it was last modified on Fri Feb 14 15:50:48 1997
FTP Directory: ftp://ftp.cert.org/pub/tools/crack/
Parent Directory
README . . . . . . . . . . . . . [Feb 14 20:50] 31k
crack5.0.tar.gz. . . . . . . . . [Feb 14 20:44] 2896k
README file from ftp://ftp.cert.org/pub/tools/crack/
----------------------------------------------------------------------------
Crack Version v5.0 User Manual
Alec Muffett (alecm@crypto.dircon.co.uk)
The above address is correct as of December 1996 - if you are reading this
text significantly after that date, double-check the address before sending
e-mail.
Discussion of issues relating to running this version of Crack should be
directed to the newsgroup "comp.security.unix" - mention "Crack5" in the
subject line.
----------------------------------------------------------------------------
If you are unfamiliar with the concept, Crack is a password guessing program
that is designed to quickly locate insecurities in Unix (or other) password
files by scanning the contents of a password file, looking for users who
have misguidedly chosen a weak login password. See the appendix from the
previous version for more details.
----------------------------------------------------------------------------
* Complete restructuring - uses less memory
* Ships with Eric Young's "libdes" as standard
* API for ease of integration with arbitrary crypt() functions
* API for ease of integration with arbitrary passwd file format
* Considerably better gecos-field checking
* More powerful rule sets
* Ability to read dictionaries generated by external commands
* Better recovery mechanisms for jobs interrupted by crashes
* Easier to control (eg: to put to sleep during working hours)
* Bundled with Crack6 (minimalist password cracker)
* Bundled with Crack7 (brute force password cracker)
* Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix
----------------------------------------------------------------------------
* Unix-like operating system.
* C Compiler.
* Moderate amount of disk space.
* Lots of CPU time.
* PERMISSION FROM YOUR SYSADMIN.
* Root-privileges, quite possibly.
* "gzip" is extremely desirable.
* "perl", if networking/multiprocessing.
----------------------------------------------------------------------------
* Unpack the Crack distribution.
* Edit the "Crack" script, configuring the values of CRACK_PATH, C5FLAGS,
CC, CFLAGS and LIBS to suit your operating system
* Does your system use the traditional crypt() function to encipher its
passwords?
If not, then you should skip down a few sections to read "Formats and
other Password Systems"; this could be the case if you are using
NetBSD, FreeBSD, some versions of Digital Unix, Ultrix and OSF, etc.
All users should read this section, however it is most pertinent to
FreeBSD/NetBSD and OSF users, now.
* If you your system does use the traditional crypt() algorithm, change
directory into "src/libdes" and set about configuring the "libdes" code
so that it compiles on your system when you simply type "make".
Libdes is not part of Crack - it is a fast and elegant implementation
of DES which includes a very fast version of the traditional crypt()
algorithm.
Libdes is owned and maintained by Eric Young (of SSLeay fame) and I am
grateful for his permission to include a copy of it with the Crack
distribution, though I believe it has since been superseded by his
SSLeay package, for which support will be provided in a future revision
of Crack.
Crack users should spend some time trying to optimise "libdes" for
speed; read the "INSTALL" file, and work out the best flags for your
compiler to build "libdes".
Caveats:
o The first thing you'll have to do is edit the libdes Makefiles in
order that they are using the correct C compiler and flags; for
instance this may or may not be "gcc".
o Users on 64-bit machines such as the DEC Alpha, may wish to make
use of the "DES_LONG" feature as documented in the "VERSION" file.
o FreeBSD and other strictly POSIX systems may need "-DTERMIOS"
instead of "-DTERMIO" in "src/libdes/Makefile"; it is not critical
functionality, but "libdes" will not compile cleanly without it.
o People using a recent revision of "gcc" (2.7.0 or above) generally
get the best results by specifying:
CFLAGS=-O4 -fomit-frame-pointer -funroll-loops
...in the "Makefile" or "Makefile.uni" (for GNU "make") as
appropriate.
* Change back to the "Crack" directory and do:
* Crack -makeonly
...which, if all is well, should build the binaries and store them in
the "run/bin" directory somewhere, after which you can move onto the
next stage.
If you are using Crack in network mode, in a mixed environment, I
strongly recommend your going around and manually building the binaries
on each machine, via "Crack -makeonly", so that there are no surprises
when actually running it, and also giving you the chance to install
different crypt() algorithms, tuned to your machine architecture, if
you are so inclined.
----------------------------------------------------------------------------
The general form to invoke Crack is:
Crack [options] [-fmt format] [file ...]
Once Crack has been configured, you should be able to do:
Crack -makeonly
...and then:
Crack -makedict
Which should create and compress the dictionaries for you; if something goes
wrong during this process, see the troubleshooting notes, below.
At this point, if you are a Crack v4.1 user, take a copy of your Crack v4.1
"F.merged" file and place it in your "run" directory; this will preserve the
information that you have previously gleaned about passwords on your
network. Now, you are ready to try:
Crack [filename]
eg: Crack -nice 10 /etc/passwd
...where "filename" is a file that stores password entries, eg:
"/etc/passwd". If you run a shadowed password system or have NIS/YP, see
below.
