Newsgroups: comp.sources.misc From: Alec David Muffett Subject: v22i049: crack - The Password Cracker, version 3.2a, Part01/04 Message-ID: X-Md4-Signature: 1fab764c7c09673b5cd5a2751301ac1b Date: Fri, 23 Aug 1991 15:03:56 GMT Approved: kent@sparky.imd.sterling.com Submitted-by: Alec David Muffett Posting-number: Volume 22, Issue 49 Archive-name: crack/part01 Environment: UNIX This is Crack, v3.2a+fcrypt() : A sensible password cracker for Unix. [ *PLEASE NOTE*: [ [ There was an incredibly small bug in the version recently posted to [ alt.{sources,security}. If you are using that version, please either [ use this version or apply the fix yourself. [ [ * Around line 633 of Sources/crack-pwc.c, there is a line which read:- [ if (!TryManyUsers (head, scratch)) [ and this was changed to :- [ if (!TryManyUsers (head, scratch->word)) [ ^^^^^^^^^^^^^ [ for Crack to function properly. If you are reading this, it is fixed [ in this distribution. The intent of this program is twofold :- 1) To inform the average system manager, in a simple, fast, and easy to use manner, of those passwords which would be easily compromised by a dictionary search. 2) To weaken the complacency which develops amongst many inexperienced (and some experienced) Unix systems people. Just because crypt/DES cannot (?) be reversed does not mean that user passwords are safe. If this program serves to raise the overall quotient of paranoia just little a bit, it is all to the good in my opinion. 8-) Crack+fcrypt() works on Ultrix and SunOS, and probably on a lot of other things too. AIX has problems with creating a crypt compatible fcrypt(). For a list of the current problems, see the BUGS file. At worst, just run with the version of 'crypt()' which comes with your system. Documentation provided is in the "README" file, which I've handhacked down to a unutterably boring text file. The "README.ms" file in "Docs" generates a far prettier output using "nroff -ms", and "Docs/README.ps" is even prettier still. I suggest that you start by reading one of these files. To install: Just create a directory to keep it all in, move the shar files into the directory, and unshar them. The most patently obvious difference from the last release is that I have provided two versions of the driver script "Crack" - one in 'csh' and one in 'sh'. If the 'sh' one works out okay, I'll eventually trash the 'csh' version. Crack will also be archived at:- wuarchive.wustl.edu [128.252.135.4] in the directory ~/packages. If you have problems, let me know, so long as they're not too personal. - Alec 8-) INET: aem@aber.ac.uk JANET: aem@uk.ac.aber BITNET: aem%aber@ukacrl UUCP: ...!mcsun!ukc!aber!aem ARPA: aem%uk.ac.aber@nsfnet-relay.ac.uk SNAIL: Alec Muffett, Computer Unit, Llandinam UCW, Aberystwyth, UK, SY23 3DB ---------- #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh 'BUGS' <<'END_OF_FILE' XKnown bugs as of Aug 23, 1991. X X* One version of Crack 3.2 has gotten away from me with the X DEVELOPMENT_VERSION symbol #defined. This is OK if you are on a X DEC Risc-Ultrix box, but probably not otherwise. Doublecheck this. X If you are reading this message, you should be OK. X X* GCC : Doesn't seem to want to compile fcrypt() so that it is X compatible with crypt(). Use your stock CC. If this doesn't work, X "#undef CRYPT" in "Sources/conf.h" and run without fcrypt(). X X If you can follow the fcrypt() code, let me know what GCC doesn't X like. Otherwise, just tell me about it. X X* AIX : Doesn't like the -O2 flag, which is survivable on most versions X of Unix. It's just a switch to turn on optimisation and so may be X safely removed. X X* AIX : Didn't like putting static data items > 256 in a u_char. I have X fixed the array in question (I think). X X* AIX : After all this, fcrypt() apparently does not come out of the AIX X CC compiler compatible with crypt(). If you really have no idea why X it does not work, "#undef FCRYPT" in "Sources/conf.h" and proceed as X normal. X X* AWK : Someone at Nottingham complained that "RCrack" fell over when he X ran it, because he was using version 2 of "awk". I'm not sure whether X he meant "nawk" by this, but he said that it was fixed by editing X "RCrack" and invoking "/bin/awk" literally. This MAY also affect X "joinfiles" and "Crack.network". X X* There was a major bug in v3.2 crack-pwc.c which I have fixed. Around X line 633 of Sources/crack-pwc.c, there is a line which read:- X X if (!TryManyUsers (head, scratch)) X X and this was changed to :- X X if (!TryManyUsers (head, scratch->word)) X X for Crack to function properly. If you are reading this, it is fixed X in this distribution. END_OF_FILE if test 1757 -ne `wc -c <'BUGS'`; then echo shar: \"'BUGS'\" unpacked with wrong size! fi # end of 'BUGS' fi if test -f 'Crack.sh' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Crack.sh'\" else echo shar: Extracting \"'Crack.sh'\" \(3359 characters\) sed "s/^X//" >'Crack.sh' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X X### X# For Bourne shell version, CRACK home cannot be relative to ~username X# (unless you have a really weird 'sh') X### X XCRACK_HOME="/aber/aem/SEC/CRACK32" # This is an ENVIRONMENT var. Xexport CRACK_HOME X Xtrash="/dev/null" Xremote="FALSE" Xdefault_bin="generic" Xtmpfile="/tmp/cpwfs.$$" Xnet_cf="Scripts/network.conf" X X### X# Check existance of a home directory X### X Xif [ -d $CRACK_HOME ] Xthen X cd $CRACK_HOME || exit 1 Xelse X echo "Error: The directory $CRACK_HOME does not exist." X echo "" X echo "Please set the value of CRACK_HOME in the Crack script to the CRACK31" X echo "installation directory." X echo "" X echo "The current working directory is" `pwd` X exit 1 Xfi X X### X# Announce ourselves. X### X Xecho "Crack 3.2a Password Cracker by ADE Muffett, 1991" X X### X# Check that we have arguments X### X Xif [ "$1" = "" ] Xthen X echo "Usage: $0 [options] [bindir] passwdfile [...]" X echo "Or: $0 -network [options] passwdfile [...]" X echo "With options:-" X echo " -v - to produce verbose output (if configured)" X echo " -nnicevalue - to run niced" X echo " -rpointfile - to recover a crashed-out job" X echo " -Rpointfile - to recover (with verify) a crashed-out job" X exit 1 Xfi X X### X# Parse command line X### X Xargl="" X Xwhile : Xdo X case $1 in X -network) X if [ ! -f $net_cf ] X then X echo "$0: error: no file $net_cf" X exit 1 X fi X shift X Scripts/Crack.network $* X exit 0 X ;; X X -remote) X echo "Invoked: $0 $*" X set remote="TRUE" X shift X ;; X -v*|-n*|-r*|-R*) X argl="$argl $1" X shift X ;; X -*) X echo "Crack: unknown argument $1" X shift X ;; X *) X break X ;; X esac Xdone X X### X# Test first non-switch argument for existance X### X Xif [ -f "$1" ] Xthen X CRACK_ARCH="$CRACK_HOME/$default_bin" X if [ ! -d $default_bin ] X then X echo "Making default binary directory: $default_bin" X mkdir $default_bin || exit 1 X fi Xelif [ -d "$1" ] Xthen X CRACK_ARCH="$CRACK_HOME/$1" X shift Xelse X echo "Crack: