C crypt()
Xsubroutine is incredibly slow. It is a
X.I massive
Xbottleneck to the execution of Crack and on typical platforms that you
Xget at universities, it is rare to find a machine which will achieve
Xmore than 50 standard crypt() s per second. On low-end diskless
Xworkstations, you may expect 2 or 3 per second. It was this slowness of
Xthe crypt() algorithm which originally supplied much of the security
XUnix needed.\**
X.FS
XSee: "Password Security, A Case History" by Bob Morris & Ken Thomson, in
Xthe Unix Programmer Docs.
X.FE
X.LP
XThere are now
X.B many
Ximplementations of faster versions of crypt()
Xto be found on the network. The one supplied with Crack v3.2 and
Xupwards is called
X.C fcrypt() .
XIt was originally written in May 1986 by Robert Baldwin at MIT, and is a
Xgood version of the crypt() subroutine. I received a copy from Icarus
XSparry at Bath University, who had made a couple of portability
Xenhancements to the code.
X.LP
XI rewrote most of the tables and the KeySchedule generating algorithm in
Xthe original
X.I fdes-init.c
Xto knock 40% off the execution overhead of fcrypt() in the form that it
Xwas shipped to me. I inlined a bunch of stuff, put it into a single
Xfile, got some advice from Matt Bishop and Bob Baldwin [both of whom I
Xam greatly indebted to] about what to do to the
X.C xform()
Xroutine and to the fcrypt function itself, and tidied up some
Xalgorithms. I have also added more lookup tables and reduced several
Xformula for faster use. Fcrypt() is now barely recognisable as being
Xbased on its former incarnation, and it is 3x faster.
X.LP
XOn a DecStation 5000/200, fcrypt() is about 16 times faster than the
Xstandard crypt (your mileage may vary with other architectures and
Xcompilers). This speed puts fcrypt() into the "moderately fast" league
Xof crypt implementations.
X.LP
XAmongst other crypt implementations available is
X.B UFC
Xby Michael Glad. UFC-crypt is a version of the crypt subroutine which
Xis optimised for machines with 32-bit long integers and generally
Xoutperforms my fcrypt() by a factor of between 1 and 3, for a tradeoff
Xof large memory usage, and memory-cache unfriendliness. Hooks for even
Xmore optimised assembler versions of crypt() are also provided for some
Xplatforms (Sun, HP, ...). Getting UFC to work on 16 bit architectures
Xis nearly impossible.
X.LP
XHowever, on most architectures, UFC generates a stunning increase in the
Xpower of Crack, and so, from v4.1 onwards, Crack is written to
Xautomatically make use of UFC if it can find it. All that you have to
Xdo is to obtain a suitable copy of UFC (preferably a version which
Xmentions that it is compatible with
X.C "Crack v4.1" ,
Xand unpack it into a directory called
X.C ufc-crypt
Xin
X.C $CRACK_HOME ,
Xand then delete your old binaries. UFC will then be detected, compiled,
Xtested and used in preference to fcrypt() by the Crack program, wherever
Xpossible.
X.NH 1
XConclusions
X.LP
XWhat can be done about brute force attacks on your password file ?
X.LP
XYou must get a drop-in replacement for the
X.C passwd
Xand
X.C yppasswd
Xcommands; one which will stop people from choosing bad passwords in the
Xfirst place. There are several programs to do this; Matt Bishop's
X.C "passwd+"
Xand Clyde Hoover's
X.C "npasswd"
Xprogram are good examples which are freely available. Consult an
X.B Archie
Xdatabase for more details on where you can get them from.
X.LP
XIt would be nice if an organisation (such as
X.B CERT ?)
Xcould be persuaded to supply skeletons of
X.I sensible
Xpasswd commands for the public good, as well as an archive of security
Xrelated utilities\**
Xon top of the excellent
X.C COPS .
X.FS
X.C COPS
Xis available for anonymous FTP from
X.I "cert.sei.cmu.edu"
X(128.237.253.5) in
X.I ~/cops
X.FE
XHowever, for Unix security to improve on a global scale, we will also
Xrequire pressure on the vendors, so that programs are written correctly
Xfrom the beginning.