----------------------------------------------------------------------------
-debug
lets you see what the Crack script is doing.
-recover
used when restarting an abnormally-terminated run; suppresses rebuild
of the gecos-derived dictionaries.
-fgnd
runs the password cracker in the foreground, with stdin, stdout and
stderr attached to the usual places.
-fmt format
specifies the input file format. See below.
-from N
Starts password cracking from rule number "N"; see below
-keep
Prevents deletion of the temporary file used to store the password
cracker's input.
-mail
E-Mail a warning message to anyone whose password is cracked. See
"scripts/nastygram".
-network
Runs the password cracker in "network" mode. See below.
-nice N
Runs the password cracker at a reduced priority, so that other jobs can
take priority over the CPU.
-makeonly
-makedict
Used for building Crack binaries and dictionaries. See above.
-kill filename
-remote
Internal options used to support networking.
----------------------------------------------------------------------------
Shadow Password Systems, NIS/YP and the like.
If you are running NIS, the simplest way to gather some data for password
cracking is to do:
* ypcat passwd > ypfile
* Crack [options] ypfile
If your system uses "shadow" password files (SV, Solaris2, AIX, some
BSD-en), then your best bet is to merge the information from the main and
shadow password files back into one; two example scripts are provided to do
this:
* shadmrg.aix
* shadmrg.sv
...and it is expected that a user who can read a shadow password file has
enough expertise to modify these examples (if necessary) to suit their local
password system.
----------------------------------------------------------------------------
(FreeBSD, NetBSD, Ultrix, OSF)
Crack v5.0 is a relatively smart program, which is pre-programmed to expect
a variety of crypt() algorithms to be available for cracking in any
particular environment.
Specifically, it supports "libdes" as shipped, Michael Glad's "UFC" in
either of its incarnations (as "ufc" and as GNU's stdlib crypt), and it
supports whatever crypt() algorithm is in your standard C library.
For people who wonder about how Crack picks up which algorithm to use: the
"Makefile" in the "src/util" directory calls the "mkcracker" script, which
then goes hunting for directories:
* $CRACK_HOME/src/libdes == eric young's libdes
* $CRACK_HOME/src/ufc_crypt == ufc from USENET
* $CRACK_HOME/src/crypt == ufc from GNU
...and, lacking any of these, it assumes that it should use the crypt()
function from the standard C library.
The "mkcracker" script then calls "make" in that directory (if one exists)
and if "make" is happy (and exits without errors), "mkcracker" then recurses
a call to a target embedded in src/util/Makefile.
For traditional crypt() users, I ship with "libdes". If this is not what you
need, remove it, and add something else. This needs more testing by me,
don't be shocked if it is fragile. Libdes is usually the fastest.
FreeBSD and NetBSD users: if you're using the new passwd file format but you
are using the traditional crypt() algorithm, after configuring "Crack" and
"libdes", you should be able to get away with doing:
Crack [options] -fmt bsd /etc/master.passwd ...
However, if you're using a MD5-based version of crypt(), you must first do:
mv src/libdes src/libdes,orig
cd src/util
cp elcid.c,bsd elcid.c
...before building the Crack binaries and dictionaries.
For crypt16() sufferers (such as some Ultrix, OSF and Digital Unix machines)
- you should do:
mv src/libdes src/libdes,orig
...and then go pick up a copy of GNU libc-crypt from a GNU ftp site (eg:
prep.ai.mit.edu) - observing all cryptography export and import restrictions
as appropriate - and unpack it in "src" creating a "crypt" subdirectory.
Then you should:
* edit src/util/elcid.c to use crypt16() (change #undef to #define)
* edit same file to set the value of PLAINTEXTSIZE appropriately (16)
* continue to configure and run Crack as normal (I hope).
----------------------------------------------------------------------------
(Novell, Kerberos Tickets, LAN-Manager, VMS)
Crack v5.0 does not (as distributed) support cracking these sorts of
systems, although I am aware that versions of Crack v4.1f were modified to
support one or more of the above.
Crack v5.0 takes a different approach; the word guesser sits between two
software interfaces:
* SPF (aka: spiff) - standard password format
* ELCID - external library crypt interface definition
...and when Crack is invoked, it first translates whatever password file is
presented to it into SPF; this is achieved by a program called "xxx2spf"
(the value of "xxx" is set through the "-fmt" option to Crack, default
"trad").
The SPF input is then filtered to remove data which has been cracked
previously, is sorted, and then passed to the cracker, which starts
generating guesses and tries them through the ELCID interface, which
contains a certain amount of flexibility to support salt collisions (which
are detected by the SPF translator) and parallel or vector computation.
The interfaces are not well documented at the moment, but it should not
prove hard to write "kerb2spf" or "uaf2spf" translators or similar, perhaps
in "Perl", and then wire the appropriate hash algorithm into a ELCID stub by
examining the extant code.