error: There is no directory or file $1." X echo "Crack: warning: Creating directory $1" X mkdir $1 || exit 1 X CRACK_ARCH="$CRACK_HOME/$1" X shift Xfi X Xexport CRACK_ARCH # This is an ENVIRONMENT var. X X### X# Double check the dictionary directory X### X Xif [ ! -d $CRACK_HOME/Dicts ] Xthen X echo "Crack: error: There is no directory or file Dicts." X echo "Crack: warning: Creating directory Dicts" X mkdir Dicts || exit 1 Xfi X X### X# Now to tidy up a bit X### X Xmake -f Scripts/crack.mf cleanprogs >/dev/null 2>&1 X Xecho "Using binaries in directory: $CRACK_ARCH" X Xcd $CRACK_ARCH || exit 1 X X### X# Install makefiles if necessary. X### X Xif [ ! -f Makefile ] Xthen X cp $CRACK_HOME/Scripts/install.mf Makefile Xfi X Xmake crack-pwc || exit 1 X Xcd $CRACK_HOME X Xmake -f Scripts/crack.mf dictstamp || exit 1 X X### X# Check how we have been invoked : ergo how we get our data. X### X Xif [ "$remote" = "TRUE" ] Xthen X cat > $tmpfile Xelse X Scripts/joinfiles $* > $tmpfile || exit 1 Xfi X Xecho "Backgrounding program. Output will be written to a file in this directory." X Xnohup $CRACK_ARCH/crack-pwc $argl -i$tmpfile Dicts/dict.* $trash 2>&1 & X Xsleep 1 X Xtest -f nohup.out && rm nohup.out X X### X# There are horrible timeraces involved in removing $tmpfile, so I dont. X### END_OF_FILE if test 3359 -ne `wc -c <'Crack.sh'`; then echo shar: \"'Crack.sh'\" unpacked with wrong size! fi chmod +x 'Crack.sh' # end of 'Crack.sh' fi if test ! -d 'DictSrc' ; then echo shar: Creating directory \"'DictSrc'\" mkdir 'DictSrc' fi if test ! -d 'Dicts' ; then echo shar: Creating directory \"'Dicts'\" mkdir 'Dicts' fi if test ! -d 'Docs' ; then echo shar: Creating directory \"'Docs'\" mkdir 'Docs' fi if test -f 'MANIFEST' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'MANIFEST'\" else echo shar: Extracting \"'MANIFEST'\" \(2300 characters\) sed "s/^X//" >'MANIFEST' <<'END_OF_FILE' X File Name Archive # Description X----------------------------------------------------------- X APPENDIX 2 Reasoning for Cracks methods X BUGS 1 List of known problems X Crack 2 The "Crack" driver script in csh X Crack.sh 1 The "Crack" driver script in sh X DictSrc 1 Directory of source dictionaries X DictSrc/bad_pws.dat 2 A sample source dictionary X Dicts 1 Holding store for processed dicts X Docs 1 Documentation directory X Docs/README.ms 3 Source code for laconic documentation X Docs/README.ps 4 Prettified laconic documentation X MANIFEST 1 This shipping list X README 1 Laconic documentation X README.FIRST 1 Introductory Laconic documentation X Scripts 1 Shellscripts & config files directory X Scripts/Crack.network 1 The network driver configuration interface X Scripts/RCrack 1 Frontend to the network program (eg: rsh) X Scripts/clean 1 Diddy little tidy up script X Scripts/crack.mf 1 Miscellaneous Makefile called from everywhere X Scripts/install.mf 1 Another Makefile called from everywhere X Scripts/joinfiles 1 Formatter for passwd files X Scripts/makedicts 1 Frontend to dictionary preprocessor X Scripts/network.conf 1 Empty config file X Scripts/network.conf.example 1 Example of network configuration file X Scripts/plaster 1 Diddy little kill script X Scripts/spotless 1 Diddy little tidy up script X Sources 1 Cracker source code directory X Sources/Makefile 1 With a name like that, what do you reckon ? X Sources/conf.h 1 CONFIGURATION HEADER FILE X Sources/crack-fcrypt.c 3 fcrypt() [Shock, horror] X Sources/crack-lib.c 1 Diddy little string manipulation fn()s X Sources/crack-port.c 1 Portability hooks src X Sources/crack-pp.c 2 Preprocessor src X Sources/crack-pwc.c 2 Password cracker src X Sources/crack.h 1 General header file X Sources/goodpass.c 2 Example of a sensible password filter X Sources/speeds.c 1 Test s/w X Sources/tester.c 1 Test s/w END_OF_FILE if test 2300 -ne `wc -c <'MANIFEST'`; then echo shar: \"'MANIFEST'\" unpacked with wrong size! fi # end of 'MANIFEST' fi if test -f 'README' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'README'\" else echo shar: Extracting \"'README'\" \(21446 characters\) sed "s/^X//" >'README' <<'END_OF_FILE' X X X X X X X X X X "Crack Version 3.2" X A Sensible Password Checker for UNIX- X X X Alec D.E. Muffett X X Computer Unit, University College of Wales X Aberystwyth, Wales, SY23 3DB X aem@aber.ac.uk X +44 970 622492 X X X ABSTRACT X X Crack[1] is a freely available program X designed to find standard UNIX eight-character DES X encrypted passwords by standard guessing tech- X niques outlined below. It is written to be flexi- X ble, configurable and fast, and to be able to make X use of several networked hosts via the Berkeley X rsh program (or similar), where possible. X X X X1. Intent of this program X XMy intentions, whilst writing this program, were X X1) To provide the average system manager with a simple, X flexible and fast tool to find passwords which would be X easily compromised by a dictionary search. X X2) To weaken the complacency which has developed amongst X many (in)?experienced UNIX systems managers about pass- X word security. Just because the crypt() function cannot X be reversed does not mean that your passwords are X secure. If this program helps to raise the overall X quotient of paranoia just one little bit, then it will X have served its purpose and is all to the good. X XI am quite certain that some childish morons out there will Xabuse the work that I have put into creating this program. XIt's up to them how they use it, but if it's used for some Xillegal purpose it's not my intention, nor my fault. I hope X_________________________ X [0] X- UNIX is a trademark of Bell Laboratories. X [1] Crack is available for anonymous FTP from Xwuarchive.wustl.edu (128.252.135.4) in ~/packages X X X X X August 21, 1991 X X X X X X - 2 - X X Xthey get caught. X XCrack was not designed to do anything nasty, other than to Xattack passwords in sensible order. This is why I feel I Xcan post it to the net without fear of recrimination. This Xversion of Crack is supplied with a (hopefully) portable Xversion of fcrypt(), for speed reasons. Fcrypt() is not yet Xwidely available, but several versions have now been posted Xto USENET, and with the growing ability to access anonymous XFTP databases like Archie, I believe that people who really Xwant access to such programs as fcrypt() will be able to get Xthem easily. People who need them but don't have the time Xto look, on the other hand, will not get them. This is not Xa good thing if you are a systems manager, because it gives Xthe crackers an advantage. My philosophy is: give it to Xeveryone, then at least the people who need it can get it. X X2. Fcrypt() Statistics X XThe version of fcrypt() that comes with Crack is some 3.4 Xtimes faster than the version that was originally supplied Xto me, and should outperform most others which are publicly Xavailable. I haven't tried many speed-demon style tricks, Xbut rather I have gone for portability, elegance