Crack v3.2a - a Sensible password cracker. Part01/04
Alec David Muffett
Documentation provided is in the "README" file, which I've handhacked
down to a unutterably boring text file. The "README.ms" file in "Docs"
generates a far prettier output using "nroff -ms", and "Docs/README.ps"
is even prettier still. I suggest that you start br reading one of
these files.
Crack+fcrypt() works on Ultrix and SunOS, and probably on a lot of other
things too. AIX has problems with creating a crypt compatible fcrypt().
For a list of the current problems, see the BUGS file. At worst, just
run with the version of 'crypt()' which comes with your system.
To install: Just create a directory to keep it all in, move the shar
files into the directory, and run them.
The most patently obvious difference from the last release is that I
have provided two versions of the driver script "Crack" - one in 'csh'
and one in 'sh'. If the 'sh' one works out okay, I'll eventually trash
the 'csh' version.
If you have problems, let me know, so long as they're not too personal.
- Alec 8-)
--
INET: a...@aber.ac.uk JANET: a...@uk.ac.aber BITNET: aem%aber@ukacrl
UUCP: ...!mcsun!ukc!aber!aem ARPA: aem%uk.ac...@nsfnet-relay.ac.uk
SNAIL: Alec Muffett, Computer Unit, Llandinam UCW, Aberystwyth, UK, SY23 3DB
-------- 8< snip, snip 8< --------
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of archive 1 (of 4)."
# Contents: BUGS Crack.sh DictSrc Dicts Docs MANIFEST README
# README.FIRST Scripts Scripts/Crack.network Scripts/RCrack
# Scripts/clean Scripts/crack.mf Scripts/install.mf
# Scripts/joinfiles Scripts/makedicts Scripts/network.conf
# Scripts/network.conf.example Scripts/plaster Scripts/spotless
# Sources Sources/Makefile Sources/conf.h Sources/crack-lib.c
# Sources/crack-port.c Sources/crack.h Sources/speeds.c
# Sources/tester.c
# Wrapped by aem@aberda on Fri Aug 23 09:57:50 1991
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'BUGS' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'BUGS'\"
else
echo shar: Extracting \"'BUGS'\" \(1410 characters\)
sed "s/^X//" >'BUGS' <<'END_OF_FILE'
XKnown bugs as of Aug 23, 1991.
X
X* One version of Crack 3.2 has gotten away from me with the
X DEVELOPMENT_VERSION symbol #defined. This is OK if you are on a
X DEC Risc-Ultrix box, but probably not otherwise. Doublecheck this.
X If you are reading this message, you should be OK.
X
X* GCC : Doesn't seem to want to compile fcrypt() so that it is
X compatible with crypt(). Use your stock CC. If this doesn't work,
X "#undef CRYPT" in "Sources/conf.h" and run without fcrypt().
X
X If you can follow the fcrypt() code, let me know what GCC doesn't
X like. Otherwise, just tell me about it.
X
X* AIX : Doesn't like the -O2 flag, which is survivable on most versions
X of Unix. It's just a switch to turn on optimisation and so may be
X safely removed.
X
X* AIX : Didn't like putting static data items > 256 in a u_char. I have
X fixed the array in question (I think).
X
X* AIX : After all this, fcrypt() apparently does not come out of the AIX
X CC compiler compatible with crypt(). If you really have no idea why
X it does not work, "#undef FCRYPT" in "Sources/conf.h" and proceed as
X normal.
X
X* AWK : Someone at Nottingham complained that "RCrack" fell over when he
X ran it, because he was using version 2 of "awk". I'm not sure whether
X he meant "nawk" by this, but he said that it was fixed by editing
X "RCrack" and invoking "/bin/awk" literally. This MAY also affect
X "joinfiles" and "Crack.network".
END_OF_FILE
if test 1410 -ne `wc -c <'BUGS'`; then
echo shar: \"'BUGS'\" unpacked with wrong size!
fi
# end of 'BUGS'
fi
if test -f 'Crack.sh' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Crack.sh'\"
else
echo shar: Extracting \"'Crack.sh'\" \(3359 characters\)
sed "s/^X//" >'Crack.sh' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
X###
X# For Bourne shell version, CRACK home cannot be relative to ~username
X# (unless you have a really weird 'sh')
X###
X
XCRACK_HOME="/aber/aem/SEC/CRACK32" # This is an ENVIRONMENT var.
Xexport CRACK_HOME
X
Xtrash="/dev/null"
Xremote="FALSE"
Xdefault_bin="generic"
Xtmpfile="/tmp/cpwfs.$$"
Xnet_cf="Scripts/network.conf"
X
X###
X# Check existance of a home directory
X###
X
Xif [ -d $CRACK_HOME ]
Xthen
X cd $CRACK_HOME || exit 1
Xelse
X echo "Error: The directory $CRACK_HOME does not exist."
X echo ""
X echo "Please set the value of CRACK_HOME in the Crack script to the CRACK31"
X echo "installation directory."
X echo ""
X echo "The current working directory is" `pwd`
X exit 1
Xfi
X
X###
X# Announce ourselves.
X###
X
Xecho "Crack 3.2a Password Cracker by ADE Muffett, 1991"
X
X###
X# Check that we have arguments
X###
X
Xif [ "$1" = "" ]
Xthen
X echo "Usage: $0 [options] [bindir] passwdfile [...]"
X echo "Or: $0 -network [options] passwdfile [...]"
X echo "With options:-"
X echo " -v - to produce verbose output (if configured)"
X echo " -nnicevalue - to run niced"
X echo " -rpointfile - to recover a crashed-out job"
X echo " -Rpointfile - to recover (with verify) a crashed-out job"
X exit 1
Xfi
X
X###
X# Parse command line
X###
X
Xargl=""
X
Xwhile :
Xdo
X case $1 in
X -network)
X if [ ! -f $net_cf ]
X then
X echo "$0: error: no file $net_cf"
X exit 1
X fi
X shift
X Scripts/Crack.network $*
X exit 0
X ;;
X
X -remote)
X echo "Invoked: $0 $*"
X set remote="TRUE"
X shift
X ;;
X -v*|-n*|-r*|-R*)
X argl="$argl $1"
X shift
X ;;
X -*)
X echo "Crack: unknown argument $1"
X shift
X ;;
X *)
X break
X ;;
X esac
Xdone
X
X###
X# Test first non-switch argument for existance
X###
X
Xif [ -f "$1" ]
Xthen
X CRACK_ARCH="$CRACK_HOME/$default_bin"
X if [ ! -d $default_bin ]
X then
X echo "Making default binary directory: $default_bin"
X mkdir $default_bin || exit 1
X fi
Xelif [ -d "$1" ]
Xthen
X CRACK_ARCH="$CRACK_HOME/$1"
X shift
Xelse
X echo "Crack: error: There is no directory or file $1."
X echo "Crack: warning: Creating directory $1"
X mkdir $1 || exit 1
X CRACK_ARCH="$CRACK_HOME/$1"
X shift
Xfi
X
Xexport CRACK_ARCH # This is an ENVIRONMENT var.
X
X###
X# Double check the dictionary directory
X###
X
Xif [ ! -d $CRACK_HOME/Dicts ]
Xthen
X echo "Crack: error: There is no directory or file Dicts."
X echo "Crack: warning: Creating directory Dicts"
X mkdir Dicts || exit 1
Xfi
X
X###
X# Now to tidy up a bit
X###
X
Xmake -f Scripts/crack.mf cleanprogs >/dev/null 2>&1
X
Xecho "Using binaries in directory: $CRACK_ARCH"
X
Xcd $CRACK_ARCH || exit 1
X
X###
X# Install makefiles if necessary.
X###
X
Xif [ ! -f Makefile ]
Xthen
X cp $CRACK_HOME/Scripts/install.mf Makefile
Xfi
X
Xmake crack-pwc || exit 1
X
Xcd $CRACK_HOME
X
Xmake -f Scripts/crack.mf dictstamp || exit 1
X
X###
X# Check how we have been invoked : ergo how we get our data.