People who seriously intend to try this are welcome to contact the author
for more details.
----------------------------------------------------------------------------
If a Crack session is killed accidentally, it can be restarted with moderate
efficiency by doing:
mv run/Dhostname.N run/tempfilename
Crack -recover -fmt spf run/tempfilename
However if all you wish to do is start cracking passwords from some specific
rule number, or to restart a run whilst skipping over a few rulesets, try:
Crack [-recover] -from N filename ...
...where N is the number of the rule to start working from.
----------------------------------------------------------------------------
If you want to bring down a Crack run cleanly, the correct command is:
scripts/plaster
...and then if you want to clean up, remove scratch files and merge the
feedback prior to starting a new Crack run, do:
make tidy
...or variations thereof, as listed in the "Makefile".
Users who merely want to put Crack to sleep temporarily are encouraged not
to kill the process, but instead examine the "pauser" script, which will
temporarily put Crack to sleep if a file named "GOTO-SLEEP" is created in
the $CRACK_HOME directory.
----------------------------------------------------------------------------
Crack no longer generates human-readable output directly; instead, to see
the results of a Crack run, the user should do:
./Reporter [-quiet] [-html]
...every so often, to see what passwords have been cracked, as well as view
errors that have been detected in the source password files, etc.
Guesses are listed chronologically, so users who wish to see incremental
changes in the output as Crack continues to run over a course of days or
weeks, are encouraged to wrap invocations of "Reporter" in a script with
"diff".
The "-quiet" option suppresses the reporting of errors in the password file
(corrupt entries, etc), whilst "-html" produces output in a fairly basic
HTML-readable format.
----------------------------------------------------------------------------
Crack rules are numbered 1 to N (where N is large) on the basis of the
mangling rule and which dictionary it applies to. Users can view a list of
numbered rules (suitable for use with Crack's "-from" option) by doing:
run/bin/ARCHITECTURE/kickdict -list
----------------------------------------------------------------------------
Configuring for out-of-hours running.
Users are encouraged to examine/tweak the contents of "scripts/pauser",
which can be modified to put Crack to sleep at arbitrary times of day or
upon arbitrary conditions, like the number of users on a machine.
----------------------------------------------------------------------------
I am still not convinced of the wisdom of mailing the fact that a user has a
weak password to the user herself; after all, if it's a moribund account,
this will achieve nothing, and the security hole will remain. I much prefer
locking such accounts in the first place.
Not to mention what happens if your mail logs are world-readable, allowing
your users to work out who got sent an e-mail by the password cracker, and
when...
However, as some people still desire the functionality, Crack supports a
"-mail" option which will invoke the "nastygram" script when a user's
password is broken; the user's name will be supplied as argument to the
script.
For those cracking passwords in a large, multi-network environment, with
password files from several hosts, I include two extra SPF converters,
"tradmail2spf" and "bsdmail2spf".
Choose whichever script is appropriate for your crypt algorithm, and store
your passwd files in a directory:
pw/hostname1 pw/hostname2 ...
Then, by invoking Crack as (for example):
Crack -mail -fmt tradmail pw/*
...users listed in the file "pw/hostname1" will have mails sent to
"username@hostname1"; users in "pw/hostname2" will be sent mail at
"username@hostname2", and so forth.
----------------------------------------------------------------------------
Apart from the contents of the "Crack" script itself, there are a number of
auxiliary configuration files in Crack which the user should be aware of:
* conf/dictgrps.conf
Crack 5.0 supports the notion of dictionary groups - collations of
words taken from a selection of raw text dictionaries (with words
given, one per line) permitting the user to group her dictionaries into
"most-likely", "less-likely" and "least-likely" to generate a
successful password guess.
Dictionary groups are named ("tagged") and specified by entries in the
"dictgrps.conf" file; as distributed, the groups are tagged by numbers
1 thru 3, and this file contains filename wildcards which specify the
raw dictionaries used to create each group.
For instance:
1:/usr/dict/*words* dict/1/*
...specifies that dictionary group "1" is to be composed from all the
words held in filenames matching the pattern /usr/dict/*words*, as well
as the contents of the "dict/1" subdirectory of $CRACK_HOME.
Note that there need be no actual relationship between the specific
dictionary tag ("1") and the names of the files that comprise it
("dict/1/*").
* conf/dictrun.conf
This file contains a set of controls for the password cracker's
dictionary generation algorithm.
When "Crack" starts up, in addition to creating the dictionary groups
cited in "dictgrps.conf", two other dictionary groups are created:
"gecos" and "gcperm".
The "gecos" group contains only words directly derived from the
information held in the password ("SPF") file; the "gcperm" group holds
words which are mechanically created by permuting and combining parts
of words held in the password file (eg: "Alec Muffett" becomes
"AMuffett", "AlecM", etc).
When the cracker is running, it reads the "dictrun.conf" file and works
its way through a set of commands which specify how to generate
guesses; entries in the configuration file look like one of:
dictionary-tag:rule-filename
dictionary-tag:| command-line
:| command-line
In the first two examples, the cracker will read the tagged dictionary
group and from it will create a stream of guesses, either by taking
successive mangling rules from "rule-filename" and applying them to the
cited dictionary group, or by piping the dictionary group through a
Unix command given in "command-line".