and simpli- Xcity, where applicable 8-). On a DECStation 5000/200, Xfcrypt() iterates ~550 times per second, and overall, I Xmeasure this to be 13 times faster than standard crypt(). XThere are faster versions available, but at least I feel Xfree to redistrubute this version without stepping on any- Xones toes. X XA final note about my motives: If you think that I am a Xmoron for writing and then distributing this program, and Xyou think that the program is in itself dangerous, I suggest Xthat you carefully consider the fact that any moron could Xhave written this program. Flames to /dev/null, please. X X3. Implementation X XI have tried to make Crack as portable as possible without Xcompromising speed. Needless to say, it is imperfect in the Xthis respect, but I have tried. If you have problems get- Xting Crack up, please let me know what these problems were, Xand what system you were trying to put Crack up on. I Xbelieve that Crack will work on Xenix and various versions Xof System V, but it may require a little effort if your UNIX Xis not fairly modern. X XThere have been some nasty stories sent back to me about Xproblems encountered due to the Crack script being written Xin c-shell. Because of this, I enclose a program Crack.sh Xwhich is a functionally equivalent script in Bourne shell, Xusing nohup to kick the cracker off into the background. If Xyour version of c-shell is non standard (ie: not BSDish) or X X X X August 21, 1991 X X X X X X - 3 - X X Xyou are worried, you may use Crack.sh in Crack's place. XNote, though, that if you want to use the network options, Xyou will also have to edit Scripts/RCrack to change the Xprogram-name that is called on remote machines to Crack.sh. XFor more on this, see below. X XTo use the Crack -network option, you must have rsh, or a Xsimilar program. rsh is a BSD-ism which has become fairly Xcommon on non-BSD systems. If you don't have it or some- Xthing similar, let me know what you do have which might, Xwith a little ingenuity, do the job, and I shall see what I Xcan do. Again, have a look in Scripts/RCrack if you want to Xplay around. X X Note: Xenix users and some others have a rcmd pro- X gram instead of rsh. I'm not sure of the correct X syntax for this program, but it should not be hard X to get it to work. There is a note about it in X Scripts/RCrack X X On such System V based systems, users may also be X missing the BSD function gethostname(). If this X is so, but you do have the uname() system call, X define the macro CRACK_UNAME in Sources/conf.h X instead. This ought to fix the problem, but it may X need a little user intervention first (it depends X where your header file for uname() is). Caveat X Emptor! X X4. Method of Password Cracking X XCrack does not take the serial approach to password guessing Xthat other programs like the COPS password cracker does. XRather, Crack makes two passes over the users' password Xentries. X XThe first pass bases its guesses on the contents of the Xgecos field (containing the users' real name), and the user- Xname itself. The first pass is fast and usually very fruit- Xful, and completes quite quickly. You would be surprised at Xthe number of spods out there who still think that their Xmiddle name, backwards and capitalised, is a good password. X XThe second pass is made by encrypting several pre-processed Xdictionaries on the fly, and comparing the results with Xusers passwords. Crack optimises the number of calls to the Xencryption function by sorting the user passwords by their Xencryption salt before loading, so that the dictionaries Xonly have to be encrypted once for each different salt. XThis generally saves about 30% of the calls you would have Xto make to crypt(). X XThe preprocessed dictionaries are created my merging the Xsource dictionaries found in the directory DictSrc and then X X X X August 21, 1991 X X X X X X - 4 - X X Xtruncating, sorting and uniq'ing the output from the prepro- Xcessor. The default dictionaries named are /usr/dict/words Xwhich provides the bulk of the input data, and XDictSrc/bad_pws.dat which is meant to provide all of those Xnon-dictionary passwords, such as 12345678 or qwerty.[2] X XIf you wish to add a dictionary of your own, just copy it Xinto the DictSrc directory and then delete the contents of Xthe Dicts directory. Your new dictionary will be merged in Xon the next run. Do not worry about replication of data, as Xthe preprocessor driver script sorts and uniq's the data Xbefore putting it into the Dicts directory. X XThe formats of the output dictionaries are: X Xa) Unique words that have been forced lowercase, forwards. X These are the most common passwords you will find, thus X they are tried first. X Xb) Dictionary words which have been artificially plural- X ised, because not many dictionaries contain plurals. X Xc) Dictionary words which were supplied in mixed-case (eg: X Capitalised). X Xd) Dictionary words forced lowercase and backwards. X Xe) Dictionary words, forced lowercase, with a leading or X trailing 0 or 1 (this may be extended by hacking X Sources/crack-pp.c). X Xf) Dictionary words, forced uppercase, forwards. X Xg) Dictionary words, forced uppercase, backwards. X Xh) Dictionary words which were supplied in mixed-case, X backwards (eg: desilatipaC). X X XThis choice of attack is entirely empirical, my own, and Xmade up on the spot. It has also been horrendously success- Xful, and because Crack uses each of these dictionaries in Xturn, it tends to get passwords faster than a program like Xthe COPS password cracker which tries words every-which-way Xfor each user.[3] X_________________________ X [2] Extra dictionaries (those used in Dan Klein's pa- Xper, below) can be obtained via anonymous FTP from Xuunet.uu.net (192.48.96.2) as ~/pub/dictionaries.tar.Z X [3] For more information, see "Foiling the Cracker: A XSurvey of, and Improvements to, Password Security" by XDaniel Klein, available from major FTP sites. X X X X X August 21, 1991 X X X X X X - 5 - X X X Optimisation Note: Crack has an compile-time X option, called CRACK_SHORT_PASSWDS, which, if not X defined, makes the dictionary preprocessor throw X away words which are less than 5 characters long. X The reasoning for this is that many sites, with a X semi-sensible passwd program, will not have pass- X words shorter than 5 characters long. X X It is up to you whether you bother testing these X short passwords, but I would recommend that you do X so at least once, to be safe. (Setting the option X also leads to having smaller pre-processed dic- X tionaries. The option, however, is defined by X default) X X5. Installation X XCrack is one of those most unusual of beasties, a self- Xinstalling program. Once the necessary configuration Xoptions have been set, the executables are created via X'make' by running the main shellscript. X XSome people have complained about this apparent weirdness, Xbut it has grown up with Crack ever