X###
X
Xif [ "$remote" = "TRUE" ]
Xthen
X cat > $tmpfile
Xelse
X Scripts/joinfiles $* > $tmpfile || exit 1
Xfi
X
Xecho "Backgrounding program. Output will be written to a file in this directory."
X
Xnohup $CRACK_ARCH/crack-pwc $argl -i$tmpfile Dicts/dict.* </dev/null >$trash 2>&1 &
X
Xsleep 1
X
Xtest -f nohup.out && rm nohup.out
X
X###
X# There are horrible timeraces involved in removing $tmpfile, so I dont.
X###
END_OF_FILE
if test 3359 -ne `wc -c <'Crack.sh'`; then
echo shar: \"'Crack.sh'\" unpacked with wrong size!
fi
chmod +x 'Crack.sh'
# end of 'Crack.sh'
fi
if test ! -d 'DictSrc' ; then
echo shar: Creating directory \"'DictSrc'\"
mkdir 'DictSrc'
fi
if test ! -d 'Dicts' ; then
echo shar: Creating directory \"'Dicts'\"
mkdir 'Dicts'
fi
if test ! -d 'Docs' ; then
echo shar: Creating directory \"'Docs'\"
mkdir 'Docs'
fi
if test -f 'MANIFEST' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'MANIFEST'\"
else
echo shar: Extracting \"'MANIFEST'\" \(2300 characters\)
sed "s/^X//" >'MANIFEST' <<'END_OF_FILE'
X File Name Archive # Description
X-----------------------------------------------------------
X APPENDIX 2 Reasoning for Cracks methods
X BUGS 1 List of known problems
X Crack 2 The "Crack" driver script in csh
X Crack.sh 1 The "Crack" driver script in sh
X DictSrc 1 Directory of source dictionaries
X DictSrc/bad_pws.dat 2 A sample source dictionary
X Dicts 1 Holding store for processed dicts
X Docs 1 Documentation directory
X Docs/README.ms 3 Source code for laconic documentation
X Docs/README.ps 4 Prettified laconic documentation
X MANIFEST 1 This shipping list
X README 1 Laconic documentation
X README.FIRST 1 Introductory Laconic documentation
X Scripts 1 Shellscripts & config files directory
X Scripts/Crack.network 1 The network driver configuration interface
X Scripts/RCrack 1 Frontend to the network program (eg: rsh)
X Scripts/clean 1 Diddy little tidy up script
X Scripts/crack.mf 1 Miscellaneous Makefile called from everywhere
X Scripts/install.mf 1 Another Makefile called from everywhere
X Scripts/joinfiles 1 Formatter for passwd files
X Scripts/makedicts 1 Frontend to dictionary preprocessor
X Scripts/network.conf 1 Empty config file
X Scripts/network.conf.example 1 Example of network configuration file
X Scripts/plaster 1 Diddy little kill script
X Scripts/spotless 1 Diddy little tidy up script
X Sources 1 Cracker source code directory
X Sources/Makefile 1 With a name like that, what do you reckon ?
X Sources/conf.h 1 CONFIGURATION HEADER FILE
X Sources/crack-fcrypt.c 3 fcrypt() [Shock, horror]
X Sources/crack-lib.c 1 Diddy little string manipulation fn()s
X Sources/crack-port.c 1 Portability hooks src
X Sources/crack-pp.c 2 Preprocessor src
X Sources/crack-pwc.c 2 Password cracker src
X Sources/crack.h 1 General header file
X Sources/goodpass.c 2 Example of a sensible password filter
X Sources/speeds.c 1 Test s/w
X Sources/tester.c 1 Test s/w
END_OF_FILE
if test 2300 -ne `wc -c <'MANIFEST'`; then
echo shar: \"'MANIFEST'\" unpacked with wrong size!
fi
# end of 'MANIFEST'
fi
if test -f 'README' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'README'\"
else
echo shar: Extracting \"'README'\" \(21446 characters\)
sed "s/^X//" >'README' <<'END_OF_FILE'
X
X
X
X
X
X
X
X
X
X "Crack Version 3.2"
X A Sensible Password Checker for UNIX-
X
X
X Alec D.E. Muffett
X
X Computer Unit, University College of Wales
X Aberystwyth, Wales, SY23 3DB
X a...@aber.ac.uk
X +44 970 622492
X
X
X ABSTRACT
X
X Crack[1] is a freely available program
X designed to find standard UNIX eight-character DES
X encrypted passwords by standard guessing tech-
X niques outlined below. It is written to be flexi-
X ble, configurable and fast, and to be able to make
X use of several networked hosts via the Berkeley
X rsh program (or similar), where possible.
X
X
X
X1. Intent of this program
X
XMy intentions, whilst writing this program, were
X
X1) To provide the average system manager with a simple,
X flexible and fast tool to find passwords which would be
X easily compromised by a dictionary search.
X
X2) To weaken the complacency which has developed amongst
X many (in)?experienced UNIX systems managers about pass-
X word security. Just because the crypt() function cannot
X be reversed does not mean that your passwords are
X secure. If this program helps to raise the overall
X quotient of paranoia just one little bit, then it will
X have served its purpose and is all to the good.
X
XI am quite certain that some childish morons out there will
Xabuse the work that I have put into creating this program.
XIt's up to them how they use it, but if it's used for some
Xillegal purpose it's not my intention, nor my fault. I hope
X_________________________
X [0]
X- UNIX is a trademark of Bell Laboratories.
X [1] Crack is available for anonymous FTP from
Xwuarchive.wustl.edu (128.252.135.4) in ~/packages
X
X
X
X
X August 21, 1991
X
X
X
X
X
X - 2 -
X
X
Xthey get caught.
X
XCrack was not designed to do anything nasty, other than to
Xattack passwords in sensible order. This is why I feel I
Xcan post it to the net without fear of recrimination. This
Xversion of Crack is supplied with a (hopefully) portable
Xversion of fcrypt(), for speed reasons. Fcrypt() is not yet
Xwidely available, but several versions have now been posted
Xto USENET, and with the growing ability to access anonymous
XFTP databases like Archie, I believe that people who really
Xwant access to such programs as fcrypt() will be able to get
Xthem easily. People who need them but don't have the time
Xto look, on the other hand, will not get them. This is not
Xa good thing if you are a systems manager, because it gives
Xthe crackers an advantage. My philosophy is: give it to
Xeveryone, then at least the people who need it can get it.
X
X2. Fcrypt() Statistics
X
XThe version of fcrypt() that comes with Crack is some 3.4
Xtimes faster than the version that was originally supplied
Xto me, and should outperform most others which are publicly
Xavailable. I haven't tried many speed-demon style tricks,
Xbut rather I have gone for portability, elegance and simpli-
Xcity, where applicable 8-). On a DECStation 5000/200,
Xfcrypt() iterates ~550 times per second, and overall, I
Xmeasure this to be 13 times faster than standard crypt().
XThere are faster versions available, but at least I feel
Xfree to redistrubute this version without stepping on any-
Xones toes.
X
XA final note about my motives: If you think that I am a
Xmoron for writing and then distributing this program, and
Xyou think that the program is in itself dangerous, I suggest
Xthat you carefully consider the fact that any moron could
Xhave written this program. Flames to /dev/null, please.
X
X3. Implementation
X
XI have tried to make Crack as portable as possible without
Xcompromising speed. Needless to say, it is imperfect in the
Xthis respect, but I have tried. If you have problems get-
Xting Crack up, please let me know what these problems were,
Xand what system you were trying to put Crack up on. I
Xbelieve that Crack will work on Xenix and various versions
Xof System V, but it may require a little effort if your UNIX
Xis not fairly modern.