In the third example, the cracker will read a list of guesses directly
from the output generated by "command-line", until the input source is
exhausted. See the "dictrun.conf" file for examples.
The rule-filenames cited above are the names of files which contain
"mangling" rules. These rules are macro commands, one per line, which
specify patterns and actions that are applied to words from a
dictionary in order to generate a series of guesses.
For instance, onesuch rule:
/ese3u
...will select words which contain the letter "e", replace it with the
digit "3", and force the rest of the word to uppercase. For more
detailed explanation and samples, see the files in the "conf"
directory, and the section on rule syntax, below.
* conf/globrule.conf
This file contains just two mangling rules; this first is applied to
all words as they are read into the dictionary generating program, and
the second applied to all words as they are about to leave the
dictionary program to be sorted and then used as guesses.
This permits users to hard-code restrictions on the minimum and maximum
length of guesses that Crack should generate, as well as any other
arbitrary restrictions that should be desired.
The default rule merely truncates guesses at the maximum useful size,
to prevent the cracker from doing un-necessary work attempting to uses
different words for guesses that are, from the computer's point of
view, identical.
* conf/network.conf
This is the file used to configure Crack for network running; this file
contains lines, each of which has several fields:
host:relpow:nfsbool:rshuser:crackdir
Where:
o host
This is the name of the host to which Crack should "rsh", in order
to despatch a job. There can be several instances of the same
hostname in the file, if desired, in order to dispatch more than
one job to a given host (if it has more than one CPU, for
instance).
o relpow
This is a fairly arbitrary measure of the host's power, so that
Crack can divide the workload of cracking evenly according to
ability.
The traditional value for this field is the number of
crypts/second that the host's CPU can achieve (see the test suite
bundled with libdes), or some guesstimate of relative power based
on your slowest machine being "1", with a fudge-factor thrown in
for machines that can only do cracking out-of-hours.
o nfsbool (default: "y")
This should be a string, "y" or "n", specifying whether the remote
host shares the "Crack" filestore with the master server from
which "Crack -network" is being run.
o rshuser (optional)
This specifies the username to invoke for the "rsh" command when
connecting to the host, if it is different from the user who is
running "Crack".
o crackdir (required)
This specifies the path to the directory in which the "Crack"
script resides, on the remote host.
Once this file has been correctly configured, the user should be able
to invoke "Crack -network", as below.
* conf/rules.
These are the files containing mangle rules, one per line, as are
utilised in the "dictrun.conf" file, above; comments should be on a
line of their own and begin with a "#" character, and trailing
whitespace is ignored.
* scripts/nastygram
* scripts/pauser
There are the two scripts which will probably be most tweaked by the
user; "nastygram" is a script which dispatches notification of
passwords being cracked to the user concerned (see elsewhere in this
text for details) and will require configuration of the "mail" command
to be used, and of the message text.
"Pauser" is a script that the password cracker will execute
sporadically (at most once per minute) which can be written so as not
to exit if certain conditions exist in the operating system, eg: that
it is being executed in working hours, or that there are too many users
on the machine, or whatever.
The "cracker" will be suspended until the "pauser" script exits, and
therefore this permits the user a great deal of control over how/when
"Crack" operates.
----------------------------------------------------------------------------
* The "sort" command barfs from lack of space
Crack can make quite heavy demands on space in "/tmp" when sorting
password data or dictionaries, which can (on occasion) lead to overfull
/tmp partitions, with all the pain which that usually causes.
To obviate this problem, crack always invokes "sort" using the
"crack-sort" wrapper, held in the "scripts" directory; this permits the
user to tweak options on the "sort" command to make it use a different,
larger area of spool space, by editing the script.
* HP/UX and networking (rsh, rcp)
Some operating systems (notably HP/UX) do (or did) rename the standard
Berkeley "rsh" executable to "remsh". If you suffer thusly, you can
supply the name of your local "rsh" command as a variable in the
"Crack" script, so that Crack can dispatch networked jobs when running
in "-network" mode.
* Mail command in "nastygram"
Users who intend to use the "-mail" option for "Crack" are reminded
that they should take time to configure the "nastygram" script held in
the "scripts" directory for their site, especially the body of the
message that is sent, as well as the "mail" command (sometimes "Mail"
or "mailx") that is used to dispatch the message.
* smartcat: /usr/dict/*words*: No such file or directory
This message will appear on some systems (notably FreeBSD) which do not
have a "words" file, or similarly-named dictionaries, held in
"/usr/dict".
In the specific instance of FreeBSD I believe that the files are held
in /usr/share/dict or similar. Edit the "conf/dictgrps.conf" file to
remedy this.
----------------------------------------------------------------------------
Since early versions of Crack, it has been possible to distribute the load
of password cracking around hosts on a network (or among several processors
on a single machine) in a manner proportional to the power of the machines
at your disposal.
