informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/computers/DOCUMENTATION/ch2-doc

423 lines
27 KiB
Plaintext
Raw Blame History

+----------------------------------------------------------------------+
| ###### ## ## ###### ####### ###### ###### |
| ## ## ## ## ## ## ## ## ## ## ## ## |
| ## ######## #### #### ## ## ## ## ## |
| ## ## ## ## ### ## ## ## ## ## ## |
| ###### ## ## ######## ####### ###### ###### |
+----------------------------------------------------------------------+
| CrackerHack Version 2.0 (c) 1992 - No Means No. Released 12/1/1992. |
| Crackerhack is a very fast custom increment password cracker |
| Utilities included with CH2 are: CH, SETCH, TIMECH, SPLITCH, & NETCH |
| This documentation file describes the Crackerhack Version2 utilities |
| in full detail along with examples & instructions on how to use them |
+----------------------------------------------------------------------+
| -> First increment password cracker ever released (ever written?) <- |
+----------------------------------------------------------------------+
Disclaimer:
I, No Means No, nor any persons involved with the production, construction,
instruction, publication, distribution, implementation or observation of
CrackerHack Version 2.0 assume no responsibility over persons involved with
using, abusing or choosing of CrackerHack Version 2.0, nor do we promote or
condone it. People can make up thier own minds, it is up to the individual.
Overview:
This is a program, like any other, that can be used for a variety of
purposes, educational, security, and yes, even cracking *gasp!*. However, it
was intended to shed light on increment password cracking and prove that it is
indeed very possible.
I began writing Crackerhack sometime during the summer of 1992, however it
was put aside several times so I could work on other projects. I completed
version 1 of Crackerhack sometime in late september of 1992 and was due to be
released to the public on 10/1/92, but it never happened. Instead, after
discovering a few bugs and alot of compatability problems, I decided to just
make CrackerHack Version 2 and have that be the first release to the public.
Only CH, SETCH, and TIMECH were planned for CH1, I added SPLITCH and NETCH in
CH2 as well as writing much more reliable and compatable source code for CH,
SETCH and TIMECH. The documentation was also greatly extended to further
discussion on the included utilities. The original release for CH2 was planned
for 11/1/92 but due to it being submitted to 2600, I have extended the release
date to 12/1/92.
Crackerhack was my second Unix C program to start. A version 3 of
Crackerhack could be very possible, it all depends on what I would like to add
to it. If CH2 has any errors that I do not yet know about, or if there are
any systems on which it will not compile or run correctly, please let me know.
If I discover that there were any problems that I have missed, or if I decide
to add extra features, then there WILL be a CH3. My internet mail address
will be included at the end of this documentation file.
The documentation you are about to read will be fairly detailed and I will
attempt to make things easy to understand, even if you have never used a
program like this before (I have never used a password cracker other than this
one). I also strongly suggest you PRINT these documentations up on PAPER, it
would be annoying to have to come back and scan through this file each time
you want instructions, information, or help using a Crackerhack utility. So
print these if you havn't already.
Explination:
To clear some things up, no password cracker can really be called a password
cracker unless it actually CRACKS the encryption. This program is similar to
other password crackers in the way it compares encryptions, but ONLY in that
respect. It crypts the "guessed word" and compares the encryption of the
"guessed word" to the encryption of the target password encryption, if they
match, the "guessed word" is the unencrypted password. However, that is the
ONLY way Crackerhack can be compared to other password crackers. Other
crackers use dictionary files to use as guesswords. Crackerhack does NOT use
this method, if it did it would be just like every other cracker out there,
which would mean in would be a waste of my time for me to write (correct?).
Instead, Crackerhack could be classified as an INCREMENT CRACKER. This means
it tries EVERY possible combination within a specified range. Combinations and
ranges are set with the SETCH utility and its use is explained in full detail
in the "how to use SETCH" section.
Understanding increment password cracking: Increment cracking works like
binary counting on an alphanumeric table. An example would be if you were to
scan from "aaa" to "zzz" in only lowercase alphas, it would count in the
following format: aaa,aab,aac...nml,nmm,nmn,nmo,nmp,nmq,nmr,nms,nmt,nmu,nmv...
zzu,zzv,zzw,zzx,zzy,zzz. You might be thinking "Damn that must take forever!".