X
XThere have been some nasty stories sent back to me about
Xproblems encountered due to the Crack script being written
Xin c-shell. Because of this, I enclose a program Crack.sh
Xwhich is a functionally equivalent script in Bourne shell,
Xusing nohup to kick the cracker off into the background. If
Xyour version of c-shell is non standard (ie: not BSDish) or
X
X
X
X August 21, 1991
X
X
X
X
X
X - 3 -
X
X
Xyou are worried, you may use Crack.sh in Crack's place.
XNote, though, that if you want to use the network options,
Xyou will also have to edit Scripts/RCrack to change the
Xprogram-name that is called on remote machines to Crack.sh.
XFor more on this, see below.
X
XTo use the Crack -network option, you must have rsh, or a
Xsimilar program. rsh is a BSD-ism which has become fairly
Xcommon on non-BSD systems. If you don't have it or some-
Xthing similar, let me know what you do have which might,
Xwith a little ingenuity, do the job, and I shall see what I
Xcan do. Again, have a look in Scripts/RCrack if you want to
Xplay around.
X
X Note: Xenix users and some others have a rcmd pro-
X gram instead of rsh. I'm not sure of the correct
X syntax for this program, but it should not be hard
X to get it to work. There is a note about it in
X Scripts/RCrack
X
X On such System V based systems, users may also be
X missing the BSD function gethostname(). If this
X is so, but you do have the uname() system call,
X define the macro CRACK_UNAME in Sources/conf.h
X instead. This ought to fix the problem, but it may
X need a little user intervention first (it depends
X where your header file for uname() is). Caveat
X Emptor!
X
X4. Method of Password Cracking
X
XCrack does not take the serial approach to password guessing
Xthat other programs like the COPS password cracker does.
XRather, Crack makes two passes over the users' password
Xentries.
X
XThe first pass bases its guesses on the contents of the
Xgecos field (containing the users' real name), and the user-
Xname itself. The first pass is fast and usually very fruit-
Xful, and completes quite quickly. You would be surprised at
Xthe number of spods out there who still think that their
Xmiddle name, backwards and capitalised, is a good password.
X
XThe second pass is made by encrypting several pre-processed
Xdictionaries on the fly, and comparing the results with
Xusers passwords. Crack optimises the number of calls to the
Xencryption function by sorting the user passwords by their
Xencryption salt before loading, so that the dictionaries
Xonly have to be encrypted once for each different salt.
XThis generally saves about 30% of the calls you would have
Xto make to crypt().
X
XThe preprocessed dictionaries are created my merging the
Xsource dictionaries found in the directory DictSrc and then
X
X
X
X August 21, 1991
X
X
X
X
X
X - 4 -
X
X
Xtruncating, sorting and uniq'ing the output from the prepro-
Xcessor. The default dictionaries named are /usr/dict/words
Xwhich provides the bulk of the input data, and
XDictSrc/bad_pws.dat which is meant to provide all of those
Xnon-dictionary passwords, such as 12345678 or qwerty.[2]
X
XIf you wish to add a dictionary of your own, just copy it
Xinto the DictSrc directory and then delete the contents of
Xthe Dicts directory. Your new dictionary will be merged in
Xon the next run. Do not worry about replication of data, as
Xthe preprocessor driver script sorts and uniq's the data
Xbefore putting it into the Dicts directory.
X
XThe formats of the output dictionaries are:
X
Xa) Unique words that have been forced lowercase, forwards.
X These are the most common passwords you will find, thus
X they are tried first.
X
Xb) Dictionary words which have been artificially plural-
X ised, because not many dictionaries contain plurals.
X
Xc) Dictionary words which were supplied in mixed-case (eg:
X Capitalised).
X
Xd) Dictionary words forced lowercase and backwards.
X
Xe) Dictionary words, forced lowercase, with a leading or
X trailing 0 or 1 (this may be extended by hacking
X Sources/crack-pp.c).
X
Xf) Dictionary words, forced uppercase, forwards.
X
Xg) Dictionary words, forced uppercase, backwards.
X
Xh) Dictionary words which were supplied in mixed-case,
X backwards (eg: desilatipaC).
X
X
XThis choice of attack is entirely empirical, my own, and
Xmade up on the spot. It has also been horrendously success-
Xful, and because Crack uses each of these dictionaries in
Xturn, it tends to get passwords faster than a program like
Xthe COPS password cracker which tries words every-which-way
Xfor each user.[3]
X_________________________
X [2] Extra dictionaries (those used in Dan Klein's pa-
Xper, below) can be obtained via anonymous FTP from
Xuunet.uu.net (192.48.96.2) as ~/pub/dictionaries.tar.Z
X [3] For more information, see "Foiling the Cracker: A
XSurvey of, and Improvements to, Password Security" by
XDaniel Klein, available from major FTP sites.
X
X
X
X
X August 21, 1991
X
X
X
X
X
X - 5 -
X
X
X Optimisation Note: Crack has an compile-time
X option, called CRACK_SHORT_PASSWDS, which, if not
X defined, makes the dictionary preprocessor throw
X away words which are less than 5 characters long.
X The reasoning for this is that many sites, with a
X semi-sensible passwd program, will not have pass-
X words shorter than 5 characters long.
X
X It is up to you whether you bother testing these
X short passwords, but I would recommend that you do
X so at least once, to be safe. (Setting the option
X also leads to having smaller pre-processed dic-
X tionaries. The option, however, is defined by
X default)
X
X5. Installation
X
XCrack is one of those most unusual of beasties, a self-
Xinstalling program. Once the necessary configuration
Xoptions have been set, the executables are created via
X'make' by running the main shellscript.
X
XSome people have complained about this apparent weirdness,
Xbut it has grown up with Crack ever since the earliest net-
Xwork version, when I could not be bothered to log into
Xseveral different machines with several different architec-
Xtures, just in order to build the binaries.
X
XCrack needs to know where it has been installed. Please
Xedit the CRACK_HOME variable in the Crack shellscript to the
Xcorrect value. This variable should be set to an absolute
Xpath name (relative to ~user is OK) through which the direc-
Xtory containing Crack may be accessed on all the machines
Xthat Crack will be run on.
X
XThe other bit of installation you will have to do is decide
Xwhether you will want to use the -network option. If you do,
Xedit the file Sources/conf.h and define the CRACK_NETWORK
Xsymbol. This forces Crack to create all of its output files
Xwith an embedded hostname (obtained by the gethostname()
Xroutine) so that you can keep track of output from all over
Xthe network. If you have no gethostname() but have a
Xuname() system call, you can use that instead, by defining
XCRACK_UNAME in Sources/conf.h.
X
XYou will then have to generate a Scripts/network.conf file.
XThis contains a list of hostnames to rsh to, what their
Xbinary type is (useful when running a network Crack on
Xseveral different architectures), a guesstimate of their
Xrelative power (take your slowest machine as unary, and
Xmeasure all others relative to it), and a list of per-host
Xdefault flags. There is an example of such a file provided
Xin the Scripts directory - take a look at it.
X
X
X
X
X August 21, 1991
X
X
X
X
X
X - 6 -
X
X
XI also recommend that you play around with the #defines in
Xthe file Sources/conf.h. Each switch has a small note
Xexplaining its meaning. Where I've been in doubt about the
Xportability of certain library functions, usually I've re-
Xwritten it, so it shouldn't be much of a problem. Let me
Xknow of your problems. 8-).
X
X6. Crack Usage
X
X
XCrack [options] [bindir] /etc/passwd [...other passwd files]
X
XCrack -network [options] /etc/passwd [...other passwd files]
X
X
XWhere bindir is the optional name of the directory where you
Xwant the binaries installed. This is useful where you want
Xto be able to run versions of Crack on several different
Xarchitectures. If bindir does not exist, a warning will be
Xissued, and the directory, created.
X
X Note: bindir defaults to the name generic if not
X supplied.