In Crack 5.0, this functionality requires the existence of a "perl" binary
on your master machine, but apart from that little has changed in essence;
the user should:
1. edit "conf/network.conf" (see above)
2. run: Crack -network [other flags] filename ...
...whereupon the input will be divided into parts and distributed to the
machines via "rsh", and the crackers will be invoked.
If the machines are not connected via NFS (or other shared filestore) there
will be a certain loss of flexibility in gathering report output, but it is
still possible to do effective cracking in such a setup, so long as the
flags are set in the "network.conf" file to copy the gecos-derived
dictionaries to the remote host before starting the cracker; there will
merely be a little more manual work required.
----------------------------------------------------------------------------
* noop: [space] or : (colon)
The presence of a colon or space in a rule affects nothing in the
output from the rule; they are permitted for reasons of clarity.
* restart: *
The 'restart' command - an asterisk - resets the buffer to an initial
starting state; this is not actually very useful for Crack, but may be
used in other applications
* prepend: ^X
The prepend rule affixes the character X to the beginning of the word
in the buffer.
* append: $X
The append rule affixes the character X to the end of the word in the
buffer.
* dfirst: [
Deletes the first character from the word in the buffer.
* dlast: ]
Deletes the last character from the word in the buffer.
* reverse: r
Takes the word in the buffer and turns it back to front.
* duplicate: d
Takes the word in the buffer and appends a copy of itself.
* reflect: f
Takes the word in the buffer and appends a reversed copy of itself.
* uppercase: u
Takes the word in the buffer and forces any letters to uppercase.
* lowercase: l
Takes the word in the buffer and forces any letters to lowercase.
* capitalise: c
Takes the word in the buffer, capitalises the first character and
forces any other letters to lowercase.
* ncapital: C
Takes the word in the buffer, lowercases the first character and forces
any other letters to uppercase.
* pluralise: p
Takes the word in the buffer and pluralises it according to English
dictionary rules.
* togcase: t
Swaps upper for lower-case in the word, and vice versa.
* lt: N
Rejects the word unless it is greater-than N characters long (see
Numbering, below).
* match: /X or /?C
Rejects the word unless it contains character X, or a character which
is a member of class C.
* not: !X or !?C
Rejects the word if it contains character X, or a character which is a
member of class C.
* mfirst: (X or (?C
Rejects the word unless the first character is X, or is a member of
class C.
* mlast: )X or )?C
Rejects the word unless the last character is X, or is a member of
class C.
* equals: =NX or =N?C
Rejects the word unless character number N (see Numbering, below) is X,
or is a member of class C.
* atleast: %NX or %X?C
Rejects the word unless it contains at least N instances of character
X, or of members of class C.
* substitute: sXY or s?CY
Replaces all instances of X, or of members of class C, with character
Y.
* extract: xNM
Extracts the substring of length M (see Numbering, below), starting
from position N, from the word, and discards the rest.
* overstrike: oNX
Overwrites the character at position N with X; no bounds checking is
done other than to ensure you won't stomp on a NUL terminator, so
judicious use of > and < is advised.
* insert: iNX
Inserts character X at position N, shuffling all other letters
rightwards.
* purge: @X or @?C
Remove all instances of X (or characters of class C) from the word.
* snip: 'N
Truncate word at length N.
Character Classes
These are shorthands for convenient batches of characters, which might be
used in rules above.
* vowels: ?v
* consonants: ?c
* whitespace: ?w
* punctuation: ?p
* symbols: ?s
* lowercase: ?l
* uppercase: ?u
* digits: ?d
* alphabetics: ?a
* alphanumerics: ?x
Numbering
In all circumstances where a numeric argument to a rule can be applied,
numbers 0..36 can be specified by using the characters "0" thru "9" and "A"
thru "Z".
Users may also specify lengths relative to the maximum plaintext password
length as specified by their ELCID library; in this case, where "x" is the
maximum plaintext length, the length x is represented by an asterisk "*",
the length (x - 1) by a hyphen "-", and (x - 1) by a plus, "+".
All characters in a word are numbered starting from zero, so to overstrike
the first character of a word with X, you would use:
o0X
...as a rule.
----------------------------------------------------------------------------
See doc/faq.txt, doc/appendix,v4.1.txt, and doc/fips181.txt.
----------------------------------------------------------------------------
See doc/threading.txt and doc/usenet-article.txt.
----------------------------------------------------------------------------
See doc/gui.txt.
----------------------------------------------------------------------------
Reformat your hard-drive and install Linux, then try again. CAUTION: this
process may lose data.
----------------------------------------------------------------------------
I have no idea, though I suspect there must be some password paradigm in use
under NT to make it worthwhile; if you have enough unixy stuff on your NT
machine, you might be able to hack something up, else look into installing
Perl for NT and use Crack6.