Well first of all, Crackerhack is meant to be used to work on ONLY ONE password
and work on that password until it is either cracked, or the full combo/range
has been completed. Longer cracks take longer time, of course. And it also
depends on the machine you will be cracking the password on and if you will be
using a fast encryption program with CH2, such as UFC (Ultra Fast Crypt).
There is a "Suggestions" section later in this documentation that will
explain different methods of cracking your target password. Some good
suggestions on cracking methods, simple investigation procedures, and what to
AVOID when attempting to crack a password (you wouldnt want it to run
forever!).
Files:
Included with the archived version of this program is the UFC directory that
contains all of the needed Ultra Fast Crypt files so you may add UFC in the
Crackerhack files when compiling. This is explained in the section below
called "compiling". The following files should be in your directory:
CH2-DOC : This documentation file for Crackerhack Version 2.
CH2-NET : Complete information on how to set up the NETCH program.
makefile : The make file for Crackerhack Version 2.
addch.h : The include file for ch.c and timech.c.
ch.c : Crackerhack Version 2 source code.
netch.c : Network Crackerhack Version 2 source code.
setch.c : Setup Crackerhack Version 2 source code.
splitch.c : Split Crackerhack Version 2 source code.
timech.c : Time Crackerhack Version 2 source code.
netch.sh : Network Crackerhack Version 2 work file.
Compiling:
Semi-detailed instructions can be found by just typing "make" in the
directory where the Crackerhack files reside (runs the "makefile"). So if you
should at any time need quicker instructions on how to compile Crackerhack, you
can do that. I am going to explain here in a little more detail exactly how to
compile them.
Included with the archived version of Crackerhack V2, is UFC (Ultra Fast
Crypt). All of the UFC files can be found in the UFC directory that is
included in the CH2 archive. It is highly recommended that you use UFC or some
other fast encryption method with Crackerhack 2 to get MUCH greater speeds when
cracking, because, as most of us know, the standard crypt routines on any
system are slower than a cop without his doughnuts in the morning!
Because UFC is included with the Crackerhack archive, I will explain how to
compile UFC to get the "libufc.a" file and add it to Crackerhack. First,
switch over to the UFC directory and type "make libufc.a". This will compile
the semi-portable version of UFC's "libufc.a" file which should compile and
work correctly on ALL systems. However, you can specify which system you are
using to generate a faster version of UFC for your system, if this is what you
choose to do, you will have to read the UFC documentation for information on
that.
Also, when compiling it on a non-unix based system, use GCC compiler and it
SHOULD compile and run correctly. This has not yet been tested, because CH2
was designed and meant to work on faster systems.
There are 3 different ways to compile:
--------------------------------------
Compiling Crackerhack V2 with "libufc.a": Copy the "libufc.a" file into the
Crackerhack directory and type "make addufc". This will make all Crackerhack
files and add the Ultra Fast Crypt routines into CH and TIMECH.
Compiling Crackerhack V2 with "other.a": First compile the other fast
encryption method and copy the needed file into the Crackerhack directory under
the filename "other.a". Now type "make other", this will make all Crackerhack
files and add your specified fast encryption routines into CH and TIMECH.
Compiling Crackerhack V2 standard format: "make standard" will compile all
Crackerhack files without fast encryption.
--------------------------------------
NOTE: There are special instructions on how to make Crackerhack on a NeXT
system. Add the following string after "make" and before your argument,
'CFLAG=""'... This will clear the optimization flag which seems to screw up
the programs on a NeXT system, so use that so you dont run across any problems
with it after compiling.
You can also "make clean" which will delete all of the made Crackerhack
files as well as ".ch-t", "libufc.a" and "other.a" if they exist.
Using SETCH (Setting up Crackerhack):
The first program you will want to run will be SETCH. SETCH is what is used
to set up the cracking combination and ranges as well as selecting the password
you wish to crack. SETCH creates the ".ch-d" data file which every other
Crackerhack utility works with. After running SETCH you will get the following
menu:
+---(SETCH program output)-------------------------------------------+
|(1) Choose your target password from the "/etc/passwd" file. |
|(2) Choose your target password from the ".ch-p" file. |
|(3) Manually enter an encrypted password string. |
+--------------------------------------------------------------------+
If you are going to be cracking an account that is on the system you will be
cracking on, you will want to select #1 here. If you are going to be cracking
a password that is on another system other than the one you will be cracking on
you will need to copy the "/etc/passwd" file (or just a partial file or even
just one single account if needed) from your target's system, on to the system
you will be cracking on, under the file name of ".ch-p", and select #2. If you
know the encryption of the password you want to crack, then you can select #3
and it will prompt you to type it in. Make sure you type it in EXACTLY (all 13
digits), otherwise you will get false results, or no results at all!