X
X Yellow Pages (NIS) Users: I have had some queries
X about how to get Crack running from a YP password
X file. There are several methods, but by far the
X simplest is to generate a passwd format file by
X running:-
X
X ypcat passwd > passwd.yp
X
X and then running Crack on this file.
X
X7. Options
X
X-network
X Throws Crack into network mode, in which it reads the
X Scripts/network.conf file, splits its input into chunks
X which are sized according to the power of the target
X machine, and calls rsh to run Crack on that machine.
X Options for Crack running on the target machine may be
X supplied on the command line (eg: verbose or recover
X mode), or in the network.conf file if they pertain to
X specific hosts (eg: nice() values).
X
X-v Sets verbose mode, whereby Crack will print every guess
X it is trying on a per-user basis. This is a very quick
X way of flooding your filestore. If you undefine the
X CRACK_VERBOSE symbol in Sources/conf.h, verbose mode
X will be permanently disabled.
X
X-nvalue
X Sets the process to be nice()ed to value, so that the
X
X
X
X August 21, 1991
X
X
X
X
X
X - 7 -
X
X
X switch -n19 sets the Crack process to run at the lowest
X priority.
X
X-rpointfile
X This is only for use when running in recover mode.
X When a running Crack starts pass 2, it periodically
X saves its state in a file named point.<pid> or
X point.<hostname>.<pid> depending on your naming conven-
X tion (see "Installation", above). This file can be
X used to recover where you were should a host crash.
X Simply invoke Crack in exactly the same manner as the
X last time, with the addition of the -rpoint.file.name
X switch. Crack will startup and read the file, and jump
X to slightly before where it left off. If you are
X cracking a very large password file, this can save
X oodles of time after a crash.
X
X If you are running a network Crack, then the jobs
X will again be spawned onto all the machines of the
X original Crack. The program will then check that
X the host it is running on is the same as is men-
X tioned in the pointfile. If it is not, it will
X silently die. Thus, assuming that you supply the
X same input data and do not change your
X network.conf file, Crack should pick up exactly
X where it left off. This is a bit inelegant, but
X it's better than nothing at the moment.
X
X8. Multiprocessing and parallelism
X
XThe method of error recovery outlined above causes headaches
Xfor users who want to do multiprocessing on parallel archi-
Xtectures. Crack is in no way parallel, and because of the
Xway it's structured, readind stdin from shellscript fron-
Xtends, it is a pain to divide the work amongst several
Xprocesses via fork()ing.
X
XThe hack solution to get several copies of Crack running on
Xone machine with n processors at the moment is to run with
Xthe CRACK_NETWORK option enabled, and insert n copies of the
Xentry for your parallel machine into the
XScripts/network.conf file. If you use the -r option in these
Xcircumstances however, you will get n copies of the
Xrecovered process running, only one of them will have the
Xcorrect input data. I'm working on this. My current solu-
Xtion is to save the current username in the checkpoint file,
Xand test it on startup, but doing this may break your
Xrecovery if you supply different input data (so that the
Xdata is sorted even slightly differently). Hohum. If you
Xwant to use this verify username facility, use -R in place
Xof -r.
X
XAs for not using the network.conf file to provide multipro-
Xcessing, I'm working on it.
X
X
X
X August 21, 1991
X
X
X
X
X
X - 8 -
X
X
X9. Notes on fast crypt() implementations
X
XThe stdlib version of the crypt() subroutine is incredibly
Xslow. It is a massive bottleneck to the execution of Crack
Xand on typical platforms that you get at universities, it is
Xrare to find a machine which will achieve more than 50 stan-
Xdard crypt()s per second. On low-end diskless workstations,
Xyou may expect 2 or 3 per second. It was this slowness of
Xthe crypt() algorithm which originally supplied much of the
Xsecurity UNIX needed.[4]
X
XHowever, there are now many implementations of faster ver-
Xsions of crypt() to be found on the network. The one sup-
Xplied with Crack v3.2 and upwards is called fcrypt().
X
Xfcrypt() was originally written in May 1986 by Robert
XBaldwin at MIT, and is a good version of the crypt() subrou-
Xtine. I received a copy from Icarus Sparry at Bath Univer-
Xsity, who had made a couple of portability enhancements to
Xthe code.
X
XI rewrote most of the tables and the KeySchedule generating
Xalgorithm in the original fdes-init.c to knock 40% off the
Xexecution overhead of fcrypt() in the form that it was
Xshipped to me. I inlined a bunch of stuff, put it into a
Xsingle file, got some advice from Matt Bishop and Bob
XBaldwin [both of whom I am greatly indebted to] about what
Xto do to the xform() routine and to the fcrypt function
Xitself, and tidied up some algorithms. I've also added more
Xlookup tables and reduced several formula for faster use.
Xfcrypt() is now barely recognisable as being based on its
Xformer incarnation.
X
XOn a DecStation 5000/200, it is also ~13 times faster than
Xthe standard crypt (your mileage may vary with other archi-
Xtectures and compilers). This speed puts fcrypt() into the
X"moderately fast" league of crypt implementations. By using
Xfcrypt() with Crack, I extracted 135 passwords from my stan-
Xdard 1087 user password file in a little over 1 hour using 3
Xnetworked machines. This is from a moderately good password
Xfile.
X
XWhy am I saying this sort of thing ? Am I scaremongering ?
XIn a word, yes.
X
XIf a fast version of crypt() is wired into a program like
XCrack it can break a poorly passworded site open in minutes.
XThere are such programs available, eg: the "Killer Cracker"
Xwritten by the anonymous "Doctor Dissector", with anonymous
Xmotives. It comes with a modified version of Baldwin's
X_________________________
X [4] See: "Password Security, A Case History" by Bob
XMorris & Ken Thomson, in the UNIX Programmer Docs.
X
X
X
X August 21, 1991
X
X
X
X
X
X - 9 -
X
X
Xfcrypt, as a MS-DOS executable with a GNU copyleft licence.
X
XThe point that needs to be hammered home is that unless
Xsomething is done, and done soon, about the general quality
Xof passwords on UNIX systems, then in the near future our
Xdoors will be wide open to people who have programs like
XCrack and questionable motives.
X
X10. Solutions and Conclusions
X
XWhat can be done about this form of attack ?
X
XYou must get a drop-in replacement for the passwd and
Xyppasswd commands; one which will stop people from choosing
Xbad passwords in the first place. There are several pro-
Xgrams to do this; Matt Bishop's passwd+ and Clyde Hoover's
Xnpasswd program are good examples which are freely avail-
Xable. Consult an Archie database for more details on where
Xyou can get them from.
X
XA little common-sense is all that is required to vet pass-
Xwords: I enclose a module in the Sources directory
Xgoodpass.c which I use in a modified version of the yppasswd
Xin order to provide some security. It is quite heavily cus-
Xtomised for use in the UK, but it should be easily portable.
XThe routine is invoked:
X
X
X char *retval = GoodPass(char *input);
X
X
Xwhere input is the password under test, and retval will be
Xset either to NULL (if the password is OK) or to a diagnos-
Xtic string which says what is wrong with the password. It
Xis far less complex than a system such as passwd+, but still
Xeffective enough to make a password file withstand Crack.
XIt would be nice if an organisation (such as CERT?) could be
Xpersuaded to supply skeletons of sensible passwd commands
Xfor the public good, as well as an archive of security
Xrelated utilities[5] on top of the excellent COPS. However,
Xfor UNIX security to improve on a global scale, we will also
Xrequire pressure on the vendors, so that programs are writ-
Xten correctly from the beginning.