END_OF_FILE
if test 28998 -ne `wc -c <'Docs/readme.ms'`; then
echo shar: \"'Docs/readme.ms'\" unpacked with wrong size!
fi
# end of 'Docs/readme.ms'
fi
if test -f 'Sources/crack-fcrypt.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-fcrypt.c'\"
else
echo shar: Extracting \"'Sources/crack-fcrypt.c'\" \(24546 characters\)
sed "s/^X//" >'Sources/crack-fcrypt.c' <<'END_OF_FILE'
X/*
X * This program is copyright Alec Muffett 1991 except for some portions of
X * code in "crack-fcrypt.c" which are copyright Robert Baldwin, Icarus Sparry
X * and Alec Muffett. The author(s) disclaims all responsibility or liability
X * with respect to it's usage or its effect upon hardware or computer
X * systems, and maintain copyright as set out in the "LICENCE" document which
X * accompanies distributions of Crack v4.0 and upwards.
X */
X
X/*
X * Misc defs for the fast password transform optimisations.
X */
X
X#include "crack.h"
X
X#define reg register
X#define uns unsigned
X#define unsb uns char
X#define unsl uns long
X
X/*
X * Types for the different ways to represent DES bit patterns. Bits are
X * always right justified within fields. Bits which have lower indices in
X * the NBS spec are stored in the vax bits with less significance (e.g., Bit
X * 1 of NBS spec is stored in the bit with weight 2 ** 0 to the Vax.
X */
X
X#define obpb1 unsb /* One bit per byte. */
X#define sbpb6 unsb /* Six bits per byte, 6 held. */
X#define sbpb6R unsb /* Six bits per byte Reversed order, 6 held. */
X#define sbpb24 unsl /* Six bits per byte, 24 held. */
X#define ebpb24 unsl /* Eight bits per bit, 24 held. */
X#define fbpb4 unsb /* Four bits per byte, 4 held. */
X#define fbpb4R unsb /* Four bits per byte Reversed order, 4 held. */
X
X/*
X * The operation (6 * x) is often better optimised as this (for really
X * braindead compilers) - AEM
X */
X
X#ifdef BRAINDEAD6
X#define SIX_TIMES(exprn) (((exprn) << 2) + ((exprn) << 1))
X#else
X#define SIX_TIMES(exprn) (6 * (exprn))
X#endif /* BRAINDEAD6 */
X
X/* DES transformation type... */
X
Xunion SDATA
X{
X sbpb24 b[2];
X sbpb6 c[8];
X};
X#ifndef FDES_4BYTE /* Thanks to Matt Bishop for this idea -AEM. */
X#define SIZEFIX 0
X#define INDIRECT(a,b) (a)[b]
X#else
X#define SIZEFIX 2 /* "n" where 2^n == sizeof(sbpb24) */
X#define INDIRECT(a,b) (*((sbpb24 *)(((unsigned char *) a) + (b))))
X#endif
X
X/*
X * These used to be rather slow and frequently used functions - AEM
X */
X
X#define TF_TO_SIXBIT(tf) \
X (sbpb24)((tf & 077L) | \
X ((tf & 07700L) << 2) | \
X ((tf & 0770000L) << 4) | \
X ((tf & 077000000L) << 6))
X
X#define SIXBIT_TO_TF(sb) \
X (ebpb24)((sb & 0x3fL) | \
X ((sb & 0x3f00L) >> 2) | \
X ((sb & 0x3f0000L) >> 4) | \
X ((sb & 0x3f000000L) >> 6))
X
X/*
X * Data segment gathered into one place, try to keep this stuff long aligned
X * - AEM
X */
X