In cases of #1 or #2, it will ask you a pattern to search for, you can
either just press return (to list every account), or enter a pattern for SETCH
to look for within each line of the password file (it uses the unix GREP
command). Then it will go through each account in the password file and ask
you which account you want to choose as your target.
NOTE: In cases #1 or #2, and if you select a pattern to search for it will
create the ".ch-t" file, which is a temporary file created when it uses the
GREP command. This file will be deleted after selecting your target. If you
have a disk space quota it might give you an error when it attempts to create
this file when SETCH is working with very large password files.
After you select either of the 3 options and select your target encryption
it will then display the following:
+---(SETCH program output)-------------------------------------------+
|Select one of the following COMBINATIONS: |
|(1): 0123456789 |
|(2): abcdefghijklmnopqrstuvwxyz |
|(3): 0123456789abcdefghijklmnopqrstuvwxyz |
|(4): ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz |
|(5): 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz |
+--------------------------------------------------------------------+
This is where you select the COMBINATION. keep in mind here that when the
program increments, it will count the combination from left to right. Example,
if you choose #2, it will count from a to z and then flip to aa. ab. ac. etc.
The decision on the combination depends on the method you wish to crack the
target password with. Some examples: Will you be scanning in JUST numeric
combinations? Then choose #1. Will you be doing a FULL alphanumeric
(including uppercase) scan? Then choose #5.
+---(SETCH program output)-------------------------------------------+
|Now select the cracking RANGE, up to 8 characters. |
|From : |
|To : |
+--------------------------------------------------------------------+
This is where you select where your cracking increment scan will start at
and end at. If you selected a combo of #1 for example, you will want the start
and end to be NUMERIC, however there are exceptions. A valid exception would
be if you were to crack a password starting with "staff000" and ending at
"staff999" and you want it to scan numerics only. But if you selected from
"test000" to "testaaa" with a numeric combination, it would increment forever.
This is because it would never get to the "aaa" after "test999", instead it
would flip to "tes0000" and continue counting. Be sure you select your COMBO
and RANGE correctly.
Once you have completed the "From" and "To" phase of SETCH it will then
create the ".ch-d" Crackerhack data file. You have just completed setting up
your crack. You may now run any of the other CH2 utilities.
Using TIMECH (Time estimation of your crack):
What this program does is tell you the estimated amount of time it will
take to complete the full cracking scan on the current machine. It will first
load the ".ch-d" data file. Then it counts the number of crypts per second
(CPS) your machine is getting. Then it counts the number of encryptions it
will take to crack your selection. It will then give you an estimate of the
time it will take to complete the full crack in the format of YY/DD/HH/MM/SS
(that is, if it doesn't crack it first!). Thats all there is to it. Simple
and helpful.
NOTE: Because systems/compilers vary on the maximum storage for the DOUBLE
VARIABLE in C, smaller systems will come up with false results when counting
the encryptions it will take to crack very large cracking ranges/combinations.
But then again, it is not a good idea to even attempt running such large cracks
on such small, obviously slow systems anyway. So I don't this this will be too
much of a problem. However, this will be fixed in the possible CH3.
Using CH (Crackerhack Version 2.0):
Crackerhack! Run this program, it uses your specifications in the ".ch-d"
file and runs the crack on it, all output will go to the ".ch-l" log file. The
only way it can prematurely abort is if the ".ch-d" file does not exist. In
that case it will immediatly tell you and abort, otherwise it will create or
append to the ".ch-l" crackerhack log file the crack is it working on. It will
stop and write the crack completion information to the ".ch-l" crackerhack log
file if either of the following 3 things happen: 1) It cracks the password.
2) It completes the cracking scan. 3) It is aborted.
It is best to run Crackerhack in the background, because some cracks take
quite a long time. A nohup (no hangup) is suggested as well. This will make
sure the program does not abort if the user hangs up or loses connection to the
system. An example on a unix system would be to do this: "nohup ch &". The &
signifies that the program will be run in the background as a job.