----------------------------------------------------------------------------
FTP Directory: ftp://ftp.cert.org/pub/tools/crack/
Parent Directory
README . . . . . . . . . . . . . [Feb 14 20:50] 31k
crack5.0.tar.gz. . . . . . . . . [Feb 14 20:44] 2896k
README file from ftp://ftp.cert.org/pub/tools/crack/
----------------------------------------------------------------------------
Crack Version v5.0 User Manual
Alec Muffett (alecm@crypto.dircon.co.uk)
The above address is correct as of December 1996 - if you are reading this
text significantly after that date, double-check the address before sending
e-mail.
Discussion of issues relating to running this version of Crack should be
directed to the newsgroup "comp.security.unix" - mention "Crack5" in the
subject line.
----------------------------------------------------------------------------
If you are unfamiliar with the concept, Crack is a password guessing program
that is designed to quickly locate insecurities in Unix (or other) password
files by scanning the contents of a password file, looking for users who
have misguidedly chosen a weak login password. See the appendix from the
previous version for more details.
----------------------------------------------------------------------------
* Complete restructuring - uses less memory
* Ships with Eric Young's "libdes" as standard
* API for ease of integration with arbitrary crypt() functions
* API for ease of integration with arbitrary passwd file format
* Considerably better gecos-field checking
* More powerful rule sets
* Ability to read dictionaries generated by external commands
* Better recovery mechanisms for jobs interrupted by crashes
* Easier to control (eg: to put to sleep during working hours)
* Bundled with Crack6 (minimalist password cracker)
* Bundled with Crack7 (brute force password cracker)
* Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix
----------------------------------------------------------------------------
* Unix-like operating system.
* C Compiler.
* Moderate amount of disk space.
* Lots of CPU time.
* PERMISSION FROM YOUR SYSADMIN.
* Root-privileges, quite possibly.
* "gzip" is extremely desirable.
* "perl", if networking/multiprocessing.
----------------------------------------------------------------------------
* Unpack the Crack distribution.
* Edit the "Crack" script, configuring the values of CRACK_PATH, C5FLAGS,
CC, CFLAGS and LIBS to suit your operating system
* Does your system use the traditional crypt() function to encipher its
passwords?
If not, then you should skip down a few sections to read "Formats and
other Password Systems"; this could be the case if you are using
NetBSD, FreeBSD, some versions of Digital Unix, Ultrix and OSF, etc.
All users should read this section, however it is most pertinent to
FreeBSD/NetBSD and OSF users, now.
* If you your system does use the traditional crypt() algorithm, change
directory into "src/libdes" and set about configuring the "libdes" code
so that it compiles on your system when you simply type "make".
Libdes is not part of Crack - it is a fast and elegant implementation
of DES which includes a very fast version of the traditional crypt()
algorithm.
Libdes is owned and maintained by Eric Young (of SSLeay fame) and I am
grateful for his permission to include a copy of it with the Crack
distribution, though I believe it has since been superseded by his
SSLeay package, for which support will be provided in a future revision
of Crack.
Crack users should spend some time trying to optimise "libdes" for
speed; read the "INSTALL" file, and work out the best flags for your
compiler to build "libdes".
Caveats:
o The first thing you'll have to do is edit the libdes Makefiles in
order that they are using the correct C compiler and flags; for
instance this may or may not be "gcc".
o Users on 64-bit machines such as the DEC Alpha, may wish to make
use of the "DES_LONG" feature as documented in the "VERSION" file.
o FreeBSD and other strictly POSIX systems may need "-DTERMIOS"
instead of "-DTERMIO" in "src/libdes/Makefile"; it is not critical
functionality, but "libdes" will not compile cleanly without it.
o People using a recent revision of "gcc" (2.7.0 or above) generally
get the best results by specifying:
CFLAGS=-O4 -fomit-frame-pointer -funroll-loops
...in the "Makefile" or "Makefile.uni" (for GNU "make") as
appropriate.
* Change back to the "Crack" directory and do:
* Crack -makeonly
...which, if all is well, should build the binaries and store them in
the "run/bin" directory somewhere, after which you can move onto the
next stage.
If you are using Crack in network mode, in a mixed environment, I
strongly recommend your going around and manually building the binaries
on each machine, via "Crack -makeonly", so that there are no surprises
when actually running it, and also giving you the chance to install
different crypt() algorithms, tuned to your machine architecture, if
you are so inclined.
----------------------------------------------------------------------------
The general form to invoke Crack is:
Crack [options] [-fmt format] [file ...]
Once Crack has been configured, you should be able to do:
Crack -makeonly
...and then:
Crack -makedict
Which should create and compress the dictionaries for you; if something goes
wrong during this process, see the troubleshooting notes, below.
At this point, if you are a Crack v4.1 user, take a copy of your Crack v4.1
"F.merged" file and place it in your "run" directory; this will preserve the
information that you have previously gleaned about passwords on your
network. Now, you are ready to try:
Crack [filename]
eg: Crack -nice 10 /etc/passwd
...where "filename" is a file that stores password entries, eg:
"/etc/passwd". If you run a shadowed password system or have NIS/YP, see
below.
----------------------------------------------------------------------------
-debug
lets you see what the Crack script is doing.