since the earliest net- Xwork version, when I could not be bothered to log into Xseveral different machines with several different architec- Xtures, just in order to build the binaries. X XCrack needs to know where it has been installed. Please Xedit the CRACK_HOME variable in the Crack shellscript to the Xcorrect value. This variable should be set to an absolute Xpath name (relative to ~user is OK) through which the direc- Xtory containing Crack may be accessed on all the machines Xthat Crack will be run on. X XThe other bit of installation you will have to do is decide Xwhether you will want to use the -network option. If you do, Xedit the file Sources/conf.h and define the CRACK_NETWORK Xsymbol. This forces Crack to create all of its output files Xwith an embedded hostname (obtained by the gethostname() Xroutine) so that you can keep track of output from all over Xthe network. If you have no gethostname() but have a Xuname() system call, you can use that instead, by defining XCRACK_UNAME in Sources/conf.h. X XYou will then have to generate a Scripts/network.conf file. XThis contains a list of hostnames to rsh to, what their Xbinary type is (useful when running a network Crack on Xseveral different architectures), a guesstimate of their Xrelative power (take your slowest machine as unary, and Xmeasure all others relative to it), and a list of per-host Xdefault flags. There is an example of such a file provided Xin the Scripts directory - take a look at it. X X X X X August 21, 1991 X X X X X X - 6 - X X XI also recommend that you play around with the #defines in Xthe file Sources/conf.h. Each switch has a small note Xexplaining its meaning. Where I've been in doubt about the Xportability of certain library functions, usually I've re- Xwritten it, so it shouldn't be much of a problem. Let me Xknow of your problems. 8-). X X6. Crack Usage X X XCrack [options] [bindir] /etc/passwd [...other passwd files] X XCrack -network [options] /etc/passwd [...other passwd files] X X XWhere bindir is the optional name of the directory where you Xwant the binaries installed. This is useful where you want Xto be able to run versions of Crack on several different Xarchitectures. If bindir does not exist, a warning will be Xissued, and the directory, created. X X Note: bindir defaults to the name generic if not X supplied. X X Yellow Pages (NIS) Users: I have had some queries X about how to get Crack running from a YP password X file. There are several methods, but by far the X simplest is to generate a passwd format file by X running:- X X ypcat passwd > passwd.yp X X and then running Crack on this file. X X7. Options X X-network X Throws Crack into network mode, in which it reads the X Scripts/network.conf file, splits its input into chunks X which are sized according to the power of the target X machine, and calls rsh to run Crack on that machine. X Options for Crack running on the target machine may be X supplied on the command line (eg: verbose or recover X mode), or in the network.conf file if they pertain to X specific hosts (eg: nice() values). X X-v Sets verbose mode, whereby Crack will print every guess X it is trying on a per-user basis. This is a very quick X way of flooding your filestore. If you undefine the X CRACK_VERBOSE symbol in Sources/conf.h, verbose mode X will be permanently disabled. X X-nvalue X Sets the process to be nice()ed to value, so that the X X X X August 21, 1991 X X X X X X - 7 - X X X switch -n19 sets the Crack process to run at the lowest X priority. X X-rpointfile X This is only for use when running in recover mode. X When a running Crack starts pass 2, it periodically X saves its state in a file named point. or X point.. depending on your naming conven- X tion (see "Installation", above). This file can be X used to recover where you were should a host crash. X Simply invoke Crack in exactly the same manner as the X last time, with the addition of the -rpoint.file.name X switch. Crack will startup and read the file, and jump X to slightly before where it left off. If you are X cracking a very large password file, this can save X oodles of time after a crash. X X If you are running a network Crack, then the jobs X will again be spawned onto all the machines of the X original Crack. The program will then check that X the host it is running on is the same as is men- X tioned in the pointfile. If it is not, it will X silently die. Thus, assuming that you supply the X same input data and do not change your X network.conf file, Crack should pick up exactly X where it left off. This is a bit inelegant, but X it's better than nothing at the moment. X X8. Multiprocessing and parallelism X XThe method of error recovery outlined above causes headaches Xfor users who want to do multiprocessing on parallel archi- Xtectures. Crack is in no way parallel, and because of the Xway it's structured, readind stdin from shellscript fron- Xtends, it is a pain to divide the work amongst several Xprocesses via fork()ing. X XThe hack solution to get several copies of Crack running on Xone machine with n processors at the moment is to run with Xthe CRACK_NETWORK option enabled, and insert n copies of the Xentry for your parallel machine into the XScripts/network.conf file. If you use the -r option in these Xcircumstances however, you will get n copies of the Xrecovered process running, only one of them will have the Xcorrect input data. I'm working on this. My current solu- Xtion is to save the current username in the checkpoint file, Xand test it on startup, but doing this may break your Xrecovery if you supply different input data (so that the Xdata is sorted even slightly differently). Hohum. If you Xwant to use this verify username facility, use -R in place Xof -r. X XAs for not using the network.conf file to provide multipro- Xcessing, I'm working on it. X X X X August 21, 1991 X X X X X X - 8 - X X X9. Notes on fast crypt() implementations X XThe stdlib version of the crypt() subroutine is incredibly Xslow. It is a massive bottleneck to the execution of Crack Xand on typical platforms that you get at universities, it is Xrare to find a machine which will achieve more than 50 stan- Xdard crypt()s per second. On low-end diskless workstations, Xyou may expect 2 or 3 per second. It was this slowness of Xthe crypt() algorithm which originally supplied much of the Xsecurity UNIX needed.