Xstatic char iobuf[16];
Xstatic obpb1 crypt_block[72]; /* 72 is next multiple of 8 bytes after 66 */
Xstatic sbpb24 KS[32];
Xstatic sbpb24 S0H[64], S1H[64], S2H[64], S3H[64];
Xstatic sbpb24 S4H[64], S5H[64], S6H[64], S7H[64];
Xstatic sbpb24 S0L[64], S1L[64], S2L[64], S3L[64];
Xstatic sbpb24 S4L[64], S5L[64], S6L[64], S7L[64];
Xstatic sbpb24 out96[4];
X
X/*
X * Start of the real thing
X */
X
Xvoid
Xfsetkey ()
X{
X /*
X * This used to be utterly horrendous. It still is, but it's much, much,
X * smaller... (and quite a bit faster...) - AEM
X */
X static unsb KeyToKS[] =
X {
X 9, 50, 33, 59, 48, 16, 32, 56, 1, 8, 18, 41, 2, 34, 25, 24,
X 43, 57, 58, 0, 35, 26, 17, 40, 21, 27, 38, 53, 36, 3, 46, 29,
X 4, 52, 22, 28, 60, 20, 37, 62, 14, 19, 44, 13, 12, 61, 54, 30,
X 1, 42, 25, 51, 40, 8, 24, 48, 58, 0, 10, 33, 59, 26, 17, 16,
X 35, 49, 50, 57, 56, 18, 9, 32, 13, 19, 30, 45, 28, 62, 38, 21,
X 27, 44, 14, 20, 52, 12, 29, 54, 6, 11, 36, 5, 4, 53, 46, 22,
X 50, 26, 9, 35, 24, 57, 8, 32, 42, 49, 59, 17, 43, 10, 1, 0,
X 48, 33, 34, 41, 40, 2, 58, 16, 60, 3, 14, 29, 12, 46, 22, 5,
X 11, 28, 61, 4, 36, 27, 13, 38, 53, 62, 20, 52, 19, 37, 30, 6,
X 34, 10, 58, 48, 8, 41, 57, 16, 26, 33, 43, 1, 56, 59, 50, 49,
X 32, 17, 18, 25, 24, 51, 42, 0, 44, 54, 61, 13, 27, 30, 6, 52,
X 62, 12, 45, 19, 20, 11, 60, 22, 37, 46, 4, 36, 3, 21, 14, 53,
X 18, 59, 42, 32, 57, 25, 41, 0, 10, 17, 56, 50, 40, 43, 34, 33,
X 16, 1, 2, 9, 8, 35, 26, 49, 28, 38, 45, 60, 11, 14, 53, 36,
X 46, 27, 29, 3, 4, 62, 44, 6, 21, 30, 19, 20, 54, 5, 61, 37,
X 2, 43, 26, 16, 41, 9, 25, 49, 59, 1, 40, 34, 24, 56, 18, 17,
X 0, 50, 51, 58, 57, 48, 10, 33, 12, 22, 29, 44, 62, 61, 37, 20,
X 30, 11, 13, 54, 19, 46, 28, 53, 5, 14, 3, 4, 38, 52, 45, 21,
X 51, 56, 10, 0, 25, 58, 9, 33, 43, 50, 24, 18, 8, 40, 2, 1,
X 49, 34, 35, 42, 41, 32, 59, 17, 27, 6, 13, 28, 46, 45, 21, 4,
X 14, 62, 60, 38, 3, 30, 12, 37, 52, 61, 54, 19, 22, 36, 29, 5,
X 35, 40, 59, 49, 9, 42, 58, 17, 56, 34, 8, 2, 57, 24, 51, 50,
X 33, 18, 48, 26, 25, 16, 43, 1, 11, 53, 60, 12, 30, 29, 5, 19,
X 61, 46, 44, 22, 54, 14, 27, 21, 36, 45, 38, 3, 6, 20, 13, 52,
X 56, 32, 51, 41, 1, 34, 50, 9, 48, 26, 0, 59, 49, 16, 43, 42,
X 25, 10, 40, 18, 17, 8, 35, 58, 3, 45, 52, 4, 22, 21, 60, 11,
X 53, 38, 36, 14, 46, 6, 19, 13, 28, 37, 30, 62, 61, 12, 5, 44,
X 40, 16, 35, 25, 50, 18, 34, 58, 32, 10, 49, 43, 33, 0, 56, 26,
X 9, 59, 24, 2, 1, 57, 48, 42, 54, 29, 36, 19, 6, 5, 44, 62,
X 37, 22, 20, 61, 30, 53, 3, 60, 12, 21, 14, 46, 45, 27, 52, 28,
X 24, 0, 48, 9, 34, 2, 18, 42, 16, 59, 33, 56, 17, 49, 40, 10,
X 58, 43, 8, 51, 50, 41, 32, 26, 38, 13, 20, 3, 53, 52, 28, 46,
X 21, 6, 4, 45, 14, 37, 54, 44, 27, 5, 61, 30, 29, 11, 36, 12,
X 8, 49, 32, 58, 18, 51, 2, 26, 0, 43, 17, 40, 1, 33, 24, 59,
X 42, 56, 57, 35, 34, 25, 16, 10, 22, 60, 4, 54, 37, 36, 12, 30,
