224 lines
9.6 KiB
Plaintext
224 lines
9.6 KiB
Plaintext
|
||
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
³ Cracker Jack, THE Unix Password Cracker ³
|
||
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
|
||
|
||
June 1993 Doc's for Cracker Jack v 1.4
|
||
|
||
|
||
DISCLAIMER
|
||
==========
|
||
The copyright of this software is owned by the author, Jackal.
|
||
Please feel free to make copies and share them with your friends.
|
||
I can under no circumstances be held responsible for any consequences
|
||
of your use/misuse of this package, whatever that may be (system crash,
|
||
you going to jail, world war, etc..). Nor can I guarantee any functionality,
|
||
just take it or leave it.
|
||
|
||
|
||
What is Cracker Jack?
|
||
=====================
|
||
Cracker Jack is a Unix password checker/cracker, running on PC's.
|
||
As humble as I am, I don't think you'll find other Unix password
|
||
crackers for PC's, who will beat it in speed (if you do, I'll appreciate
|
||
if you let me know).
|
||
It is currently available in 2 versions (for 8086/88 and 80386.
|
||
I've dropped the 286 version, it wasn't significantly faster than
|
||
the 8086 version).
|
||
The 386 version is far faster than the other, please use that, if
|
||
you have a 386 or 486 CPU. Besides, the 386 version has no 640 kb limit,
|
||
so you can load a lot more accounts. The 386 version also runs under
|
||
OS/2 v. 2.0.
|
||
(Special versions for 486 and 586/Pentium might be available in the future.
|
||
Likewise, I might port it to other CPU's on other O/S'es than DOS and
|
||
OS/2, but don't count on it).
|
||
|
||
|
||
What's new in Cracker Jack 1.4?
|
||
===============================
|
||
I finally got that Borland C++ v 3.1, but I'm rather disappointed,
|
||
'coz in the meantime I've got hold on the GNU C compiler - IT'S GREAT!
|
||
After porting Jack to this compiler, it runs about 8% faster, at least
|
||
on my PC. I believe, however, that the speed increase is varying,
|
||
depending on your CPU type, cache RAM etc. Anyway, it now runs in
|
||
protected mode (and it REQUIRES a 386/486!), so there's no 640 kb limit.
|
||
Thanks to the EMX port of GNU C, it also runs under OS/2 2.0.
|
||
Furthermore, I've (once again) rearranged the account loading and
|
||
sorting algorithm, so there's virtually no startup delay, even when
|
||
loading several thousand accounts.
|
||
|
||
I have included a sort utility, JSORT. It doesn't have the 64 kb limit
|
||
as DOS SORT has. Currently it doesn't support single crack wordlists,
|
||
but I'm working on that.
|
||
|
||
JPP can now insert a dot BEFORE the password, with option -dot:0
|
||
|
||
That's basically it, no real news, but I thought this was worth
|
||
releasing.
|
||
|
||
|
||
What's new in Cracker Jack 1.3
|
||
==============================
|
||
- Rearranged and optimized the account loading/checking routines, thus
|
||
gaining faster loading and space for more accounts per session.
|
||
- Added the -noname switch, which prevents Jack from loading the login
|
||
names into memory, and thus lets you load even more accounts per
|
||
session. The more accounts, the more comparisons/second.
|
||
- In single crack mode, it now checks ALL the accounts with
|
||
same salts as the account being processed. This takes almost no extra
|
||
time, so why not do it? It has given ME some accounts. :)
|
||
- It now checks the keyboard for Ctrl-C, so you don't have to wait eras
|
||
when you wanna abort the session.
|
||
- Status is now only showed when you press a key (and on exit), so you get a
|
||
bigger chance of seeing cracked passwords, before they scroll off the screen.
|
||
- It is now possible to restore an aborted single crack session.
|
||
|
||
|
||
Jackal's future plans:
|
||
- Fix JSORT to support single crack wordlists
|
||
- Implement password generator
|
||
- Add 'free crack' option to load accounts with same salts from other
|
||
pwfiles (and/or same pwfile when using the -u option)
|
||
- Implement more options into JPP.
|
||
- Possibly implement the features of JPP into Jack itself, to avoid the
|
||
need of lot of harddisk space for the DOS pipe, especially when you
|
||
use -gecos:8
|
||
- Improve the docs
|
||
|
||
Files in the archive
|
||
====================
|
||
The following files are included in the archive:
|
||
|
||
JACK.EXE Cracker Jack
|
||
JPP.EXE Jack PreProcessor, manipulates words
|
||
JACKPOT.EXE Shows you the passwords cracked so far
|
||
XTRACT.EXE Extracts words from any file
|
||
JSORT.EXE Sorts standard wordfiles (NOT single crack wordlists!)
|
||
JACK14.DOC Hmmm, what can this be? :)
|
||
EMX.EXE *) EMX runtime/system interface for DOS
|
||
EMX.DLL *) EMX runtime/system interface for OS/2
|
||
|
||
*) Note: Only included in the 386 version.
|
||
Beware, that all executables are NOT the same in the 386
|
||
version as in the 8086 version, although the names are the
|
||
same.
|
||
|
||
|
||
How to use Cracker Jack
|
||
=======================
|
||
I guess you'll figure it out yourself, but there are some things that
|
||
might require a word of explanation.
|
||
|
||
Jack saves all cracked passwords in a file called JACK.POT, in the same
|
||
directory as JACK.EXE. Be aware of this, if you run Jack from a floppy
|
||
(who would do that?), don't write protect it.