X
X
X
X
X
X
X_________________________
X [5] COPS is available for anonymous FTP from
Xcert.sei.cmu.edu (128.237.253.5) in ~/cops
X
X
X
X
X August 21, 1991
X
X
END_OF_FILE
if test 21446 -ne `wc -c <'README'`; then
echo shar: \"'README'\" unpacked with wrong size!
fi
# end of 'README'
fi
if test -f 'README.FIRST' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'README.FIRST'\"
else
echo shar: Extracting \"'README.FIRST'\" \(1310 characters\)
sed "s/^X//" >'README.FIRST' <<'END_OF_FILE'
XThis is Crack, v3.2a+fcrypt() : A sensible password cracker for Unix.
X
XDocumentation provided is in the "README" file, which I've handhacked
Xdown to a unutterably boring text file. The "README.ms" file in "Docs"
Xgenerates a far prettier output using "nroff -ms", and "Docs/README.ps"
Xis even prettier still. I suggest that you start br reading one of
Xthese files.
X
XCrack+fcrypt() works on Ultrix and SunOS, and probably on a lot of other
Xthings too. AIX has problems with creating a crypt compatible fcrypt().
XFor a list of the current problems, see the BUGS file. At worst, just
Xrun with the version of 'crypt()' which comes with your system.
X
XTo install: Just create a directory to keep it all in, move the shar
Xfiles into the directory, and run them.
X
XThe most patently obvious difference from the last release is that I
Xhave provided two versions of the driver script "Crack" - one in 'csh'
Xand one in 'sh'. If the 'sh' one works out okay, I'll eventually trash
Xthe 'csh' version.
X
XIf you have problems, let me know, so long as they're not too personal.
X
X- Alec 8-)
X
X--
XINET: a...@aber.ac.uk JANET: a...@uk.ac.aber BITNET: aem%aber@ukacrl
XUUCP: ...!mcsun!ukc!aber!aem ARPA: aem%uk.ac...@nsfnet-relay.ac.uk
XSNAIL: Alec Muffett, Computer Unit, Llandinam UCW, Aberystwyth, UK, SY23 3DB
END_OF_FILE
if test 1310 -ne `wc -c <'README.FIRST'`; then
echo shar: \"'README.FIRST'\" unpacked with wrong size!
fi
# end of 'README.FIRST'
fi
if test ! -d 'Scripts' ; then
echo shar: Creating directory \"'Scripts'\"
mkdir 'Scripts'
fi
if test -f 'Scripts/Crack.network' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/Crack.network'\"
else
echo shar: Extracting \"'Scripts/Crack.network'\" \(2052 characters\)
sed "s/^X//" >'Scripts/Crack.network' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
X###
X# This program reads the network.conf and breaks up the sorted password
X# file and kicks "Crack" up on all the machines and feeds the file to it.
X###
X
X###
X# Okay, if you don't like this bit of code, YOU think of a totally
X# portable way to do this - in shell scripts without using PERL - Alec.
X###
X
Xcf=Scripts/network.conf
Xtf=/tmp/mcpwfs.$$
X
X###
X# Check that the config file is in place
X###
X
Xif [ ! -f $cf -o ! -s $cf ]
Xthen
X echo "Crack.network: empty or missing config file: $cf"
X exit 1
Xfi
X
Xargs=""
Xfiles=""
X
Xfor i in $*
Xdo
X if [ -f "$i" ]
X then
X files="$files $i"
X else
X args="$args $i"
X fi
Xdone
X
Xecho "Merging data."
X
XScripts/joinfiles $files > $tf
Xlines=`wc -l < $tf`
X
Xecho "Starting analysis for Network-Crack."
X
Xcat $cf |
Xgrep -v '^#' |
Xsort +2 -n |
Xawk '
XBEGIN {
X hostcount = 0;
X totalweight = 0;
X linecount = '"$lines"';
X iargs = "'"$args"'";
X file = "'"$tf"'";
X}
X
X/^[a-zA-Z0-9]/ {
X hostname[hostcount] = $1;
X cputype[hostcount] = $2;
X weight[hostcount] = $3;
X totalweight += $3;
X args[hostcount] = iargs;
X for (i = 4; i <= NF && substr($i,1,1) != "#"; i++)
X {
X args[hostcount] = args[hostcount] " " $i;
X }
X hostcount++;
X}
X
XEND {
X done = 1;
X todo = linecount;
X print "echo Users:", linecount;
X print "echo Remote Hosts:", hostcount;
X
X for (i = 0; i < hostcount; i++)
X {
X if (i < hostcount - 1)
X {
X slice = weight[i] / totalweight; # fraction
X slice *= linecount; # percentage
X slice = int(slice); # round down
X todo -= slice; # remainder
X } else
X {
X slice = todo; # fastest machine gets the rest.
X todo = 0;
X }
X if (slice > 0)
X {
X print "echo Calling", hostname[i], "for", slice, "users";
X line = sprintf("Scripts/RCrack %s %s %d %d %s < %s\n", \
X hostname[i],\
X cputype[i], \
X done, \
X done + slice - 1, \
X args[i], \
X file);
X print "echo", line;
X print line;
X }
X done += slice;
X }
X}' | sh # I'll bet you didn't expect this...
X
Xrm $tf
END_OF_FILE
if test 2052 -ne `wc -c <'Scripts/Crack.network'`; then
echo shar: \"'Scripts/Crack.network'\" unpacked with wrong size!
fi
chmod +x 'Scripts/Crack.network'
# end of 'Scripts/Crack.network'
fi
if test -f 'Scripts/RCrack' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/RCrack'\"
else
echo shar: Extracting \"'Scripts/RCrack'\" \(590 characters\)
sed "s/^X//" >'Scripts/RCrack' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
Xremote_shell="rsh" # This could be 'rcmd' for, say, Xenix stuff
Xcrack_prog="Crack" # This could be "Crack.sh", for users with csh probs.
X
Xhost=$1
Xshift
Xtype=$1
Xshift
Xstartline=$1
Xshift
Xstopline=$1
Xshift
Xargs="$*"
X
Xawk 'NR >= '"$startline"' && NR <= '"$stopline"'{print $0;} {next;}' |
X$remote_shell $host "$CRACK_HOME/$crack_prog" -remote $args $type
X #^^^^^^^^^^^^^^^^^^^^^^
X # This is quoted to allow ~username through unexpanded
END_OF_FILE
if test 590 -ne `wc -c <'Scripts/RCrack'`; then
echo shar: \"'Scripts/RCrack'\" unpacked with wrong size!
fi
chmod +x 'Scripts/RCrack'
# end of 'Scripts/RCrack'
fi
if test -f 'Scripts/clean' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/clean'\"
else
echo shar: Extracting \"'Scripts/clean'\" \(189 characters\)
sed "s/^X//" >'Scripts/clean' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
Xmake -f Scripts/crack.mf clean > /dev/null 2>&1
END_OF_FILE
if test 189 -ne `wc -c <'Scripts/clean'`; then
echo shar: \"'Scripts/clean'\" unpacked with wrong size!
fi
chmod +x 'Scripts/clean'
# end of 'Scripts/clean'
fi
if test -f 'Scripts/crack.mf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/crack.mf'\"
else
echo shar: Extracting \"'Scripts/crack.mf'\" \(776 characters\)
sed "s/^X//" >'Scripts/crack.mf' <<'END_OF_FILE'
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
X###
X# Add other dictionaries here, absolute path, or relative to $CRACK_HOME
X#
XDICTSRC= /usr/dict/words DictSrc/*
X
X###
X# Not-so configurable bitz...