X 5, 53, 19, 29, 61, 21, 38, 28, 11, 52, 45, 14, 13, 62, 20, 27,
X 57, 33, 16, 42, 2, 35, 51, 10, 49, 56, 1, 24, 50, 17, 8, 43,
X 26, 40, 41, 48, 18, 9, 0, 59, 6, 44, 19, 38, 21, 20, 27, 14,
X 52, 37, 3, 13, 45, 5, 22, 12, 62, 36, 29, 61, 60, 46, 4, 11,
X 41, 17, 0, 26, 51, 48, 35, 59, 33, 40, 50, 8, 34, 1, 57, 56,
X 10, 24, 25, 32, 2, 58, 49, 43, 53, 28, 3, 22, 5, 4, 11, 61,
X 36, 21, 54, 60, 29, 52, 6, 27, 46, 20, 13, 45, 44, 30, 19, 62,
X 25, 1, 49, 10, 35, 32, 48, 43, 17, 24, 34, 57, 18, 50, 41, 40,
X 59, 8, 9, 16, 51, 42, 33, 56, 37, 12, 54, 6, 52, 19, 62, 45,
X 20, 5, 38, 44, 13, 36, 53, 11, 30, 4, 60, 29, 28, 14, 3, 46,
X 17, 58, 41, 2, 56, 24, 40, 35, 9, 16, 26, 49, 10, 42, 33, 32,
X 51, 0, 1, 8, 43, 34, 25, 48, 29, 4, 46, 61, 44, 11, 54, 37,
X 12, 60, 30, 36, 5, 28, 45, 3, 22, 27, 52, 21, 20, 6, 62, 38
X };
X
X reg int i;
X reg unsigned long r;
X reg unsb *k;
X
X k = KeyToKS;
X
X for (i = 0; i < 32; i++)
X {
X /* 16-bit tweaks suggested by cip...@fb6tcp.physik.uni-paderborn.de */
X /* inlining speedup tweak suggested by taho...@csd.harris.com */
X /* (strange addition compensates missing TF_TO_SIXBIT) */
X r = (unsigned long) crypt_block[*(k++)];
X r |= (unsigned long) crypt_block[*(k++)] << 1;
X r |= (unsigned long) crypt_block[*(k++)] << 2;
X r |= (unsigned long) crypt_block[*(k++)] << 3;
X r |= (unsigned long) crypt_block[*(k++)] << 4;
X r |= (unsigned long) crypt_block[*(k++)] << 5;
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 6);
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 7);
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 8);
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 9);
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 10);
X r |= (unsigned long) crypt_block[*(k++)] << (2 + 11);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 12);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 13);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 14);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 15);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 16);
X r |= (unsigned long) crypt_block[*(k++)] << (4 + 17);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 18);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 19);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 20);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 21);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 22);
X r |= (unsigned long) crypt_block[*(k++)] << (6 + 23);
X KS[i] = r;
X }
X}
X
Xvoid
XXForm (saltvalue)
X sbpb24 saltvalue;
X{
X#ifdef BIG_ENDIAN /* Icarus Sparry, Bath - mod AEM */
X#define STEP --
X#define START &sdata.c[7]
X#define Dl sdata.b[1]
X#define Dh sdata.b[0]
X#else
X#ifdef LITTLE_ENDIAN
X#define STEP ++
X#define START &sdata.c[0]
X#define Dl sdata.b[0]
X#define Dh sdata.b[1]
X#endif
X /* else error */
X#endif