[4] X XHowever, there are now many implementations of faster ver- Xsions of crypt() to be found on the network. The one sup- Xplied with Crack v3.2 and upwards is called fcrypt(). X Xfcrypt() was originally written in May 1986 by Robert XBaldwin at MIT, and is a good version of the crypt() subrou- Xtine. I received a copy from Icarus Sparry at Bath Univer- Xsity, who had made a couple of portability enhancements to Xthe code. X XI rewrote most of the tables and the KeySchedule generating Xalgorithm in the original fdes-init.c to knock 40% off the Xexecution overhead of fcrypt() in the form that it was Xshipped to me. I inlined a bunch of stuff, put it into a Xsingle file, got some advice from Matt Bishop and Bob XBaldwin [both of whom I am greatly indebted to] about what Xto do to the xform() routine and to the fcrypt function Xitself, and tidied up some algorithms. I've also added more Xlookup tables and reduced several formula for faster use. Xfcrypt() is now barely recognisable as being based on its Xformer incarnation. X XOn a DecStation 5000/200, it is also ~13 times faster than Xthe standard crypt (your mileage may vary with other archi- Xtectures and compilers). This speed puts fcrypt() into the X"moderately fast" league of crypt implementations. By using Xfcrypt() with Crack, I extracted 135 passwords from my stan- Xdard 1087 user password file in a little over 1 hour using 3 Xnetworked machines. This is from a moderately good password Xfile. X XWhy am I saying this sort of thing ? Am I scaremongering ? XIn a word, yes. X XIf a fast version of crypt() is wired into a program like XCrack it can break a poorly passworded site open in minutes. XThere are such programs available, eg: the "Killer Cracker" Xwritten by the anonymous "Doctor Dissector", with anonymous Xmotives. It comes with a modified version of Baldwin's X_________________________ X [4] See: "Password Security, A Case History" by Bob XMorris & Ken Thomson, in the UNIX Programmer Docs. X X X X August 21, 1991 X X X X X X - 9 - X X Xfcrypt, as a MS-DOS executable with a GNU copyleft licence. X XThe point that needs to be hammered home is that unless Xsomething is done, and done soon, about the general quality Xof passwords on UNIX systems, then in the near future our Xdoors will be wide open to people who have programs like XCrack and questionable motives. X X10. Solutions and Conclusions X XWhat can be done about this form of attack ? X XYou must get a drop-in replacement for the passwd and Xyppasswd commands; one which will stop people from choosing Xbad passwords in the first place. There are several pro- Xgrams to do this; Matt Bishop's passwd+ and Clyde Hoover's Xnpasswd program are good examples which are freely avail- Xable. Consult an Archie database for more details on where Xyou can get them from. X XA little common-sense is all that is required to vet pass- Xwords: I enclose a module in the Sources directory Xgoodpass.c which I use in a modified version of the yppasswd Xin order to provide some security. It is quite heavily cus- Xtomised for use in the UK, but it should be easily portable. XThe routine is invoked: X X X char *retval = GoodPass(char *input); X X Xwhere input is the password under test, and retval will be Xset either to NULL (if the password is OK) or to a diagnos- Xtic string which says what is wrong with the password. It Xis far less complex than a system such as passwd+, but still Xeffective enough to make a password file withstand Crack. XIt would be nice if an organisation (such as CERT?) could be Xpersuaded to supply skeletons of sensible passwd commands Xfor the public good, as well as an archive of security Xrelated utilities[5] on top of the excellent COPS. However, Xfor UNIX security to improve on a global scale, we will also Xrequire pressure on the vendors, so that programs are writ- Xten correctly from the beginning. X X X X X X X_________________________ X [5] COPS is available for anonymous FTP from Xcert.sei.cmu.edu (128.237.253.5) in ~/cops X X X X X August 21, 1991 X X END_OF_FILE if test 21446 -ne `wc -c <'README'`; then echo shar: \"'README'\" unpacked with wrong size! fi # end of 'README' fi if test -f 'README.FIRST' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'README.FIRST'\" else echo shar: Extracting \"'README.FIRST'\" \(1310 characters\) sed "s/^X//" >'README.FIRST' <<'END_OF_FILE' XThis is Crack, v3.2a+fcrypt() : A sensible password cracker for Unix. X XDocumentation provided is in the "README" file, which I've handhacked Xdown to a unutterably boring text file. The "README.ms" file in "Docs" Xgenerates a far prettier output using "nroff -ms", and "Docs/README.ps" Xis even prettier still. I suggest that you start br reading one of Xthese files. X XCrack+fcrypt() works on Ultrix and SunOS, and probably on a lot of other Xthings too. AIX has problems with creating a crypt compatible fcrypt(). XFor a list of the current problems, see the BUGS file. At worst, just Xrun with the version of 'crypt()' which comes with your system. X XTo install: Just create a directory to keep it all in, move the shar Xfiles into the directory, and run them. X XThe most patently obvious difference from the last release is that I Xhave provided two versions of the driver script "Crack" - one in 'csh' Xand one in 'sh'. If the 'sh' one works out okay, I'll eventually trash Xthe 'csh' version. X XIf you have problems, let me know, so long as they're not too personal. X X- Alec 8-) X X-- XINET: aem@aber.ac.uk JANET: aem@uk.ac.aber BITNET: aem%aber@ukacrl XUUCP: ...!mcsun!ukc!aber!aem ARPA: aem%uk.ac.aber@nsfnet-relay.ac.uk XSNAIL: Alec Muffett, Computer Unit, Llandinam UCW, Aberystwyth, UK, SY23 3DB END_OF_FILE if test 1310 -ne `wc -c <'README.FIRST'`; then echo shar: \"'README.FIRST'\" unpacked with wrong size! fi # end of 'README.FIRST' fi if test ! -d 'Scripts' ; then echo shar: Creating directory \"'Scripts'\" mkdir 'Scripts' fi if test -f 'Scripts/Crack.network' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/Crack.network'\" else echo shar: Extracting \"'Scripts/Crack.network'\" \(2052 characters\) sed "s/^X//" >'Scripts/Crack.network' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X X### X# This program reads the network.conf and breaks up the sorted password X# file and kicks "Crack" up on all the machines and feeds the file to it. X### X X### X# Okay, if you don't like this bit of code, YOU think of a totally X# portable way to do this - in shell scripts without using PERL - Alec. X### X Xcf=Scripts/network.conf Xtf=/tmp/mcpwfs.