129 lines
6.0 KiB
Plaintext
129 lines
6.0 KiB
Plaintext
ÉÍÍÍÍÍÍÍÍÍÍÍÍ»
|
|
º [XiT] v2.0 º (C) Copyright 1993, 1994 XCrypt Productions
|
|
ÈÍÍÍÍÍÍÍÍÍÍÍͼ Written by Roche'Crypt / Feb.94
|
|
|
|
|
|
QUICK START
|
|
ÍÍÍÍÍÍÍÍÍÍÍ
|
|
|
|
Ok, you have your 'passwd' and a dictionary files, right? From the DOS
|
|
prompt, just type:
|
|
|
|
XIT PASSWD MYDICT.TXT
|
|
|
|
No need to say that you are to substitute PASSWD and MYDICT.TXT for
|
|
the appropiate filenames you are going to use.
|
|
|
|
XIT is a batch file that will do the following:
|
|
|
|
- Extract all encrypted passwords from the passwd file, and save them
|
|
on a temporary file.
|
|
- Sort this file (to speed up the cracking process and take advantage
|
|
of different passwords using the same salt).
|
|
- Run the cracker program (XITx.EXE)
|
|
- Create a STATUS and REPORT files, showing results and statistics of
|
|
the session. This information will also be displayed on the screen.
|
|
|
|
|
|
NOTES
|
|
ÍÍÍÍÍ
|
|
* XiT creates some temporary files. While these files are generally small,
|
|
make sure there is enough space in your drive, i.e. don't run XiT on a
|
|
floppy with only a few K free. No need to say that running XiT from a HD
|
|
is highly reccomended. A disk cache will also help to improve speed,
|
|
although there is no big deal of difference if you don't use any.
|
|
XiT will get rid of those files before exiting the program.
|
|
|
|
* To restore a previously aborted session, just write down the last word
|
|
processed in the last session (which is also in the STATUS file) and use
|
|
the option -S when calling XIT.BAT. If, for example, the last word
|
|
processed was 'foobar', you would call XIT like:
|
|
|
|
XIT passwd dictio -Sfoobar
|
|
|
|
This will make XiT to skip all words in the dictionary until it finds
|
|
'foobar', and continue cracking from that point. Note there are NO
|
|
spaces between the -S switch and the word.
|
|
|
|
* XIT2.EXE is for 286 computers, and XIT3.EXE is for 386 or better. By
|
|
default, XIT.BAT calls the 386 version. If you have a 286, edit XIT.BAT
|
|
and change XIT3 to XIT2 in the line 19.
|
|
|
|
|
|
WHAT'S NEW?
|
|
ÍÍÍÍÍÍÍÍÍÍÍ
|
|
- Got rid of all the crappy, useless docs. If you still want them
|
|
(they explain step by step what each module does and how), send
|
|
me mail.
|
|
- Added the SPACEBAR option to display status line.
|
|
- Optimize the code for better speed.
|
|
- Full C source code of the main executable file (XIT*.EXE) released
|
|
|
|
And that's all. If you happen to know how to create a global/static table
|
|
of more than 64k using Borland C 3.1, and know how to contact me, I would
|
|
appreciate you let me know. That's all I need to speed up XiT to incredible
|
|
limits! Hmm... I've gotta get my hands on that GNU compiler.
|
|
|
|
|
|
WHY ANOTHER PASSWORD CRACKER?
|
|
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
|
I wrote this program for just one reason: as a small programming challenge
|
|
and study of the UNIX crypt(3) function. By releasing full source code of
|
|
the main module (xit.exe), I expect that others will learn (some will
|
|
laught), study the code, play with it, critizise, and maybe improve it.
|
|
I'm not really releasing XiT for sysadms to test the security of their
|
|
systems, although they can do so if they want. And I am not releasing my
|
|
work for other people to crack passwords with obscure purposes in mind
|
|
neither. Being an encryption worshipper, I respect both, the rights to
|
|
access free information, and the rights for privacy. However, I know that
|
|
some people will use it to crack password files. This is something that
|
|
can't be avoided (these losers trying to crack some poor user's account
|
|
are truly pathetic, anyway). But since there are similar public domain
|
|
programs out there already doing this (and they have been for years), I
|
|
know I'm not jeopardizing any system or account by releasing XiT.
|
|
|
|
COMPILING THIS
|
|
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
|
Use Compact memory model. Compile and link XIT.C & CRYPT.C, with XIT.C as
|
|
the main module. That's it. I used Borland C/C++ 3.1 to compile it, and
|
|
there should be no problems there. Minor changes might be neccesary for
|
|
other compilers.
|
|
|
|
|
|
DISCLAIMER
|
|
ÍÍÍÍÍÍÍÍÍÍ
|
|
I expect you to use this program wisely, and for honest purposes only. If
|
|
you mess up with other people's accounts and get in trouble, don't blame
|
|
me. You asked for it. Next time be more mature and use your time in more
|
|
productive ways. Fortunately, nowadays more and more sysadms are using
|
|
shadowed passwd files. Leaving the passwd file out there for everyone to
|
|
see is like asking "Crack me, please!" and speaks by itself about the
|
|
sysadms of that particular site.
|
|
|
|
If XiT burns out your computer, erases your hard drive or installs Windows
|
|
in it, again, don't blame me. Anytime you run XiT or any of its modules,
|
|
you assume all the responsibility of whatever might happen. Any results
|
|
from manipulating the code and recompiling it are your absolute
|
|
responsibility as well. All XiT modules, documentation and source code are
|
|
copyright under the US and international laws. You are welcome to modify
|
|
the code, send comments, try to improve it, post public and private notes
|
|
about it (with or without source) and release your own versions (under a
|
|
different name of course) but you MUST CLEARLY include credits where
|
|
applicable in both, the program and the documentation (if you release your
|
|
code, include it there as well), stating that the original code was
|
|
obtained from XiT 2.0 (c) copyright 1993,1994 XCrypt Productions, and
|
|
written by Roche'Crypt. And blah blah blah...
|
|
|
|
|
|
HOW TO CONTACT THE AUTHOR
|
|
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
|
I remain anonymous to the general public because I have decided to do so.
|
|
Period! If you want to send comments, post them in alt.2600, with the word
|
|
XiT in the subject. I read the group on a weekly basis, and even you
|
|
probably won't know who I really am, you migth as well be talking to me
|
|
already. I might as well answer people's questions throught third parties
|
|
using anonymous services and such. If you have something to say about XiT,
|
|
post it in alt.2600 and it will get to me.
|
|
|
|
Roche'Crypt
|