X union SDATA sdata;
X reg sbpb24 Rl;
X reg sbpb24 Rh;
X reg sbpb24 Ll;
X reg sbpb24 Lh;
X reg sbpb6 *dp;
X int loop;
X int kloop;
X sbpb24 *kp;
X reg sbpb24 k;
X#ifdef FDES_8BYTE
X reg sbpb24 tmpi;
X#endif /* FDES_8BYTE */
X
X Ll = Lh = Rl = Rh = 0;
X
X for (loop = 25; loop--; /* nothing */ )
X {
X kp = KS;
X for (kloop = 8; kloop--; /* nothing */ )
X {
X k = (Rl ^ Rh) & saltvalue;
X#ifndef FDES_8BYTE
X Dl = (k ^ Rl ^ *kp++) << SIZEFIX;
X Dh = (k ^ Rh ^ *kp++) << SIZEFIX;
X#else
X /* hack to make things work better - matthew kaufman */
X /* I haven't tried any of this - I don't have a cray... AEM */
X tmpi = (k ^ Rl ^ *kp++);
X sdata.c[3] = (tmpi >> 24) & 0x00ff;
X sdata.c[2] = (tmpi >> 16) & 0x00ff;
X sdata.c[1] = (tmpi >> 8) & 0x00ff;
X sdata.c[0] = (tmpi) & 0x00ff;
X tmpi = (k ^ Rh ^ *kp++);
X sdata.c[7] = (tmpi >> 24) & 0x00ff;
X sdata.c[6] = (tmpi >> 16) & 0x00ff;
X sdata.c[5] = (tmpi >> 8) & 0x00ff;
X sdata.c[4] = (tmpi) & 0x00ff;
X#endif /* FDES_8BYTE */
X
X dp = START;
X Lh ^= INDIRECT (S0H, *dp);
X Ll ^= INDIRECT (S0L, *dp STEP);
X Lh ^= INDIRECT (S1H, *dp);
X Ll ^= INDIRECT (S1L, *dp STEP);
X Lh ^= INDIRECT (S2H, *dp);
X Ll ^= INDIRECT (S2L, *dp STEP);
X Lh ^= INDIRECT (S3H, *dp);
X Ll ^= INDIRECT (S3L, *dp STEP);
X Lh ^= INDIRECT (S4H, *dp);
X Ll ^= INDIRECT (S4L, *dp STEP);
X Lh ^= INDIRECT (S5H, *dp);
X Ll ^= INDIRECT (S5L, *dp STEP);
X Lh ^= INDIRECT (S6H, *dp);
X Ll ^= INDIRECT (S6L, *dp STEP);
X Lh ^= INDIRECT (S7H, *dp);
X Ll ^= INDIRECT (S7L, *dp STEP);
X
X k = (Ll ^ Lh) & saltvalue;
X#ifndef FDES_8BYTE
X Dl = (k ^ Ll ^ *kp++) << SIZEFIX;
X Dh = (k ^ Lh ^ *kp++) << SIZEFIX;
X#else
X tmpi = (k ^ Ll ^ *kp++);
X sdata.c[3] = (tmpi >> 24) & 0x00ff;
X sdata.c[2] = (tmpi >> 16) & 0x00ff;
X sdata.c[1] = (tmpi >> 8) & 0x00ff;
X sdata.c[0] = (tmpi) & 0x00ff;
X tmpi = (k ^ Lh ^ *kp++);
X sdata.c[7] = (tmpi >> 24) & 0x00ff;
X sdata.c[6] = (tmpi >> 16) & 0x00ff;
X sdata.c[5] = (tmpi >> 8) & 0x00ff;
X sdata.c[4] = (tmpi) & 0x00ff;
X#endif /* FDES_8BYTE */
X
X dp = START;
X Rh ^= INDIRECT (S0H, *dp);
X Rl ^= INDIRECT (S0L, *dp STEP);
X Rh ^= INDIRECT (S1H, *dp);
X Rl ^= INDIRECT (S1L, *dp STEP);
X Rh ^= INDIRECT (S2H, *dp);
X Rl ^= INDIRECT (S2L, *dp STEP);
X Rh ^= INDIRECT (S3H, *dp);
X Rl ^= INDIRECT (S3L, *dp STEP);
X Rh ^= INDIRECT (S4H, *dp);
X Rl ^= INDIRECT (S4L, *dp STEP);
X Rh ^= INDIRECT (S5H, *dp);
X Rl ^= INDIRECT (S5L, *dp STEP);
X Rh ^= INDIRECT (S6H, *dp);
X Rl ^= INDIRECT (S6L, *dp STEP);
X Rh ^= INDIRECT (S7H, *dp);
X Rl ^= INDIRECT (S7L, *dp STEP);
X }
X
X Ll ^= Rl;
X Lh ^= Rh;
X Rl ^= Ll;
X Rh ^= Lh;
X Ll ^= Rl;
X Lh ^= Rh;
X }
X
X /*
X * for reasons that I cannot explain, if I insert the contents of the
X * UnXForm function right HERE, making the tweaks as necessary to avoid
X * using out96[] to pass data, I LOSE 30% of my speed. I don't know why.