$$ X X### X# Check that the config file is in place X### X Xif [ ! -f $cf -o ! -s $cf ] Xthen X echo "Crack.network: empty or missing config file: $cf" X exit 1 Xfi X Xargs="" Xfiles="" X Xfor i in $* Xdo X if [ -f "$i" ] X then X files="$files $i" X else X args="$args $i" X fi Xdone X Xecho "Merging data." X XScripts/joinfiles $files > $tf Xlines=`wc -l < $tf` X Xecho "Starting analysis for Network-Crack." X Xcat $cf | Xgrep -v '^#' | Xsort +2 -n | Xawk ' XBEGIN { X hostcount = 0; X totalweight = 0; X linecount = '"$lines"'; X iargs = "'"$args"'"; X file = "'"$tf"'"; X} X X/^[a-zA-Z0-9]/ { X hostname[hostcount] = $1; X cputype[hostcount] = $2; X weight[hostcount] = $3; X totalweight += $3; X args[hostcount] = iargs; X for (i = 4; i <= NF && substr($i,1,1) != "#"; i++) X { X args[hostcount] = args[hostcount] " " $i; X } X hostcount++; X} X XEND { X done = 1; X todo = linecount; X print "echo Users:", linecount; X print "echo Remote Hosts:", hostcount; X X for (i = 0; i < hostcount; i++) X { X if (i < hostcount - 1) X { X slice = weight[i] / totalweight; # fraction X slice *= linecount; # percentage X slice = int(slice); # round down X todo -= slice; # remainder X } else X { X slice = todo; # fastest machine gets the rest. X todo = 0; X } X if (slice > 0) X { X print "echo Calling", hostname[i], "for", slice, "users"; X line = sprintf("Scripts/RCrack %s %s %d %d %s < %s\n", \ X hostname[i],\ X cputype[i], \ X done, \ X done + slice - 1, \ X args[i], \ X file); X print "echo", line; X print line; X } X done += slice; X } X}' | sh # I'll bet you didn't expect this... X Xrm $tf END_OF_FILE if test 2052 -ne `wc -c <'Scripts/Crack.network'`; then echo shar: \"'Scripts/Crack.network'\" unpacked with wrong size! fi chmod +x 'Scripts/Crack.network' # end of 'Scripts/Crack.network' fi if test -f 'Scripts/RCrack' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/RCrack'\" else echo shar: Extracting \"'Scripts/RCrack'\" \(590 characters\) sed "s/^X//" >'Scripts/RCrack' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X Xremote_shell="rsh" # This could be 'rcmd' for, say, Xenix stuff Xcrack_prog="Crack" # This could be "Crack.sh", for users with csh probs. X Xhost=$1 Xshift Xtype=$1 Xshift Xstartline=$1 Xshift Xstopline=$1 Xshift Xargs="$*" X Xawk 'NR >= '"$startline"' && NR <= '"$stopline"'{print $0;} {next;}' | X$remote_shell $host "$CRACK_HOME/$crack_prog" -remote $args $type X #^^^^^^^^^^^^^^^^^^^^^^ X # This is quoted to allow ~username through unexpanded END_OF_FILE if test 590 -ne `wc -c <'Scripts/RCrack'`; then echo shar: \"'Scripts/RCrack'\" unpacked with wrong size! fi chmod +x 'Scripts/RCrack' # end of 'Scripts/RCrack' fi if test -f 'Scripts/clean' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/clean'\" else echo shar: Extracting \"'Scripts/clean'\" \(189 characters\) sed "s/^X//" >'Scripts/clean' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X Xmake -f Scripts/crack.mf clean > /dev/null 2>&1 END_OF_FILE if test 189 -ne `wc -c <'Scripts/clean'`; then echo shar: \"'Scripts/clean'\" unpacked with wrong size! fi chmod +x 'Scripts/clean' # end of 'Scripts/clean' fi if test -f 'Scripts/crack.mf' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/crack.mf'\" else echo shar: Extracting \"'Scripts/crack.mf'\" \(776 characters\) sed "s/^X//" >'Scripts/crack.mf' <<'END_OF_FILE' X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X X### X# Add other dictionaries here, absolute path, or relative to $CRACK_HOME X# XDICTSRC= /usr/dict/words DictSrc/* X X### X# Not-so configurable bitz... X### XPPDRIVER= Scripts/makedicts XSRCDIR= Sources XDICTDIR= Dicts XDS= $(DICTDIR)/dictstamp X Xdictstamp: $(DS) X X### X# You could have a dependency here, but it would make an awfful mess of X# using wildcards X$(DS): X @echo Using Sources '$(DICTSRC)' X ( cd $$CRACK_ARCH && make crack-pp ) X $(PPDRIVER) $(DICTDIR) $(DICTSRC) X touch $(DS) X Xcleanprogs: X -( cd $(SRCDIR) && make clean ) X Xclean: cleanprogs X -rm -f die.* out.* point.* dict.? nohup.out X Xspotless: clean X -( cd $(DICTDIR) && rm dict* ) END_OF_FILE if test 776 -ne `wc -c <'Scripts/crack.mf'`; then echo shar: \"'Scripts/crack.mf'\" unpacked with wrong size! fi # end of 'Scripts/crack.mf' fi if test -f 'Scripts/install.mf' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/install.mf'\" else echo shar: Extracting \"'Scripts/install.mf'\" \(375 characters\) sed "s/^X//" >'Scripts/install.mf' <<'END_OF_FILE' X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X XSD= ../Sources X Xsource: crack-pp crack-pwc X touch source X Xcrack-pp: $(SD)/crack-pp.c $(SD)/conf.h X ( cd $(SD) ; make crack-pp ) X cp $(SD)/crack-pp . X Xcrack-pwc: $(SD)/crack-pwc.c $(SD)/conf.h X ( cd $(SD) ; make crack-pwc ) X cp $(SD)/crack-pwc . END_OF_FILE if test 375 -ne `wc -c <'Scripts/install.mf'`; then echo shar: \"'Scripts/install.mf'\" unpacked with wrong size! fi # end of 'Scripts/install.mf' fi if test -f 'Scripts/joinfiles' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/joinfiles'\" else echo shar: Extracting \"'Scripts/joinfiles'\" \(844 characters\) sed "s/^X//" >'Scripts/joinfiles' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X Xwarn=out.initial.$$ X X### X# Empty the output file... X> $warn X X### X# As Walt Disney would say, we start with a simple bracket:- X X( Xfor file in $* Xdo X Xawk ' XBEGIN { X FS = ":"; X warn="'$warn'"; X file = "'$file'"; X date = "'"`date`"'"; X date = substr(date, 5, 15); X} X Xsubstr($2,1,1) == "!" || substr($2,1,1) == "*" { X printf("join: %s User %s (in %s) has a locked password.\n", \ X date, $1, file) >> warn; X next; X} X X$2 == "" { X printf("join: %s Warning! %s (%s in %s) has a NULL password!\n", \ X date, $1, $7, file) >> warn; X next; X} X X/^[A-Za-z]/ { X print file ":" $0; X} X ' < $file Xdone X X### X# Using a pipe is a bit faster - no bloody fs action. X### X X) | sort -t: +2 # sort all of them by salt X Xexit 0 END_OF_FILE if test 844 -ne `wc -c <'Scripts/joinfiles'`; then echo shar: \"'Scripts/joinfiles'\" unpacked with wrong size! fi chmod +x 'Scripts/joinfiles' # end of 'Scripts/joinfiles' fi if test -f 'Scripts/makedicts' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/makedicts'\" else echo shar: Extracting \"'Scripts/makedicts'\" \(449 characters\) sed "s/^X//" >'Scripts/makedicts' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X Xpp="$CRACK_ARCH/crack-pp" Xdictdir=$1 X Xshift X Xif [ ! -f $pp ] Xthen X echo "$0: No preprocessor $pp! How the hell did this happen!" X exit 1 Xfi X Xrm -f $dictdir/dict.* X X$pp $* X Xecho "Compacting. This may take some time..." X Xfor i in dict.* Xdo X sort -r $i | uniq > $dictdir/$i X rm -f $i X echo Done $i Xdone X Xexit 0 END_OF_FILE if test 449 -ne `wc -c <'Scripts/makedicts'`; then echo shar: \"'Scripts/makedicts'\" unpacked with wrong size! fi chmod +x 'Scripts/makedicts' # end of 'Scripts/makedicts' fi if test -f 'Scripts/network.conf' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/network.conf'\" else echo shar: Extracting \"'Scripts/network.conf'\" \(188 characters\) sed "s/^X//" >'Scripts/network.conf' <<'END_OF_FILE' X### X# Format of this file :- X### X# hostname binary_directory relative_power args # comments X### Xaberda mipsel 10 -n19 Xaberdb mipsel 10 -n19 Xaberdc mipsel 11 Xaberdq sun4 8 END_OF_FILE if test 188 -ne `wc -c <'Scripts/network.conf'`; then echo shar: \"'Scripts/network.conf'\" unpacked with wrong size! fi # end of 'Scripts/network.conf' fi if test -f 'Scripts/network.conf.example' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/network.conf.example'\" else echo shar: Extracting \"'Scripts/network.conf.example'\" \(381 characters\) sed "s/^X//" >'Scripts/network.conf.example' <<'END_OF_FILE' X### X# Format of this file :- X### X# hostname binary_directory relative_power args # comments X### Xaberdc mipsel 11 # DS5000/200 Xaberda mipsel 10 -n10 # DEC 5830 Xaberdb mipsel 10 -n10 # DEC 5830 Xaberdq sun4 8 # Sun 4/330 Xdecgca mipsel 5 -n19 # DS3100 Xsunga sun3 1 -n19 # Sun 3/50 Xsungb sun3 1 -n19 # Sun 3/50 Xsungc sun3 1 -n19 # Sun 3/50 END_OF_FILE if test 381 -ne `wc -c <'Scripts/network.conf.example'`; then echo shar: \"'Scripts/network.conf.example'\" unpacked with wrong size! fi # end of 'Scripts/network.conf.example' fi if test -f 'Scripts/plaster' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/plaster'\" else echo shar: Extracting \"'Scripts/plaster'\" \(377 characters\) sed "s/^X//" >'Scripts/plaster' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X X### X# This program provides a quick network murder if running "Crack -network" X### X# The name is Chris Samuel's fault... "Plaster the Cracks" indeed... X# Mail admiration of this joke to ccs7@aber.ac.uk X### X Xfor i in ./die.