X###
XPPDRIVER= Scripts/makedicts
XSRCDIR= Sources
XDICTDIR= Dicts
XDS= $(DICTDIR)/dictstamp
X
Xdictstamp: $(DS)
X
X###
X# You could have a dependency here, but it would make an awfful mess of
X# using wildcards
X$(DS):
X @echo Using Sources '$(DICTSRC)'
X ( cd $$CRACK_ARCH && make crack-pp )
X $(PPDRIVER) $(DICTDIR) $(DICTSRC)
X touch $(DS)
X
Xcleanprogs:
X -( cd $(SRCDIR) && make clean )
X
Xclean: cleanprogs
X -rm -f die.* out.* point.* dict.? nohup.out
X
Xspotless: clean
X -( cd $(DICTDIR) && rm dict* )
END_OF_FILE
if test 776 -ne `wc -c <'Scripts/crack.mf'`; then
echo shar: \"'Scripts/crack.mf'\" unpacked with wrong size!
fi
# end of 'Scripts/crack.mf'
fi
if test -f 'Scripts/install.mf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/install.mf'\"
else
echo shar: Extracting \"'Scripts/install.mf'\" \(375 characters\)
sed "s/^X//" >'Scripts/install.mf' <<'END_OF_FILE'
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
XSD= ../Sources
X
Xsource: crack-pp crack-pwc
X touch source
X
Xcrack-pp: $(SD)/crack-pp.c $(SD)/conf.h
X ( cd $(SD) ; make crack-pp )
X cp $(SD)/crack-pp .
X
Xcrack-pwc: $(SD)/crack-pwc.c $(SD)/conf.h
X ( cd $(SD) ; make crack-pwc )
X cp $(SD)/crack-pwc .
END_OF_FILE
if test 375 -ne `wc -c <'Scripts/install.mf'`; then
echo shar: \"'Scripts/install.mf'\" unpacked with wrong size!
fi
# end of 'Scripts/install.mf'
fi
if test -f 'Scripts/joinfiles' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/joinfiles'\"
else
echo shar: Extracting \"'Scripts/joinfiles'\" \(844 characters\)
sed "s/^X//" >'Scripts/joinfiles' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
Xwarn=out.initial.$$
X
X###
X# Empty the output file...
X> $warn
X
X###
X# As Walt Disney would say, we start with a simple bracket:-
X
X(
Xfor file in $*
Xdo
X
Xawk '
XBEGIN {
X FS = ":";
X warn="'$warn'";
X file = "'$file'";
X date = "'"`date`"'";
X date = substr(date, 5, 15);
X}
X
Xsubstr($2,1,1) == "!" || substr($2,1,1) == "*" {
X printf("join: %s User %s (in %s) has a locked password.\n", \
X date, $1, file) >> warn;
X next;
X}
X
X$2 == "" {
X printf("join: %s Warning! %s (%s in %s) has a NULL password!\n", \
X date, $1, $7, file) >> warn;
X next;
X}
X
X/^[A-Za-z]/ {
X print file ":" $0;
X}
X ' < $file
Xdone
X
X###
X# Using a pipe is a bit faster - no bloody fs action.
X###
X
X) | sort -t: +2 # sort all of them by salt
X
Xexit 0
END_OF_FILE
if test 844 -ne `wc -c <'Scripts/joinfiles'`; then
echo shar: \"'Scripts/joinfiles'\" unpacked with wrong size!
fi
chmod +x 'Scripts/joinfiles'
# end of 'Scripts/joinfiles'
fi
if test -f 'Scripts/makedicts' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/makedicts'\"
else
echo shar: Extracting \"'Scripts/makedicts'\" \(449 characters\)
sed "s/^X//" >'Scripts/makedicts' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
Xpp="$CRACK_ARCH/crack-pp"
Xdictdir=$1
X
Xshift
X
Xif [ ! -f $pp ]
Xthen
X echo "$0: No preprocessor $pp! How the hell did this happen!"
X exit 1
Xfi
X
Xrm -f $dictdir/dict.*
X
X$pp $*
X
Xecho "Compacting. This may take some time..."
X
Xfor i in dict.*
Xdo
X sort -r $i | uniq > $dictdir/$i
X rm -f $i
X echo Done $i
Xdone
X
Xexit 0
END_OF_FILE
if test 449 -ne `wc -c <'Scripts/makedicts'`; then
echo shar: \"'Scripts/makedicts'\" unpacked with wrong size!
fi
chmod +x 'Scripts/makedicts'
# end of 'Scripts/makedicts'
fi
if test -f 'Scripts/network.conf' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/network.conf'\"
else
echo shar: Extracting \"'Scripts/network.conf'\" \(188 characters\)
sed "s/^X//" >'Scripts/network.conf' <<'END_OF_FILE'
X###
X# Format of this file :-
X###
X# hostname binary_directory relative_power args # comments
X###
Xaberda mipsel 10 -n19
Xaberdb mipsel 10 -n19
Xaberdc mipsel 11
Xaberdq sun4 8
END_OF_FILE
if test 188 -ne `wc -c <'Scripts/network.conf'`; then
echo shar: \"'Scripts/network.conf'\" unpacked with wrong size!
fi
# end of 'Scripts/network.conf'
fi
if test -f 'Scripts/network.conf.example' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/network.conf.example'\"
else
echo shar: Extracting \"'Scripts/network.conf.example'\" \(381 characters\)
sed "s/^X//" >'Scripts/network.conf.example' <<'END_OF_FILE'
X###
X# Format of this file :-
X###
X# hostname binary_directory relative_power args # comments
X###
Xaberdc mipsel 11 # DS5000/200
Xaberda mipsel 10 -n10 # DEC 5830
Xaberdb mipsel 10 -n10 # DEC 5830
Xaberdq sun4 8 # Sun 4/330
Xdecgca mipsel 5 -n19 # DS3100
Xsunga sun3 1 -n19 # Sun 3/50
Xsungb sun3 1 -n19 # Sun 3/50
Xsungc sun3 1 -n19 # Sun 3/50
END_OF_FILE
if test 381 -ne `wc -c <'Scripts/network.conf.example'`; then
echo shar: \"'Scripts/network.conf.example'\" unpacked with wrong size!
fi
# end of 'Scripts/network.conf.example'
fi
if test -f 'Scripts/plaster' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/plaster'\"
else
echo shar: Extracting \"'Scripts/plaster'\" \(377 characters\)
sed "s/^X//" >'Scripts/plaster' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
X###
X# This program provides a quick network murder if running "Crack -network"
X###
X# The name is Chris Samuel's fault... "Plaster the Cracks" indeed...
X# Mail admiration of this joke to cc...@aber.ac.uk
X###
X
Xfor i in ./die.*
Xdo
X $i
Xdone
END_OF_FILE
if test 377 -ne `wc -c <'Scripts/plaster'`; then
echo shar: \"'Scripts/plaster'\" unpacked with wrong size!
fi
chmod +x 'Scripts/plaster'
# end of 'Scripts/plaster'
fi
if test -f 'Scripts/spotless' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Scripts/spotless'\"
else
echo shar: Extracting \"'Scripts/spotless'\" \(192 characters\)
sed "s/^X//" >'Scripts/spotless' <<'END_OF_FILE'
X#!/bin/sh
X
X###
X# This program written by ADE Muffett (a...@aber.ac.uk), August 1991,
X# as part of the 'Crack' password cracking package.
X###
X
Xmake -f Scripts/crack.mf spotless > /dev/null 2>&1
END_OF_FILE
if test 192 -ne `wc -c <'Scripts/spotless'`; then
echo shar: \"'Scripts/spotless'\" unpacked with wrong size!
fi
chmod +x 'Scripts/spotless'
# end of 'Scripts/spotless'
fi
if test ! -d 'Sources' ; then
echo shar: Creating directory \"'Sources'\"
mkdir 'Sources'
fi
if test -f 'Sources/Makefile' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/Makefile'\"
else
echo shar: Extracting \"'Sources/Makefile'\" \(1572 characters\)
sed "s/^X//" >'Sources/Makefile' <<'END_OF_FILE'
X###
X# Makefile for the CRACK suite V3.2, (c) ADE Muffett, Aug 1991
X###
X
X###
X# Configurtable bitz...
X###
X
XCC= cc
XCFLAGS= -O2
XLIBS=
XSHELL= /bin/sh
X
X###
X# Not so configurable bitz...