-recover
used when restarting an abnormally-terminated run; suppresses rebuild
of the gecos-derived dictionaries.
-fgnd
runs the password cracker in the foreground, with stdin, stdout and
stderr attached to the usual places.
-fmt format
specifies the input file format. See below.
-from N
Starts password cracking from rule number "N"; see below
-keep
Prevents deletion of the temporary file used to store the password
cracker's input.
E-Mail a warning message to anyone whose password is cracked. See
"scripts/nastygram".
-network
Runs the password cracker in "network" mode. See below.
-nice N
Runs the password cracker at a reduced priority, so that other jobs can
take priority over the CPU.
-makeonly
-makedict
Used for building Crack binaries and dictionaries. See above.
-kill filename
-remote
Internal options used to support networking.
----------------------------------------------------------------------------
Shadow Password Systems, NIS/YP and the like.
If you are running NIS, the simplest way to gather some data for password
cracking is to do:
* ypcat passwd > ypfile
* Crack [options] ypfile
If your system uses "shadow" password files (SV, Solaris2, AIX, some
BSD-en), then your best bet is to merge the information from the main and
shadow password files back into one; two example scripts are provided to do
this:
* shadmrg.aix
* shadmrg.sv
...and it is expected that a user who can read a shadow password file has
enough expertise to modify these examples (if necessary) to suit their local
password system.
----------------------------------------------------------------------------
(FreeBSD, NetBSD, Ultrix, OSF)
Crack v5.0 is a relatively smart program, which is pre-programmed to expect
a variety of crypt() algorithms to be available for cracking in any
particular environment.
Specifically, it supports "libdes" as shipped, Michael Glad's "UFC" in
either of its incarnations (as "ufc" and as GNU's stdlib crypt), and it
supports whatever crypt() algorithm is in your standard C library.
For people who wonder about how Crack picks up which algorithm to use: the
"Makefile" in the "src/util" directory calls the "mkcracker" script, which
then goes hunting for directories:
* $CRACK_HOME/src/libdes == eric young's libdes
* $CRACK_HOME/src/ufc_crypt == ufc from USENET
* $CRACK_HOME/src/crypt == ufc from GNU
...and, lacking any of these, it assumes that it should use the crypt()
function from the standard C library.
The "mkcracker" script then calls "make" in that directory (if one exists)
and if "make" is happy (and exits without errors), "mkcracker" then recurses
a call to a target embedded in src/util/Makefile.
For traditional crypt() users, I ship with "libdes". If this is not what you
need, remove it, and add something else. This needs more testing by me,
don't be shocked if it is fragile. Libdes is usually the fastest.
FreeBSD and NetBSD users: if you're using the new passwd file format but you
are using the traditional crypt() algorithm, after configuring "Crack" and
"libdes", you should be able to get away with doing:
Crack [options] -fmt bsd /etc/master.passwd ...
However, if you're using a MD5-based version of crypt(), you must first do:
mv src/libdes src/libdes,orig
cd src/util
cp elcid.c,bsd elcid.c
...before building the Crack binaries and dictionaries.
For crypt16() sufferers (such as some Ultrix, OSF and Digital Unix machines)
- you should do:
mv src/libdes src/libdes,orig
...and then go pick up a copy of GNU libc-crypt from a GNU ftp site (eg:
prep.ai.mit.edu) - observing all cryptography export and import restrictions
as appropriate - and unpack it in "src" creating a "crypt" subdirectory.
Then you should:
* edit src/util/elcid.c to use crypt16() (change #undef to #define)
* edit same file to set the value of PLAINTEXTSIZE appropriately (16)
* continue to configure and run Crack as normal (I hope).
----------------------------------------------------------------------------
(Novell, Kerberos Tickets, LAN-Manager, VMS)
Crack v5.0 does not (as distributed) support cracking these sorts of
systems, although I am aware that versions of Crack v4.1f were modified to
support one or more of the above.
Crack v5.0 takes a different approach; the word guesser sits between two
software interfaces:
* SPF (aka: spiff) - standard password format
* ELCID - external library crypt interface definition
...and when Crack is invoked, it first translates whatever password file is
presented to it into SPF; this is achieved by a program called "xxx2spf"
(the value of "xxx" is set through the "-fmt" option to Crack, default
"trad").
The SPF input is then filtered to remove data which has been cracked
previously, is sorted, and then passed to the cracker, which starts
generating guesses and tries them through the ELCID interface, which
contains a certain amount of flexibility to support salt collisions (which
are detected by the SPF translator) and parallel or vector computation.
The interfaces are not well documented at the moment, but it should not
prove hard to write "kerb2spf" or "uaf2spf" translators or similar, perhaps
in "Perl", and then wire the appropriate hash algorithm into a ELCID stub by
examining the extant code.
People who seriously intend to try this are welcome to contact the author
for more details.
----------------------------------------------------------------------------
If a Crack session is killed accidentally, it can be restarted with moderate
efficiency by doing:
mv run/Dhostname.N run/tempfilename
Crack -recover -fmt spf run/tempfilename
However if all you wish to do is start cracking passwords from some specific
rule number, or to restart a run whilst skipping over a few rulesets, try:
Crack [-recover] -from N filename ...