* Xdo X $i Xdone END_OF_FILE if test 377 -ne `wc -c <'Scripts/plaster'`; then echo shar: \"'Scripts/plaster'\" unpacked with wrong size! fi chmod +x 'Scripts/plaster' # end of 'Scripts/plaster' fi if test -f 'Scripts/spotless' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Scripts/spotless'\" else echo shar: Extracting \"'Scripts/spotless'\" \(192 characters\) sed "s/^X//" >'Scripts/spotless' <<'END_OF_FILE' X#!/bin/sh X X### X# This program written by ADE Muffett (aem@aber.ac.uk), August 1991, X# as part of the 'Crack' password cracking package. X### X Xmake -f Scripts/crack.mf spotless > /dev/null 2>&1 END_OF_FILE if test 192 -ne `wc -c <'Scripts/spotless'`; then echo shar: \"'Scripts/spotless'\" unpacked with wrong size! fi chmod +x 'Scripts/spotless' # end of 'Scripts/spotless' fi if test ! -d 'Sources' ; then echo shar: Creating directory \"'Sources'\" mkdir 'Sources' fi if test -f 'Sources/Makefile' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/Makefile'\" else echo shar: Extracting \"'Sources/Makefile'\" \(1572 characters\) sed "s/^X//" >'Sources/Makefile' <<'END_OF_FILE' X### X# Makefile for the CRACK suite V3.2, (c) ADE Muffett, Aug 1991 X### X X### X# Configurtable bitz... X### X XCC= cc XCFLAGS= -O2 XLIBS= XSHELL= /bin/sh X X### X# Not so configurable bitz... X### X XPWC= crack-pwc XPP= crack-pp X X### X# There is some redundancy in using CRACKMOD like this, as opposed to a X# library, but it's more portable than trying to use 'ar' - as Chris Lewis X# pointed out... SWTF. X### X XCRACKMOD= crack-lib.o crack-fcrypt.o crack-port.o X X### X# Default target X### X Xall: $(PP) $(PWC) X X$(PP): $(CRACKMOD) crack-pp.o X $(CC) $(CFLAGS) -o $@ crack-pp.o $(CRACKMOD) $(LIBS) X X$(PWC): $(CRACKMOD) crack-pwc.o X $(CC) $(CFLAGS) -o $@ crack-pwc.o $(CRACKMOD) $(LIBS) X Xcrack-pp.c: crack.h X Xcrack-pwc.c: crack.h X Xcrack-lib.c: crack.h X Xcrack.h: conf.h X touch crack.h Xconf.h: X Xclean: X -rm -f $(PP) $(PWC) *.o *.u *.a X -rm -f tester *.pixie *.Addrs *.Counts X -rm -f speedcrypt speedfcrypt speedxform X X### X# These targets below are for fcrypt() development only X### X XPIXIEF = -procedures -heavy -invocations -zero X Xtests: speedcrypt tester speedxform speedfcrypt X -./speedcrypt X -./speedfcrypt X -./speedxform X -./tester X Xspeedfcrypt: speeds.c $(CRACKMOD) X $(CC) -DT1 -o speedfcrypt speeds.c $(CRACKMOD) X Xspeedxform: speeds.c $(CRACKMOD) X $(CC) -DT2 -o speedxform speeds.c $(CRACKMOD) X Xspeedcrypt: speeds.c $(CRACKMOD) X $(CC) -o speedcrypt speeds.c $(CRACKMOD) X Xtester: tester.o $(CRACKMOD) X $(CC) -o tester tester.o $(CRACKMOD) X Xtester.pixie: tester X pixie -o tester.pixie tester X Xprof: tester.pixie X time tester.pixie X prof -pixie tester $(PIXIEF) END_OF_FILE if test 1572 -ne `wc -c <'Sources/Makefile'`; then echo shar: \"'Sources/Makefile'\" unpacked with wrong size! fi # end of 'Sources/Makefile' fi if test -f 'Sources/conf.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/conf.h'\" else echo shar: Extracting \"'Sources/conf.h'\" \(3459 characters\) sed "s/^X//" >'Sources/conf.h' <<'END_OF_FILE' X#include X#include X#include X#include X X#ifdef BSD X#define strchr(a,b) index(a,b) X#endif /* BSD */ X X/* X * Switch for my use - if defined, overrides the defaults below and sets up X * my own. It's simplest if you undefine and ignore this switch. X */ X X#define DEVELOPMENT_VERSION X X/* !!!! EVERYBODY ELSE START HERE !!!! */ X X/* X * if defined, this will insert code for verbose options X */ X X#define CRACK_VERBOSE X X/* X * define this if you have _toupper() - check your manpages X */ X X#undef FAST_TOCASE X X/* X * define this if you are on a Sys V type system with a uname() system call X * and have no gethostname() - it fakes up a BSD gethostname() so you can use X * CRACK_NETWORK; see crack-port.c X */ X X#undef CRACK_UNAME X X/* X * define this if you are running multiple Cracks over a network; if you X * aren't using "rsh" to do this, edit "Scripts/RCrack" as well X */ X X#undef CRACK_NETWORK X X/* X * define this to search gecos entry for possible passwords - I RECOMMEND X * THIS VERY VERY STRONGLY X */ X X#define CRACK_GECOS X X/* X * define this to make a dictionary pass of pluralised words X */ X X#define CRACK_PLURAL X X/* X * define this to make a dictionary pass of words with leading and trailing X * 0's and 1's. If you want to add other leading/trailing characters, edit X * the "trailing_chars[]" string in "crack-pp.c" X */ X X#define CRACK_TRAILING X X/* X * define this to print the password if you crack it X */ X X#define CRACK_PRINTOUT X X/* X * if defined, tries guesses < 5 chars long - this wastes time if you are X * unlikely to have REALLY short passwords, try it once though. X */ X X#define CRACK_SHORT_PASSWDS X X/* X * if defined, do sanity checks on the DES password - this gets round expiry X * mechanisms appending extra characters to signify "things" X */ X X#define CRACK_PW_VERIFY X X/* X * define this if you are using fcrypt() - you might not want to if X * fcrypt() doesn't work properly X */ X X#define FCRYPT X X/* X * The following symbols pertain ONLY to fcrypt() usage X */ X X/* X * if defined use builtin clearing in preference to using bzero(), for 4 or 8 X * byte long ints X */ X X#define BUILTIN_CLEAR X X/* X * define if you have a bzero and do not want to use BUILTIN_CLEAR X */ X X#define BZERO X X/* X * define this if you have a 4 byte "long_int" on RISC machines and want a X * speedup - it should not hurt CISC machines either X */ X X#undef FDES_4BYTE X X/* X * undef this if your compiler knows the fact that 6*x == x<<1 + x<<2 X */ X X#undef BRAINDEAD6 X X/* X * Personal stuff only - I recommend you ignore stuff below this line, unless X * you know what you're doing X */ X X#ifdef DEVELOPMENT_VERSION X/* X * for my personal use, this is my configuration on a DS5000/200 X */ X#undef BRAINDEAD6 X X#ifndef BUILTIN_CLEAR X#define BUILTIN_CLEAR X#endif /* BUILTIN_CLEAR */ X X#undef BZERO X X#ifndef CRACK_GECOS X#define CRACK_GECOS X#endif /* CRACK_GECOS */ X X#ifndef CRACK_NETWORK X#define CRACK_NETWORK X#endif /* CRACK_NETWORK */ X X#ifndef CRACK_PLURAL X#define CRACK_PLURAL X#endif /* CRACK_PLURAL */ X X#ifndef CRACK_PRINTOUT X#define CRACK_PRINTOUT X#endif /* CRACK_PRINTOUT */ X X#ifndef CRACK_PW_VERIFY X#define CRACK_PW_VERIFY X#endif /* CRACK_PW_VERIFY */ X X#undef CRACK_SHORT_PASSWDS X X#ifndef CRACK_TRAILING X#define CRACK_TRAILING X#endif /* CRACK_TRAILING */ X X#undef CRACK_UNAME X X#undef CRACK_VERBOSE X X#undef FAST_TOCASE X X#ifndef FCRYPT X#define FCRYPT X#endif /* FCRYPT */ X X#ifndef FDES_4BYTE X#define FDES_4BYTE X#endif /* FDES_4BYTE */ X X#endif /* DEVELOPMENT VERSION */ END_OF_FILE if test 3459 -ne `wc -c <'Sources/conf.h'`; then echo shar: \"'Sources/conf.h'\" unpacked with wrong size! fi # end of 'Sources/conf.h' fi if test -f 'Sources/crack-lib.