X###
X
XPWC= crack-pwc
XPP= crack-pp
X
X###
X# There is some redundancy in using CRACKMOD like this, as opposed to a
X# library, but it's more portable than trying to use 'ar' - as Chris Lewis
X# pointed out... SWTF.
X###
X
XCRACKMOD= crack-lib.o crack-fcrypt.o crack-port.o
X
X###
X# Default target
X###
X
Xall: $(PP) $(PWC)
X
X$(PP): $(CRACKMOD) crack-pp.o
X $(CC) $(CFLAGS) -o $@ crack-pp.o $(CRACKMOD) $(LIBS)
X
X$(PWC): $(CRACKMOD) crack-pwc.o
X $(CC) $(CFLAGS) -o $@ crack-pwc.o $(CRACKMOD) $(LIBS)
X
Xcrack-pp.c: crack.h
X
Xcrack-pwc.c: crack.h
X
Xcrack-lib.c: crack.h
X
Xcrack.h: conf.h
X touch crack.h
Xconf.h:
X
Xclean:
X -rm -f $(PP) $(PWC) *.o *.u *.a
X -rm -f tester *.pixie *.Addrs *.Counts
X -rm -f speedcrypt speedfcrypt speedxform
X
X###
X# These targets below are for fcrypt() development only
X###
X
XPIXIEF = -procedures -heavy -invocations -zero
X
Xtests: speedcrypt tester speedxform speedfcrypt
X -./speedcrypt
X -./speedfcrypt
X -./speedxform
X -./tester
X
Xspeedfcrypt: speeds.c $(CRACKMOD)
X $(CC) -DT1 -o speedfcrypt speeds.c $(CRACKMOD)
X
Xspeedxform: speeds.c $(CRACKMOD)
X $(CC) -DT2 -o speedxform speeds.c $(CRACKMOD)
X
Xspeedcrypt: speeds.c $(CRACKMOD)
X $(CC) -o speedcrypt speeds.c $(CRACKMOD)
X
Xtester: tester.o $(CRACKMOD)
X $(CC) -o tester tester.o $(CRACKMOD)
X
Xtester.pixie: tester
X pixie -o tester.pixie tester
X
Xprof: tester.pixie
X time tester.pixie
X prof -pixie tester $(PIXIEF)
END_OF_FILE
if test 1572 -ne `wc -c <'Sources/Makefile'`; then
echo shar: \"'Sources/Makefile'\" unpacked with wrong size!
fi
# end of 'Sources/Makefile'
fi
if test -f 'Sources/conf.h' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/conf.h'\"
else
echo shar: Extracting \"'Sources/conf.h'\" \(3458 characters\)
sed "s/^X//" >'Sources/conf.h' <<'END_OF_FILE'
X#include <stdio.h>
X#include <ctype.h>
X#include <pwd.h>
X#include <signal.h>
X
X#ifdef BSD
X#define strchr(a,b) index(a,b)
X#endif /* BSD */
X
X/*
X * Switch for my use - if defined, overrides the defaults below and sets up
X * my own. It's simplest if you undefine and ignore this switch.
X */
X
X#undef DEVELOPMENT_VERSION
X
X/* !!!! EVERYBODY ELSE START HERE !!!! */
X
X/*
X * if defined, this will insert code for verbose options
X */
X
X#define CRACK_VERBOSE
X
X/*
X * define this if you have _toupper() - check your manpages
X */
X
X#undef FAST_TOCASE
X
X/*
X * define this if you are on a Sys V type system with a uname() system call
X * and have no gethostname() - it fakes up a BSD gethostname() so you can use
X * CRACK_NETWORK; see crack-port.c
X */
X
X#undef CRACK_UNAME
X
X/*
X * define this if you are running multiple Cracks over a network; if you
X * aren't using "rsh" to do this, edit "Scripts/RCrack" as well
X */
X
X#undef CRACK_NETWORK
X
X/*
X * define this to search gecos entry for possible passwords - I RECOMMEND
X * THIS VERY VERY STRONGLY
X */
X
X#define CRACK_GECOS
X
X/*
X * define this to make a dictionary pass of pluralised words
X */
X
X#define CRACK_PLURAL
X
X/*
X * define this to make a dictionary pass of words with leading and trailing
X * 0's and 1's. If you want to add other leading/trailing characters, edit
X * the "trailing_chars[]" string in "crack-pp.c"
X */
X
X#define CRACK_TRAILING
X
X/*
X * define this to print the password if you crack it
X */
X
X#define CRACK_PRINTOUT
X
X/*
X * if defined, tries guesses < 5 chars long - this wastes time if you are
X * unlikely to have REALLY short passwords, try it once though.
X */
X
X#define CRACK_SHORT_PASSWDS
X
X/*
X * if defined, do sanity checks on the DES password - this gets round expiry
X * mechanisms appending extra characters to signify "things"
X */
X
X#define CRACK_PW_VERIFY
X
X/*
X * define this if you are using fcrypt() - you might not want to if
X * fcrypt() doesn't work properly
X */
X
X#define FCRYPT
X
X/*
X * The following symbols pertain ONLY to fcrypt() usage
X */
X
X/*
X * if defined use builtin clearing in preference to using bzero(), for 4 or 8
X * byte long ints
X */
X
X#define BUILTIN_CLEAR
X
X/*
X * define if you have a bzero and do not want to use BUILTIN_CLEAR
X */
X
X#define BZERO
X
X/*
X * define this if you have a 4 byte "long_int" on RISC machines and want a
X * speedup - it should not hurt CISC machines either
X */
X
X#undef FDES_4BYTE
X
X/*
X * undef this if your compiler knows the fact that 6*x == x<<1 + x<<2
X */
X
X#undef BRAINDEAD6
X
X/*
X * Personal stuff only - I recommend you ignore stuff below this line, unless
X * you know what you're doing
X */
X
X#ifdef DEVELOPMENT_VERSION
X/*
X * for my personal use, this is my configuration on a DS5000/200
X */
X#undef BRAINDEAD6
X
X#ifndef BUILTIN_CLEAR
X#define BUILTIN_CLEAR
X#endif /* BUILTIN_CLEAR */
X
X#undef BZERO
X
X#ifndef CRACK_GECOS
X#define CRACK_GECOS
X#endif /* CRACK_GECOS */
X
X#ifndef CRACK_NETWORK
X#define CRACK_NETWORK
X#endif /* CRACK_NETWORK */
X
X#ifndef CRACK_PLURAL
X#define CRACK_PLURAL
X#endif /* CRACK_PLURAL */
X
X#ifndef CRACK_PRINTOUT
X#define CRACK_PRINTOUT
X#endif /* CRACK_PRINTOUT */
X
X#ifndef CRACK_PW_VERIFY
X#define CRACK_PW_VERIFY
X#endif /* CRACK_PW_VERIFY */
X
X#undef CRACK_SHORT_PASSWDS
X
X#ifndef CRACK_TRAILING
X#define CRACK_TRAILING
X#endif /* CRACK_TRAILING */
X
X#undef CRACK_UNAME
X
X#undef CRACK_VERBOSE
X
X#undef FAST_TOCASE
X
X#ifndef FCRYPT
X#define FCRYPT
X#endif /* FCRYPT */
X
X#ifndef FDES_4BYTE
X#define FDES_4BYTE
X#endif /* FDES_4BYTE */
X
X#endif /* DEVELOPMENT VERSION */
END_OF_FILE
if test 3458 -ne `wc -c <'Sources/conf.h'`; then
echo shar: \"'Sources/conf.h'\" unpacked with wrong size!
fi
# end of 'Sources/conf.h'
fi
if test -f 'Sources/crack-lib.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-lib.c'\"
else
echo shar: Extracting \"'Sources/crack-lib.c'\" \(1756 characters\)
sed "s/^X//" >'Sources/crack-lib.c' <<'END_OF_FILE'
X#include "crack.h"
X
X/*
X * This program is copyright (c) Alec Muffett 1991 except for certain
X * portions of code ("crack-fcrypt.c") copyright (c) Robert Baldwin, Icarus
X * Sparry and Alec Muffett. The author(s) disclaims all responsibility or
X * liability with respect to it's usage or its effect upon hardware or
X * computer systems. This software is in the public domain and is freely
X * redistributable PROVIDED that this notice remains intact.