X * Hence, I continue to use out96[]...
X */
X {
X reg sbpb24 *qp;
X qp = out96;
X *qp++ = Ll;
X *qp++ = Lh;
X *qp++ = Rl;
X *qp++ = Rh;
X }
X}
X
Xvoid
XUnXForm ()
X{
X reg sbpb24 Rl;
X reg sbpb24 Rh;
X reg sbpb24 Ll;
X reg sbpb24 Lh;
X reg obpb1 *ptr;
X reg long int mask;
X register long int *lip;
X
X Ll = SIXBIT_TO_TF (out96[0]);
X Lh = SIXBIT_TO_TF (out96[1]);
X Rl = SIXBIT_TO_TF (out96[2]);
X Rh = SIXBIT_TO_TF (out96[3]);
X
X#ifdef BUILTIN_CLEAR
X lip = (long int *) crypt_block;
X for (mask = (sizeof (crypt_block) / sizeof (long int)); mask--; /* - */ )
X {
X *(lip++) = 0L;
X }
X#else /* BUILTIN_CLEAR */
X bzero (crypt_block, 66);
X#endif /* BUILTIN_CLEAR */
X
X ptr = crypt_block;
X mask = 0x000400L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x400000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000400L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x400000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000200L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x200000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000200L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x200000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000100L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x100000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000100L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x100000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000080L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x080000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000080L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x080000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000010L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x010000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000010L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x010000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000008L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x008000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000008L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x008000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000004L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x004000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000004L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x004000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000002L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x002000L;
X if (Rl & mask)
X *ptr = 0x01;
X ptr++;
X if (Ll & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x000002L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X mask = 0x002000L;
X if (Rh & mask)
X *ptr = 0x01;
X ptr++;
X if (Lh & mask)
X *ptr = 0x01;
X ptr++;
X}
X
Xchar *
Xfcrypt (pw, salt)
X char *pw;
X char *salt;
X{
X /* Table lookups for salts reduce fcrypt() overhead dramatically */
X static sbpb24 salt0[] =
X {
X 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
X 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
X 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
X 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 5, 6, 7, 8, 9, 10, 11, 12,
X 13, 14, 15, 16, 17,
X
X 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
X 32, 33, 34, 35, 36, 37, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41,
X 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
X 58, 59, 60, 61, 62, 63, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
X 12, 13, 14, 15, 16, 17,
X
X 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
X 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
X 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
X 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
X
X 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
X 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
X 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
X 0, 1, 2, 3, 4
X };
X static sbpb24 salt1[] =
X {
X 1152, 1216, 1280, 1344, 1408, 1472, 1536, 1600, 1664,
X 1728, 1792, 1856, 1920, 1984, 2048, 2112, 2176, 2240, 2304,
X 2368, 2432, 2496, 2560, 2624, 2688, 2752, 2816, 2880, 2944,
