223 lines
12 KiB
Plaintext
223 lines
12 KiB
Plaintext
|
Personal Computer Unix Password Cracker, Version 2.01 - Copyright (c) 1990
|
||
|
|
------------------------------------------------------------------------------
|
||
|
|
Written By Doctor Dissector
|
||
|
|
Released On December 17th, 1990
|
||
|
|
------------------------------------------------------------------------------
|
||
|
|
|
||
|
|
DISCLAIMER:
|
||
|
|
===========
|
||
|
|
Doctor Dissector, the author of PCUPC will not be held responsible for the
|
||
|
|
actions of anyone who may misuse this program for illegal appropriation of
|
||
|
|
Unix(tm) accounts. Doctor Dissector DOES NOT endorse the illegal use of this
|
||
|
|
program and CANNOT control the actions of the people who might use this
|
||
|
|
program for illegal means.
|
||
|
|
|
||
|
|
Description:
|
||
|
|
============
|
||
|
|
The Personal Computer Unix Password Cracker (PCUPC) is a program which
|
||
|
|
effectively encrypts passwords from a list of words, comparing them to any
|
||
|
|
unix etc/passwd file's encrypted passwords; matching passwords are recorded
|
||
|
|
for future use.
|
||
|
|
|
||
|
|
Limitations:
|
||
|
|
============
|
||
|
|
PCUPC can read data from an etc/passwd file. However, for best results,
|
||
|
|
any lines in this file which have blank passwords ('::' password) or inactive
|
||
|
|
flags (':*:' or ':***:') should be removed before administering cracking
|
||
|
|
techiniques.
|
||
|
|
If the lines from the etc/passwd file which contain input fields are not
|
||
|
|
removed, all words and word combinations will appear to be valid for that
|
||
|
|
specific user.
|
||
|
|
If the lines from the etc/passwd file which contain asteriks are not
|
||
|
|
removed, no words or word combinations will appear to be valid.
|
||
|
|
|
||
|
|
186/286 Version:
|
||
|
|
================
|
||
|
|
PCUPC comes in two versions, an 8088/8086 version and 80186/80286/80386
|
||
|
|
version. The 8088/8086 version is slightly slower than the 186/286/386
|
||
|
|
version, but this difference will not be obvious on any machine slower than
|
||
|
|
a 25 Mhz 386 or with LARGE (over 10,000 combination) cracks.
|
||
|
|
Both versions host the same features; the 8088/8086 version's executable
|
||
|
|
is named "PCUPC.EXE" and the 186/286/386 version is named "PCUPC-AT.EXE".
|
||
|
|
The following documentation will continue to describe BOTH versions under
|
||
|
|
the name of PCUPC.
|
||
|
|
|
||
|
|
Execution:
|
||
|
|
==========
|
||
|
|
Usage: pcupwc /p<file> /v<file> /w<file> [/u] [/1] [/c] [/o] [/r] [/s]
|
||
|
|
|
||
|
|
Mandatory Parameters:
|
||
|
|
/p<file> Filename of the etc/passwd file to be cracked. If this parameter
|
||
|
|
is not entered, PCUPC will request for a filename before
|
||
|
|
beginning.
|
||
|
|
/v<file> Filename of the output file, where all valid username/password
|
||
|
|
combinations will be saved. If this parameter is not entered,
|
||
|
|
PCUPC will request for a filename before beginning.
|
||
|
|
/w<file> Filename of the wordfile where all password guesses are stored.
|
||
|
|
Format of the words inside this wordfile must be one word per
|
||
|
|
line, no blank lines are allowed. If this parameter is not
|
||
|
|
entered, PCUPC will request for a filename before beginning.
|
||
|
|
|
||
|
|
Optional Parameters:
|
||
|
|
/u This will tell PCUPC to compare every word from the wordfile
|
||
|
|
against a user before moving to the next. Normally, PCUPC will
|
||
|
|
crack for passwords in the following "format":
|
||
|
|
|
||
|
|
FORMAT #1:
|
||
|
|
----------
|
||
|
|
word #1: test user #1's password
|
||
|
|
test user #2's password...
|
||
|
|
word #2: test user #1's password
|
||
|
|
test user #2's password...
|
||
|
|
word #3: test user #1's password
|
||
|
|
test user #2's password... (etc...)
|
||
|
|
|
||
|
|
This flag will tell PCUPC to following the following format
|
||
|
|
instead, for cracking passwords:
|
||
|
|
|
||
|
|
FORMAT #2:
|
||
|
|
----------
|
||
|
|
user #1's password: test word #1
|
||
|
|
test word #2
|
||
|
|
test word #3...
|
||
|
|
user #2's password: test word #1
|
||
|
|
test word #2
|
||
|
|
test word #3...