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/crack-lib.c'\" else echo shar: Extracting \"'Sources/crack-lib.c'\" \(1756 characters\) sed "s/^X//" >'Sources/crack-lib.c' <<'END_OF_FILE' X#include "crack.h" X X/* X * This program is copyright (c) Alec Muffett 1991 except for certain X * portions of code ("crack-fcrypt.c") copyright (c) Robert Baldwin, Icarus X * Sparry and Alec Muffett. The author(s) disclaims all responsibility or X * liability with respect to it's usage or its effect upon hardware or X * computer systems. This software is in the public domain and is freely X * redistributable PROVIDED that this notice remains intact. X */ X Xvoid XTrim (string) /* remove trailing whitespace from a string */ X register char *string; X{ X register char *ptr; X X for (ptr = string; *ptr; ptr++); X while ((--ptr >= string) && isspace (*ptr)); X *(++ptr) = '\0'; X} X Xchar * XReverse (str) /* return a pointer to a reversal */ X register char *str; X{ X register int i; X register int j; X register char *ptr; X static char area[STRINGSIZE]; X X j = i = strlen (str); X while (*str) X { X area[--i] = *str++; X } X area[j] = '\0'; X return (area); X} X Xchar * XUppercase (str) /* return a pointer to an uppercase */ X register char *str; X{ X register char *ptr; X static char area[STRINGSIZE]; X X ptr = area; X while (*str) X { X *(ptr++) = islower (*str) ? toupper (*str) : *str; X str++; X } X *ptr = '\0'; X X return (area); X} X Xchar * XLowercase (str) /* return a pointer to an lowercase */ X register char *str; X{ X register char *ptr; X static char area[STRINGSIZE]; X X ptr = area; X while (*str) X { X *(ptr++) = isupper (*str) ? tolower (*str) : *str; X str++; X } X *ptr = '\0'; X X return (area); X} X Xchar * XClone (string) X char *string; X{ X int len; X char *retval; X X retval = (char *) malloc (strlen (string) + 1); X strcpy (retval, string); X return (retval); X} END_OF_FILE if test 1756 -ne `wc -c <'Sources/crack-lib.c'`; then echo shar: \"'Sources/crack-lib.c'\" unpacked with wrong size! fi # end of 'Sources/crack-lib.c' fi if test -f 'Sources/crack-port.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/crack-port.c'\" else echo shar: Extracting \"'Sources/crack-port.c'\" \(296 characters\) sed "s/^X//" >'Sources/crack-port.c' <<'END_OF_FILE' X#include "crack.h" X X#ifdef CRACK_UNAME X X#include X Xint Xgethostname (name, namelen) X char *name; X int namelen; X{ X struct utsname uts; X if (uname (&uts)) X { X return (-1); X } X strncpy (name, uts.nodename, namelen - 1); X return (0); X} X X#endif /* CRACK_UNAME */ END_OF_FILE if test 296 -ne `wc -c <'Sources/crack-port.c'`; then echo shar: \"'Sources/crack-port.c'\" unpacked with wrong size! fi # end of 'Sources/crack-port.c' fi if test -f 'Sources/crack.h' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/crack.h'\" else echo shar: Extracting \"'Sources/crack.h'\" \(707 characters\) sed "s/^X//" >'Sources/crack.h' <<'END_OF_FILE' X/* X * This program is copyright (c) Alec Muffett 1991 except for certain X * portions of code ("fdes-crypt.c") copyright (c) Robert Baldwin, Icarus X * Sparry and Alec Muffett. The author(s) disclaims all responsibility or X * liability with respect to it's usage or its effect upon hardware or X * computer systems. This software is in the public domain and is freely X * redistributable PROVIDED that this notice remains intact. X */ X X#include "conf.h" X X#define STRINGSIZE 255 X Xvoid Trim (); Xchar *Reverse (); Xchar *Uppercase (); Xchar *Lowercase (); Xchar *Clone (); X X#ifdef FAST_TOCASE X#define toupper(x) _toupper(x) X#define tolower(x) _tolower(x) X#endif X X#ifdef FCRYPT X#define crypt(a,b) fcrypt(a,b) X#endif END_OF_FILE if test 707 -ne `wc -c <'Sources/crack.h'`; then echo shar: \"'Sources/crack.h'\" unpacked with wrong size! fi # end of 'Sources/crack.h' fi if test -f 'Sources/speeds.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/speeds.c'\" else echo shar: Extracting \"'Sources/speeds.c'\" \(866 characters\) sed "s/^X//" >'Sources/speeds.c' <<'END_OF_FILE' X#include X#include X#include X Xstatic int cnt; X#define ITIME 10 /* Number of seconds to run test. */ X Xvoid XStop () X{ X printf ("Did %f %s()s per second.\n", X ((float) cnt) / ((float) ITIME), X#if defined(T1) X "fcrypt" X#elif defined(T2) X "xform" X#else X "crypt" X#endif X ); X exit (0); X} Xmain () X{ X struct itimerval itv; X static int quarters[4]; X X bzero (&itv, sizeof (itv)); X X printf ("Running for %d seconds of virtual time ...\n", ITIME); X X#if defined(T1) || defined(T2) X init_des (); X#endif X X signal (SIGVTALRM, Stop); X itv.it_value.tv_sec = ITIME; X itv.it_value.tv_usec = 0; X setitimer (ITIMER_VIRTUAL, &itv, NULL); X X for (cnt = 0;; cnt++) X { X#if defined(T1) X fcrypt ("fredfred", "eek"); X#elif defined(T2) X xform (quarters, 0); X#else X crypt ("fredfred", "eek"); X#endif X } X} END_OF_FILE if test 866 -ne `wc -c <'Sources/speeds.c'`; then echo shar: \"'Sources/speeds.c'\" unpacked with wrong size! fi # end of 'Sources/speeds.c' fi if test -f 'Sources/tester.c' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'Sources/tester.c'\" else echo shar: Extracting \"'Sources/tester.c'\" \(612 characters\) sed "s/^X//" >'Sources/tester.c' <<'END_OF_FILE' X#include X#include X X#define EEK 8192 X#define PROFx X Xmain () X{ X int i; X char a[255]; X char b[255]; X X init_des (); X X#ifndef PROF X strcpy (a, crypt ("fredfred", "fredfred")); X strcpy (b, fcrypt ("fredfred", "fredfred")); X X printf ("Check Old: %s\tNew: %s\n", a, b); X X if (!strcmp (a, b)) X { X printf ("fcrypt() is compatible with standard crypt()\n"); X } else X { X printf ("fcrypt() is not compatible !!! \7\n"); X exit (1); X } X printf ("Doing %d fcrypts()\n", EEK); X#endif X X for (i = EEK; i; i--) X { X fcrypt ("fredfred", "eek"); X } X X return (0); X} END_OF_FILE if test 612 -ne `wc -c <'Sources/tester.c'`; then echo shar: \"'Sources/tester.c'\" unpacked with wrong size! fi # end of 'Sources/tester.c' fi echo shar: End of archive 1 \(of 4\). cp /dev/null ark1isdone MISSING="" for I in 1 2 3 4 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 4 archives. rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 exit 0 # Just in case...