X 3008, 3072, 3136, 3200, 3264, 3328, 3392, 3456, 3520, 3584,
X 3648, 3712, 3776, 3840, 3904, 3968, 4032, 0, 64, 128, 192, 256,
X 320, 384, 448, 512, 576, 640, 704, 320, 384, 448, 512, 576, 640,
X 704, 768, 832, 896, 960, 1024, 1088,
X
X 1152, 1216, 1280, 1344, 1408, 1472, 1536, 1600, 1664,
X 1728, 1792, 1856, 1920, 1984, 2048, 2112, 2176, 2240, 2304,
X 2368, 2048, 2112, 2176, 2240, 2304, 2368, 2432, 2496, 2560,
X 2624, 2688, 2752, 2816, 2880, 2944, 3008, 3072, 3136, 3200,
X 3264, 3328, 3392, 3456, 3520, 3584, 3648, 3712, 3776, 3840,
X 3904, 3968, 4032, 0, 64, 128, 192, 256, 320, 384, 448, 512, 576,
X 640, 704, 768, 832, 896, 960, 1024, 1088,
X
X 1152, 1216, 1280, 1344, 1408, 1472, 1536, 1600, 1664,
X 1728, 1792, 1856, 1920, 1984, 2048, 2112, 2176, 2240, 2304,
X 2368, 2432, 2496, 2560, 2624, 2688, 2752, 2816, 2880, 2944,
X 3008, 3072, 3136, 3200, 3264, 3328, 3392, 3456, 3520, 3584,
X 3648, 3712, 3776, 3840, 3904, 3968, 4032, 0, 64, 128, 192, 256,
X 320, 384, 448, 512, 576, 640, 704, 768, 832, 896, 960, 1024,
X 1088,
X
X 1152, 1216, 1280, 1344, 1408, 1472, 1536, 1600, 1664,
X 1728, 1792, 1856, 1920, 1984, 2048, 2112, 2176, 2240, 2304,
X 2368, 2432, 2496, 2560, 2624, 2688, 2752, 2816, 2880, 2944,
X 3008, 3072, 3136, 3200, 3264, 3328, 3392, 3456, 3520, 3584,
X 3648, 3712, 3776, 3840, 3904, 3968, 4032, 0, 64, 128, 192, 256
X };
X
X /* final perutation desalting */
X static obpb1 final[] =
X {
X 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 65, 66,
X 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
X 83, 84, 85, 86, 87, 88, 89, 90, 97, 98, 99, 100, 101, 102, 103,
X 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116,
X 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129,
X 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142,
X 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155,
X 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168,
X 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181,
X 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194,
X 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207,
X 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220,
X 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233,
X 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246,
X 247, 248, 249, 250, 251, 252, 253, 254, 255,
X /* Truncate overflow bits at 256 */
X 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
X 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
X 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
X 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58
X };
X
X reg int i, j, k;
X reg long int *lip;
X sbpb24 saltvalue;
X
X#ifdef BUILTIN_CLEAR
X lip = (long int *) crypt_block;
X for (i = (sizeof (crypt_block) / sizeof (long int)); i--; /* - */ )
X {
X *(lip++) = 0L;
X }
X#else /* BUILTIN_CLEAR */
X bzero (crypt_block, 66);
X#endif /* BUILTIN_CLEAR */
X
X for (i = 0; (k = *pw) && i < 64; pw++)
X {
X crypt_block[i++] = (k >> 6) & 01;
X crypt_block[i++] = (k >> 5) & 01;
X crypt_block[i++] = (k >> 4) & 01;
X crypt_block[i++] = (k >> 3) & 01;
X crypt_block[i++] = (k >> 2) & 01;
X crypt_block[i++] = (k >> 1) & 01;
X crypt_block[i++] = (k >> 0) & 01;
X i++; /* have to skip one here (parity bit) */
X }
X
X fsetkey ( /* crypt_block */ );
X
X#ifdef BUILTIN_CLEAR
X lip = (long int *) crypt_block;
X for (i = (sizeof (crypt_block) / sizeof (long int)); i--; /* - */ )
X {
X *(lip++) = 0L;
X }
X#else /* BUILTIN_CLEAR */
X bzero (crypt_block, 66);
X#endif /* BUILTIN_CLEAR */
X
X iobuf[0] = salt[0];
X iobuf[1] = salt[1];
X
X saltvalue = salt0[iobuf[0]] | salt1[iobuf[1]];
X saltvalue = TF_TO_SIXBIT (saltvalue);
X
X XForm (saltvalue);
X UnXForm ();
X
X for (i = 0; i < 11; i++)
X {
X k = 0;
X
X for (j = 0; j < 6; j++)
X {
X k = (k << 1) | crypt_block[SIX_TIMES (i) + j];
X }
X iobuf[i + 2] = final[k];
X }
X
X iobuf[i + 2] = 0;
X
X if (iobuf[1] == 0)
X {
X iobuf[1] = iobuf[0];
X }
X return (iobuf);
X}
X/********* INITIALISATION ROUTINES *********/
X
Xfbpb4
XlookupS (tableno, t6bits)
X unsl tableno;
X sbpb6R t6bits;
X{
X static fbpb4R S[8][64] =
X {