|
||
|
|
user #3's password: test word #1
|
||
|
|
test word #2
|
||
|
|
test word #3... (etc...)
|
||
|
|
|
||
|
|
PCUPC defaults to the first "format". This command overrides
|
||
|
|
that format.
|
||
|
|
/1 This will tell PCUPC to test the characters a-z, A-Z, and 0-9
|
||
|
|
as passwords before testing words from the wordfile.
|
||
|
|
/c This will tell PCUPC to test all guesses first in their normal
|
||
|
|
case, then all uppercase, then all lowercase. PCUPC is smart and
|
||
|
|
will not repeat word combinations which are the same. For example,
|
||
|
|
PCUPC will test the word 'dood', first as 'dood' (normal), then
|
||
|
|
as 'DOOD' (uppercase), but not 'dood' (lowercase) since it was
|
||
|
|
already tested.
|
||
|
|
/o This will tell PCUPC to display verbose output to the console.
|
||
|
|
Normally, no information will be echoed to the screen once PCUPC
|
||
|
|
begins cracking; this will tell PCUPC to print all guesses and
|
||
|
|
correct guesses to the console.
|
||
|
|
/r This will tell PCUPC to test all guesses in reverse after
|
||
|
|
guessing them foreward. Like the '/o' flag, PCUPC will not repeat
|
||
|
|
guesses if they are the same backwards and forewards.
|
||
|
|
/s This will tell PCUPC to print all valid guesses to the console.
|
||
|
|
This flag is automatically toggled when verbose output is active.
|
||
|
|
/? Prints a summary of command line parameters and exits.
|
||
|
|
|
||
|
|
Examples:
|
||
|
|
=========
|
||
|
|
pcupwc /pPASSWD.212 /vVALID.212 /wDICT.TXT /c /o
|
||
|
|
The above command will instruct PCUPC to read encrypted passwords from
|
||
|
|
the file PASSWD.212 (etc/passwd format), write any valid username/
|
||
|
|
password combinations to the file VALID.212, and read guesses from the
|
||
|
|
file DICT.TXT. All guesses will be tested in upper and lowercase.
|
||
|
|
Output will be verbose to the console.
|
||
|
|
|
||
|
|
pcupwc /ppwfile.txt /vresults.txt /wwords.txt /r /c /s
|
||
|
|
The above command will instruct PCUPC to read encrypted passwords from
|
||
|
|
the file PWFILE.TXT, write valid username/password combinations into
|
||
|
|
RESULTS.TXT, and read guesses from WORDS.TXT. All guesses will be
|
||
|
|
tested in reverse, upper, and lowercase. Valid username/password
|
||
|
|
combinations will also be echoed to the screen.
|
||
|
|
|
||
|
|
pcupwc /1 /o
|
||
|
|
The above command will instruct PCUPC to ask for the names of the
|
||
|
|
password file, valid output file, and wordfile upon execution. When
|
||
|
|
cracking begins, PCUPC will test the characters a-z, A-Z, and 0-9
|
||
|
|
as passwords and print all output verbose to the console.
|
||
|
|
|
||
|
|
pcupwc /u
|
||
|
|
the above command will instruct PCUPC to ask for the names of the
|
||
|
|
password file, valid output file, and wordfile upon execution. When
|
||
|
|
cracking begins, PCUPC will crack following format #2. Nothing
|
||
|
|
will be echoed to the console.
|
||
|
|
|
||
|
|
Example Of Guesses:
|
||
|
|
===================
|
||
|
|
PCUPC can test words as normal, uppercase, lowercase, and reversed. The
|
||
|
|
following table displays the guesses for the words 'Guess', 'password',
|
||
|
|
'PW', and 'MOM'. The x'd out areas are fields which are never accessed by
|
||
|
|
each particular flag. The blank spaces are fields which would be repetitive
|
||
|
|
to PCUPC and therefore are not tested.
|
||
|
|
|
||
|
|
+---------------------------------------------------------------------------+
|
||
|
|
| Flags | Normal | Upcase | Lowcase | Reverse | Ureverse | Lreverse |
|
||
|
|
+---------------------------------------------------------------------------+
|
||
|
|
| [/c] | Guess | GUESS | guess |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | password | PASSWORD | |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | PW | | pw |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | MOM | | mom |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
+---------+----------+----------+----------+----------+----------+----------+
|
||
|
|
| [/r] | Guess |XXXXXXXXXX|XXXXXXXXXX| sseuG |XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | password |XXXXXXXXXX|XXXXXXXXXX| drowssap |XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | PW |XXXXXXXXXX|XXXXXXXXXX| WP |XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
| | MOM |XXXXXXXXXX|XXXXXXXXXX| |XXXXXXXXXX|XXXXXXXXXX|
|
||
|
|
+---------+----------+----------+----------+----------+----------+----------+
|
||
|
|
| [/r /c] | Guess | GUESS | guess | sseuG | SSEUG | sseug |
|
||
|
|
| | password | PASSWORD | | drowssap | DROWSSAP | |
|
||
|
|
| | PW | | pw | WP | | wp |
|
||
|
|
| | MOM | | mom | | | |
|
||
|
|
+---------------------------------------------------------------------------+
|
||
|
|
|
||
|
|
Notes:
|
||
|
|
======
|
||
|
|
|
||
|
|
1. When aborting a crack session, be sure to exit with a CONTROL-Q; if any
|
||
|
|
other break key (CONTROL-ALT-DEL, CONTROL-C, CONTROL-BREAK, Cold Boot) is
|
||
|
|
used to interrupt PCUPC, some valid passwords may not be written to disk
|
||
|
|
properly. CONTROL-Q properly end-writes and closes the valid output file
|
||
|
|
elimiating any chance of data loss.