ACCESS NOTE: If you have superuser access, or if the system you are on
allows users to set priority, Crackerhack will automatically set the priority
of the program to absolute highest (-20). This will eat up process and CPU,
but it is worth it because you will get much faster CPS. If you do not have
such access to set the priority to a job, then it will not be set and will run
normally.
ABORTING NOTE: If Crackerhack is aborted it will write the last encryption
to the log file. This will let you know where it left off when it was aborted
so you are able to continue the crack from where it left off. However,
Crackerhack is UNABLE to detect the system shutdown, this might cause problems
if you are running it on a system that has an upcoming shutdown! You might
want to time it if your system has shutdowns to make sure it wont get killed
with the shutdown. If anyone knows how to detect a shutdown, let me know, I
have not figured it out. Also, it can not detect "sure kills" (kill -9)
because they can not be caught. So if you are going to kill it, send a -QUIT,
-TERM, or -INT so it will write the last encryption to the log file in case you
decide to continue that crack at a later time.
Using SPLITCH (Split Crackerhack into multiple jobs):
This program does exactly what its called, it SPLITS crackerhack into
multiple jobs to be run on the same system, this is useful for such systems as
Crays where you can run multiple jobs and still get the same results for each
job as you would from one single job. This greatly increases the CPS (Crypts
per second). The program sets the limit to up to 10 SPLITS, if you wish to run
more than 10, you will have to change the source code to "#define SPLITMAX <#>"
where <#> equals the maximum number of splits you wish it to allow. You will
then have to recompile the program if you change it. To use SPLITCH, you
simply specify the # of splits you wish to split your crack into (set by SETCH)
after the program name. If you wish to split it into, say 7 jobs, you would
type up "splitch 7". Everything afterwards is automatically done by SPLITCH.
What it does is it counts the cracks in your scan combo/range and then splits
it up and runs the crackerhack jobs for you with "nohup ch &", if you do not
wish to use that format, you will have you go into the source code once again
and change "#define BEFORECH" and "#define AFTERCH". This program is indeed
useful and serves its purpose, but an even MUCH more powerful program is needed
for another purposes, and that program is NETCH.
Using NETCH (Split Crackerhack and NETWORK the multiple jobs):
This program does as stated in SPLITCH, except the splitted jobs will NOT
be run on the machine you are currently running it on, but instead the splitted
jobs will be run on any machine(s) you specify (that you have access to of
course). You will need to compile a list of systems you are on (that you have
RSH access to) in a file named ".ch-n", which is the Crackerhack network
information file. The format for this file is thoroughly explained in the
CH2-NET file.
If your system does not support the "rsh" command, you will have to check to
see which command it uses instead, it might be "rshl" or something similar, if
it is different than "rsh" you can specify the command when you run NETCH. For
example if it uses rshl, you will need to run netch like this: "netch rshl".
When this program is run, it will first access the ".ch-n" file and collect the
information within. If there are any errors in the format, it will display the
error and abort. If it is fine it will then access the ".ch-d" data file (set
with SETCH) and split your crack according to the specified networks in ".ch-n"
and attempt to access each system and run the splits. If there are any errors
with accessing the system, it will let you know then attempt to access the next
system - it will not abort. It is a good idea to first run a test net-crack to
make sure all systems are working correctly before running your real crack, be
sure if you run a test net-crack to go and kill the cracks on each system
before you run the actual crack. If you don't, it will surely slow down the
CPS time you get on your actual crack. Of course, there is an alternative, and
that is to run a very short NETCH splitted crack to not only test to make sure
your network is working correctly, but it will also allow it to be finished
very quickly so you don't have to go to each system and abort them before
running your actual net-crack.
In the program, the maximum networks allowed are 100... This can be changed
by editing the line "#define SPLITMAX <#>" where <#> is of course, as explained
above in SPLITCH, the maximum number of splits allowed. In this case it is the
maximum number of network systems/splits allowed. Each split will go to one
machine on the network that you specify in the ".ch-n" file. All networked
cracks will be run with "nohup" and "&" as explained in the SPLITCH section,
however if you want to change them in netch, you'll have to edit the netch.sh
file. The netch.sh file is used only by netch when networking your crack.
This program is a powerful utility if used correctly, so use it correctly!
Files used/created:
Note that all the files start with a ".", which means they will be hidden
to a normal user on a standard unix system. Use the "-a" flag when using
"ls" to display them.
[FILE]: (Created_by) (Used_by) Description of file.
------: ------------ --------- --------------------
.ch-d : (SETCH ) (all ) Crackerhack Crack data file.