X 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
X 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
X 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
X 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
X
X 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
X 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
X 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
X 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
X
X 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
X 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
X 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
X 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
X
X 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
X 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
X 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
X 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
X
X 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
X 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
X 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
X 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
X
X 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
X 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
X 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
X 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
X
X 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
X 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
X 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
X 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
X
X 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
X 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
X 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
X 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11,
X };
X sbpb6 fixed6bits;
X fbpb4R r;
X fbpb4 fixedr;
X
X fixed6bits = (((t6bits >> 0) & 01) << 5) +
X (((t6bits >> 1) & 01) << 3) +
X (((t6bits >> 2) & 01) << 2) +
X (((t6bits >> 3) & 01) << 1) +
X (((t6bits >> 4) & 01) << 0) +
X (((t6bits >> 5) & 01) << 4);
X
X r = S[tableno][fixed6bits];
X
X fixedr = (((r >> 3) & 01) << 0) +
X (((r >> 2) & 01) << 1) +
X (((r >> 1) & 01) << 2) +
X (((r >> 0) & 01) << 3);
X
X return (fixedr);
X}
X
Xvoid
Xinit (tableno, lowptr, highptr)
X unsl tableno;
X sbpb24 *lowptr, *highptr;
X{
X
X static unsb P[] =
X {
X 15, 6, 19, 20,
X 28, 11, 27, 16,
X 0, 14, 22, 25,
X 4, 17, 30, 9,
X 1, 7, 23, 13,
X 31, 26, 2, 8,
X 18, 12, 29, 5,
X 21, 10, 3, 24,
X };
X
X static unsb E[] =
X {
X 31, 0, 1, 2, 3, 4,
X 3, 4, 5, 6, 7, 8,
X 7, 8, 9, 10, 11, 12,
X 11, 12, 13, 14, 15, 16,
X 15, 16, 17, 18, 19, 20,
X 19, 20, 21, 22, 23, 24,
X 23, 24, 25, 26, 27, 28,
X 27, 28, 29, 30, 31, 0,
X };
X
X static obpb1 tmp32[32];
X static obpb1 tmpP32[32];
X static obpb1 tmpE[48];
X
X int j, k, i;
X int tablenoX4;
X reg sbpb24 spare24;
X
X tablenoX4 = tableno * 4;
X
X for (j = 0; j < 64; j++)
X {
X k = lookupS (tableno, j);
X
X for (i = 0; i < 32; i++)
X {
X tmp32[i] = 0;
X }
X
X for (i = 0; i < 4; i++)
X {
X tmp32[tablenoX4 + i] = (k >> i) & 01;
X }
X
X for (i = 0; i < 32; i++)
X {
X tmpP32[i] = tmp32[P[i]];
X }
X
X for (i = 0; i < 48; i++)
X {
X tmpE[i] = tmpP32[E[i]];
X }
X
X lowptr[j] = 0L;
X highptr[j] = 0L;
X
X for (i = 0; i < 24; i++)
X {
X lowptr[j] |= (unsigned long) tmpE[i] << i;
X }
X
X for (k = 0, i = 24; i < 48; i++, k++)
X {
X highptr[j] |= (unsigned long) tmpE[i] << k;
X }
X
X spare24 = lowptr[j]; /* to allow for macro expansion */
X lowptr[j] = TF_TO_SIXBIT (spare24);
X
X spare24 = highptr[j]; /* to allow for macro expansion */
X highptr[j] = TF_TO_SIXBIT (spare24);
X }
X}
X
X
Xint
Xinit_des ()
X{
X init (0L, S0L, S0H);
X init (1L, S1L, S1H);
X init (2L, S2L, S2H);
X init (3L, S3L, S3H);
X init (4L, S4L, S4H);
X init (5L, S5L, S5H);
X init (6L, S6L, S6H);
X init (7L, S7L, S7H);
X return (0);
X}
END_OF_FILE
if test 24546 -ne `wc -c <'Sources/crack-fcrypt.c'`; then
echo shar: \"'Sources/crack-fcrypt.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-fcrypt.c'
fi
echo shar: End of archive 4 \(of 5\).
cp /dev/null ark4isdone