|
||
Jack uses this file to check, if any of the passwords were cracked
|
||
previously, and won't try to crack them again. So, please don't delete
|
||
this file (it's readonly for the same reason).
|
||
|
||
JACKPOT.EXE shows you these passwords.
|
||
Since this is similar to the "validfile" output in previous versions of
|
||
Jack, I have removed this option. Some of you might miss it, but it
|
||
requires a lot of core, which I felt could be better used for cracking
|
||
more accounts.
|
||
JACKPOT.EXE HAS TO BE IN THE SAME DIRECTORY AS JACK.EXE!
|
||
|
||
With Jack it is possible to crack more than 1 passwd file, without you
|
||
have to combine them into one single. You can even use wildcards.
|
||
|
||
Every 10 minutes (and upon completion), Jack saves point information to
|
||
a file (RESTORE, unless you specified another name with the -r option).
|
||
In case the system crashes, you don't have to start all over.
|
||
But if you interrupt a session and start a new one, the old information
|
||
is overwritten. Therefore, always rename the file, if you want to use
|
||
it.
|
||
|
||
The -user option lets you specify the login names or user id's of the
|
||
accounts you want to crack. F.ex. -user:0 would load all accounts with
|
||
root priv's, whereas -user:root would just load the root account itself.
|
||
|
||
The single crack option (-single) in JACK is used in conjunction with
|
||
the login (-login) and gecos (-gecos:#) options of JPP. F.ex. would
|
||
JPP -gecos:1 -lower pwfile | JACK -stdin -single pwfile
|
||
lowercase each word in the gecos fields and try it on the accounts
|
||
to whom it belongs AND to other accounts with the same salt.
|
||
|
||
There is one thing, you have to be aware of, when using single crack
|
||
mode; It is not adviced to direct the output from JPP to a file, and
|
||
then use this file as input for Jack. Because Jack does not load the
|
||
accounts it has cracked previously, the inputfile has to provide
|
||
login/gecos words from the UNCRACKED accounts ONLY! Otherwise JACK gets
|
||
out of syncronization, and tries the supplied words on the wrong
|
||
accounts. In other words, if you have cracked some accounts AFTER the
|
||
creation of the inputfile, you have to recreate it with JPP. This is
|
||
also the case if you restore a single crack session.
|
||
If you always PIPE the output from JPP into Jack, there's no problems.
|
||
JPP.EXE HAS TO BE IN THE SAME DIRECTORY AS JACK.EXE!
|
||
|
||
To illustrate the gecos option of JPP, suppose we have a passwd file
|
||
with the following account:
|
||
|
||
billy:EncrPassword:123:10:Billy The Kid:/usr/billy:/bin/csh
|
||
|
||
There are 4 levels of gecos manipulation.
|
||
|
||
1: Each word
|
||
e.g. "Billy", "The", "Kid"
|
||
2: Combination of any 2 words
|
||
e.g. "BillyThe", "BillyKid", "TheBilly", "TheKid" ,...
|
||
4: Combination of 1 word and up to 2 initials
|
||
e.g. "BillyTK", "BillyKT", "TKBilly", "TBillyK", "BKid" ,...
|
||
8: Combination of substrings of up to 3 words
|
||
e.g. "BiThKid", "BillKi", "BilTheKi", "TheBillyK", "BTK" ,...
|
||
|
||
Level 1, 2 and 4 can be added together. F.ex. if you want to get level 1
|
||
and level 4 in one run, specify -gecos:5.
|
||
Level 8 is an outsider; it always includes the other levels as well,
|
||
except that the output from level 8 is never more than 8 chars, to cut
|
||
down disk usage. Speaking of disk usage, remember to set the DOS TEMP
|
||
variable to a disk big enough to store the temporary file, created by
|
||
the DOS pipe (|). Preferrably the disk should be cached as well.
|
||
|
||
The XTRACT program was created for a specific need I had (to retrieve
|
||
fancy words from a game).
|
||
Usage: XTRACT MYFILE.XXX | SORT | JPP -include > WORDS.XXX
|
||
The reason to pipe it through JPP, is that JPP unique's it's output.
|
||
Another purpose for it, could be if you just had a couple of words
|
||
to pass to Cracker Jack, but didn't want to create a wordfile:
|
||
ECHO secret abc123 haleluja password | XTRACT | JACK -stdin pwfile
|
||
|
||
|
||
Known bugs/restrictions
|
||
=======================
|
||
You cannot specify more than one wordfile to JACK (although you
|
||
can to JPP)
|
||
|
||
You cannot use spaces in the parameters to JPP, but since only
|
||
the 7 lower bits of each char in the password is used, you can
|
||
use char # 160 ( = AltGr+1+6+0) instead. e.g:
|
||
JPP -gecos:4 -dot:1 pwfile | JPP -translate:. | JACK -stdin -single pwfile
|
||
|
||
JSORT doesn't support single crack wordlists yet. In these wordlists,
|
||
generated by JPP's -login or -gecos options, there are some strings,
|
||
"***!***", which tells Jack to switch to the next salt. JSORT doesn't
|
||
recognise this string as anything special, and just treats it as a normal
|
||
input line.
|
||
|
||
................
|
||
|
||
|
||
|
||
Have phun, Jackal.
|
||
|
||
|
||
|
||
Contacting the author / How to get help / Dist. site
|
||
====================================================
|
||
The official distribution site for CrackerJack is Freeside, +45-3-122-3119.
|
||
Here you may contact the author, as well as obtain the latest version.
|
||
|
||
Zephyr, Freeside Sysop.
|
||
|
||
|