.ch-l : (CH ) (user ) Crackerhack Log file.
.ch-n : (user ) (NETCH ) Crackerhack Network information file.
.ch-p : (user ) (SETCH ) Alternate Passwd file, "etc/passwd" format.
.ch-t : (SETCH ) (SETCH ) Temporary file when choosing target in SETCH.
Suggestions:
Some people immediately attempt to crack a password with full or very long
range/combinations which is crazy under most conditions, but there are some
conditions under which it can actually be done though, only under those
conditions should it even be attempted. Such large cracks are usually not even
necessary. But maybe, for some reason, you want a VERY LONG increment scan.
No computer is fast enough to complete it in a reasonable amount of time,
however, there is an alternative. If you are able to access a network of
machines, you can divide the specified large crack on several machines. NETCH
does this for you automatically, and with NETCH and a large number of systems,
a very large crack CAN be done. Of course, you have to have access to those
systems if you want to use them. As stated before, this is usually not
necessary, so let this be your last choice.
One of the first things you will want to do is find out the requirements for
changing a password on the system where the target derived from. An example,
if password changing on that system requires it being at least 6 digits long
with alpha and numeric characters, you might want to start cracking with the
following scan first: Combo #3, Range From "000000" To "zzzzzz". Of course you
can scan everything below 6 digits if you wish. Just experiment, you will get
the hang of it if you havn't already.
Make sure you enter in all information correctly when setting up your crack
with SETCH! A strong suggestion is that you read over the above documentation
if you havn't already. Alot is explained in each section that could have been
explained in this section instead but I felt it would be better to give the
needed information/explination that pertained to that particular section.
Speeds:
From all of the tests other people and myself have done, Crackerhack 2 is
THE absolute fastest password cracker (Encryptions Per Second) out there. When
used with the same encryption techniques as the other cracker in question, most
usually it is UFC. It can get as much as (maybe more than) 10 times faster
than other password crackers on a UNICOS Cray system! (Using SPLITCH on a Cray
will accomplish this. If your user has priority access you can get extreme
ammounts of crypts per second without using SPLITCH). On every system it has
been tested on and every cracker it has been compared to, it comes out as the
fastest cracker in CPS. Of course, if you do not beleive this, you can test it
and compare it for yourself.
I was going to include a couple of charts in these documentations, however I
was not able to obtain a sizeable ammount of information for the charts by the
time of the release. If I write a future version of Crackerhack, I will
include the charts in that version.
Known Problems:
After completing this version I found a couple of minor problems:
When compiling Crackerhack on systems such as SysV, it may not compile
correctly and get errors. This same problem might occur on some HP systems as
well. Crackerhack should compile and run correctly under most other systems.
Crackerhack might not compile under DOS, this depends on how you compile it
and with what compiler. Very little tests have been done with this, because
CH2 was meant to be used on much faster systems. However if you wish to
pursuit compiling Crackerhack2 on a PC, use a compiler that can compile
programs in the UNIX C format (such as gcc).
If there is a Crackerhack Version 3, these problems will be fixed along with
any other problems that arise in Crackerhack Version 2.
Credits:
Thats it! I had no credits for Crackerhack Version 1 because I did all the
testing myself before releasing it to selected people to have tested. When I
gave it out to be tested, I was notified of certain problems on different
systems so I could correct them for the public release of Crackerhack (CH2).
So i'd like to thank those people who helped me get this programs compatibility
to where it is now and/or just using it alot and giving me feedback on it.
Those people are: Nat X, Sarlo, Lazar, Infomaster, Lithium Bandit, and Krynn.
I would also like to acknowledge Infomaster who not only suggested the idea of
NETCH, but was extremely helpful with testing it! These people were alot of
help and are recognized for it, thanks.
Also advanced thanks to Informix who is going to be helping me distribute
CH2 when it is released.
Thats it!:
Docs are finished. I hope everyone that uses this realizes it's potential,
fully understands how it operates, and puts it to good use. I didn't spend all
this time programming it for it just to be "collected". If you happen to find
any bugs, compiling problems, or if you have any comments, complaints,
suggestions, questions, or if you just want to annoy me or just need someone
to talk to, then you can leave me mail at the following internet mail address
and I will try to help you as much as I can.
No Means No
nmn@mindvox.phantom.com
Reference in New Issue View Git Blame Copy Permalink