|
||
|
|
|
||
|
|
2. When using the default format for cracking, whenever a valid password is
|
||
|
|
found for a given user, PCUPC will skip that user for the remainder of the
|
||
|
|
crack; this saves time! When verbose output is active and PCUPC skips a user,
|
||
|
|
an 'o' will be echoed to the screen instead of the usual '.'.
|
||
|
|
|
||
|
|
3. When using the '/u' format for cracking, whenever a valid password is
|
||
|
|
found for a user, PCUPC will move on to the next user; this saves time!
|
||
|
|
The default format has the capability to have a faster throughput compared
|
||
|
|
to the second format; the reason is simple, examine the following example.
|
||
|
|
|
||
|
|
Format #1, Hypothetical Situation: 10 words, 10 users.
|
||
|
|
|
||
|
|
Word #1, Users Tested: 1,2,3,4,5,6,7,8,9,10
|
||
|
|
Word #2, Users Tested: 1,2,3,4,5,6,7,8,9,10
|
||
|
|
Word #3, Users Tested: 1,2,3,4,5,6,7,8,9,10 (Valid For User #3)
|
||
|
|
Word #4, Users Tested: 1,2,4,5,6,7,8,9,10
|
||
|
|
Word #5, Users Tested: 1,2,4,5,6,7,8,9,10
|
||
|
|
Word #6, Users Tested: 1,2,4,5,6,7,8,9,10 (Valid For User #9)
|
||
|
|
Word #7, Users Tested: 1,2,4,5,6,7,8,10 (Valid For User #5)
|
||
|
|
Word #8, Users Tested: 1,2,4,6,7,8,10
|
||
|
|
Word #9, Users Tested: 1,2,4,6,7,8,10
|
||
|
|
Word #10, Users Tested: 1,2,4,6,7,8,10
|
||
|
|
|
||
|
|
As you can see, the crack started with 10 users, and in the end, only
|
||
|
|
7 users are being cracked because the other three have already been cracked,
|
||
|
|
and PCUPC will skip them; as a result, at the end of long cracks, PCUPC
|
||
|
|
will appear to run much faster as it skips already cracked users.
|
||
|
|
|
||
|
|
------------------------------------------------------------------------------
|
||
|
|
Benchmarks: PCUPWC (v.99 Beta) vs PCUPC (v2.01, 8088 & 186/286/386)
|
||
|
|
|
||
|
|
1,000 Total Password Combinations +----------+
|
||
|
|
Times In Minutes, Speeds In Combinations/Second | Average |
|
||
|
|
| Increase |
|
||
|
|
+--------+-------+--------+-------+--------+-------+ | Over |
|
||
|
|
Benchmarks | PCUPWC | Speed | PCUPC | Speed |PCUPC-AT| Speed | | PCUPWC |
|
||
|
|
+------------+--------+-------+--------+-------+--------+-------+ +----------+
|
||
|
|
| 20 Mhz 386 | 3.87 | 4.3 | 0.77 | 21.7 | 0.74 | 22.5 | | 514.0% |
|
||
|
|
| 25 Mhz 386 | 3.11 | 5.2 | 0.64 | 26.0 | 0.61 | 27.3 | | 513.5% |
|
||
|
|
| 33 Mhz 386 | 1.53 | 10.9 | 0.30 | 55.6 | 0.28 | 60.0 | | 530.3% |
|
||
|
|
+------------+--------+-------+--------+-------+--------+-------+ +----------+
|
||
|
|
|
||
|
|
------------------------------------------------------------------------------
|
||
|
|
Special thanks to Razor and Minuteman for helping me out on encryption and
|
||
|
|
other technical procedures while programming this cracker.
|
||
|
|
Some more special thanx go out to PLAGUE and a user who wishes not to be
|
||
|
|
named at this time for help with the fast DES encryption routines.
|
||
|
|
-(c)1990------------------------------------------------------------------eof-
|