X */
X
Xvoid
XTrim (string) /* remove trailing whitespace from a string */
X register char *string;
X{
X register char *ptr;
X
X for (ptr = string; *ptr; ptr++);
X while ((--ptr >= string) && isspace (*ptr));
X *(++ptr) = '\0';
X}
X
Xchar *
XReverse (str) /* return a pointer to a reversal */
X register char *str;
X{
X register int i;
X register int j;
X register char *ptr;
X static char area[STRINGSIZE];
X
X j = i = strlen (str);
X while (*str)
X {
X area[--i] = *str++;
X }
X area[j] = '\0';
X return (area);
X}
X
Xchar *
XUppercase (str) /* return a pointer to an uppercase */
X register char *str;
X{
X register char *ptr;
X static char area[STRINGSIZE];
X
X ptr = area;
X while (*str)
X {
X *(ptr++) = islower (*str) ? toupper (*str) : *str;
X str++;
X }
X *ptr = '\0';
X
X return (area);
X}
X
Xchar *
XLowercase (str) /* return a pointer to an lowercase */
X register char *str;
X{
X register char *ptr;
X static char area[STRINGSIZE];
X
X ptr = area;
X while (*str)
X {
X *(ptr++) = isupper (*str) ? tolower (*str) : *str;
X str++;
X }
X *ptr = '\0';
X
X return (area);
X}
X
Xchar *
XClone (string)
X char *string;
X{
X int len;
X char *retval;
X
X retval = (char *) malloc (strlen (string) + 1);
X strcpy (retval, string);
X return (retval);
X}
END_OF_FILE
if test 1756 -ne `wc -c <'Sources/crack-lib.c'`; then
echo shar: \"'Sources/crack-lib.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-lib.c'
fi
if test -f 'Sources/crack-port.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack-port.c'\"
else
echo shar: Extracting \"'Sources/crack-port.c'\" \(296 characters\)
sed "s/^X//" >'Sources/crack-port.c' <<'END_OF_FILE'
X#include "crack.h"
X
X#ifdef CRACK_UNAME
X
X#include <sys/utsname.h>
X
Xint
Xgethostname (name, namelen)
X char *name;
X int namelen;
X{
X struct utsname uts;
X if (uname (&uts))
X {
X return (-1);
X }
X strncpy (name, uts.nodename, namelen - 1);
X return (0);
X}
X
X#endif /* CRACK_UNAME */
END_OF_FILE
if test 296 -ne `wc -c <'Sources/crack-port.c'`; then
echo shar: \"'Sources/crack-port.c'\" unpacked with wrong size!
fi
# end of 'Sources/crack-port.c'
fi
if test -f 'Sources/crack.h' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/crack.h'\"
else
echo shar: Extracting \"'Sources/crack.h'\" \(707 characters\)
sed "s/^X//" >'Sources/crack.h' <<'END_OF_FILE'
X/*
X * This program is copyright (c) Alec Muffett 1991 except for certain
X * portions of code ("fdes-crypt.c") copyright (c) Robert Baldwin, Icarus
X * Sparry and Alec Muffett. The author(s) disclaims all responsibility or
X * liability with respect to it's usage or its effect upon hardware or
X * computer systems. This software is in the public domain and is freely
X * redistributable PROVIDED that this notice remains intact.
X */
X
X#include "conf.h"
X
X#define STRINGSIZE 255
X
Xvoid Trim ();
Xchar *Reverse ();
Xchar *Uppercase ();
Xchar *Lowercase ();
Xchar *Clone ();
X
X#ifdef FAST_TOCASE
X#define toupper(x) _toupper(x)
X#define tolower(x) _tolower(x)
X#endif
X
X#ifdef FCRYPT
X#define crypt(a,b) fcrypt(a,b)
X#endif
END_OF_FILE
if test 707 -ne `wc -c <'Sources/crack.h'`; then
echo shar: \"'Sources/crack.h'\" unpacked with wrong size!
fi
# end of 'Sources/crack.h'
fi
if test -f 'Sources/speeds.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/speeds.c'\"
else
echo shar: Extracting \"'Sources/speeds.c'\" \(866 characters\)
sed "s/^X//" >'Sources/speeds.c' <<'END_OF_FILE'
X#include <sys/time.h>
X#include <signal.h>
X#include <stdio.h>
X
Xstatic int cnt;
X#define ITIME 10 /* Number of seconds to run test. */
X
Xvoid
XStop ()
X{
X printf ("Did %f %s()s per second.\n",
X ((float) cnt) / ((float) ITIME),
X#if defined(T1)
X "fcrypt"
X#elif defined(T2)
X "xform"
X#else
X "crypt"
X#endif
X );
X exit (0);
X}
Xmain ()
X{
X struct itimerval itv;
X static int quarters[4];
X
X bzero (&itv, sizeof (itv));
X
X printf ("Running for %d seconds of virtual time ...\n", ITIME);
X
X#if defined(T1) || defined(T2)
X init_des ();
X#endif
X
X signal (SIGVTALRM, Stop);
X itv.it_value.tv_sec = ITIME;
X itv.it_value.tv_usec = 0;
X setitimer (ITIMER_VIRTUAL, &itv, NULL);
X
X for (cnt = 0;; cnt++)
X {
X#if defined(T1)
X fcrypt ("fredfred", "eek");
X#elif defined(T2)
X xform (quarters, 0);
X#else
X crypt ("fredfred", "eek");
X#endif
X }
X}
END_OF_FILE
if test 866 -ne `wc -c <'Sources/speeds.c'`; then
echo shar: \"'Sources/speeds.c'\" unpacked with wrong size!
fi
# end of 'Sources/speeds.c'
fi
if test -f 'Sources/tester.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'Sources/tester.c'\"
else
echo shar: Extracting \"'Sources/tester.c'\" \(612 characters\)
sed "s/^X//" >'Sources/tester.c' <<'END_OF_FILE'
X#include <stdio.h>
X#include <time.h>
X
X#define EEK 8192
X#define PROFx
X
Xmain ()
X{
X int i;
X char a[255];
X char b[255];
X
X init_des ();
X
X#ifndef PROF
X strcpy (a, crypt ("fredfred", "fredfred"));
X strcpy (b, fcrypt ("fredfred", "fredfred"));
X
X printf ("Check Old: %s\tNew: %s\n", a, b);
X
X if (!strcmp (a, b))
X {
X printf ("fcrypt() is compatible with standard crypt()\n");
X } else
X {
X printf ("fcrypt() is not compatible !!! \7\n");
X exit (1);
X }
X printf ("Doing %d fcrypts()\n", EEK);
X#endif
X
X for (i = EEK; i; i--)
X {
X fcrypt ("fredfred", "eek");
X }
X
X return (0);
X}
END_OF_FILE
if test 612 -ne `wc -c <'Sources/tester.c'`; then
echo shar: \"'Sources/tester.c'\" unpacked with wrong size!
fi
# end of 'Sources/tester.c'
fi
echo shar: End of archive 1 \(of 4\).
cp /dev/null ark1isdone
MISSING=""
for I in 1 2 3 4 ; do
if test ! -f ark${I}isdone ; then
MISSING="${MISSING} ${I}"
fi
done
if test "${MISSING}" = "" ; then
echo You have unpacked all 4 archives.
rm -f ark[1-9]isdone
else
echo You still need to unpack the following archives:
echo " " ${MISSING}
fi
## End of shell archive.
exit 0