...where N is the number of the rule to start working from.
----------------------------------------------------------------------------
If you want to bring down a Crack run cleanly, the correct command is:
scripts/plaster
...and then if you want to clean up, remove scratch files and merge the
feedback prior to starting a new Crack run, do:
make tidy
...or variations thereof, as listed in the "Makefile".
Users who merely want to put Crack to sleep temporarily are encouraged not
to kill the process, but instead examine the "pauser" script, which will
temporarily put Crack to sleep if a file named "GOTO-SLEEP" is created in
the $CRACK_HOME directory.
----------------------------------------------------------------------------
Crack no longer generates human-readable output directly; instead, to see
the results of a Crack run, the user should do:
./Reporter [-quiet] [-html]
...every so often, to see what passwords have been cracked, as well as view
errors that have been detected in the source password files, etc.
Guesses are listed chronologically, so users who wish to see incremental
changes in the output as Crack continues to run over a course of days or
weeks, are encouraged to wrap invocations of "Reporter" in a script with
"diff".
The "-quiet" option suppresses the reporting of errors in the password file
(corrupt entries, etc), whilst "-html" produces output in a fairly basic
HTML-readable format.
----------------------------------------------------------------------------
Crack rules are numbered 1 to N (where N is large) on the basis of the
mangling rule and which dictionary it applies to. Users can view a list of
numbered rules (suitable for use with Crack's "-from" option) by doing:
run/bin/ARCHITECTURE/kickdict -list
----------------------------------------------------------------------------
Configuring for out-of-hours running.
Users are encouraged to examine/tweak the contents of "scripts/pauser",
which can be modified to put Crack to sleep at arbitrary times of day or
upon arbitrary conditions, like the number of users on a machine.
----------------------------------------------------------------------------
I am still not convinced of the wisdom of mailing the fact that a user has a
weak password to the user herself; after all, if it's a moribund account,
this will achieve nothing, and the security hole will remain. I much prefer
locking such accounts in the first place.
Not to mention what happens if your mail logs are world-readable, allowing
your users to work out who got sent an e-mail by the password cracker, and
when...
However, as some people still desire the functionality, Crack supports a
"-mail" option which will invoke the "nastygram" script when a user's
password is broken; the user's name will be supplied as argument to the
script.
For those cracking passwords in a large, multi-network environment, with
password files from several hosts, I include two extra SPF converters,
"tradmail2spf" and "bsdmail2spf".
Choose whichever script is appropriate for your crypt algorithm, and store
your passwd files in a directory:
pw/hostname1 pw/hostname2 ...
Then, by invoking Crack as (for example):
Crack -mail -fmt tradmail pw/*
...users listed in the file "pw/hostname1" will have mails sent to
"username@hostname1"; users in "pw/hostname2" will be sent mail at
"username@hostname2", and so forth.
----------------------------------------------------------------------------
Apart from the contents of the "Crack" script itself, there are a number of
auxiliary configuration files in Crack which the user should be aware of:
* conf/dictgrps.conf
Crack 5.0 supports the notion of dictionary groups - collations of
words taken from a selection of raw text dictionaries (with words
given, one per line) permitting the user to group her dictionaries into
"most-likely", "less-likely" and "least-likely" to generate a
successful password guess.
Dictionary groups are named ("tagged") and specified by entries in the
"dictgrps.conf" file; as distributed, the groups are tagged by numbers
1 thru 3, and this file contains filename wildcards which specify the
raw dictionaries used to create each group.
For instance:
1:/usr/dict/*words* dict/1/*
...specifies that dictionary group "1" is to be composed from all the
words held in filenames matching the pattern /usr/dict/*words*, as well
as the contents of the "dict/1" subdirectory of $CRACK_HOME.
Note that there need be no actual relationship between the specific
dictionary tag ("1") and the names of the files that comprise it
("dict/1/*").
* conf/dictrun.conf
This file contains a set of controls for the password cracker's
dictionary generation algorithm.
When "Crack" starts up, in addition to creating the dictionary groups
cited in "dictgrps.conf", two other dictionary groups are created:
"gecos" and "gcperm".
The "gecos" group contains only words directly derived from the
information held in the password ("SPF") file; the "gcperm" group holds
words which are mechanically created by permuting and combining parts
of words held in the password file (eg: "Alec Muffett" becomes
"AMuffett", "AlecM", etc).
When the cracker is running, it reads the "dictrun.conf" file and works
its way through a set of commands which specify how to generate
guesses; entries in the configuration file look like one of:
dictionary-tag:rule-filename
dictionary-tag:| command-line
:| command-line
In the first two examples, the cracker will read the tagged dictionary
group and from it will create a stream of guesses, either by taking
successive mangling rules from "rule-filename" and applying them to the
cited dictionary group, or by piping the dictionary group through a
Unix command given in "command-line".
In the third example, the cracker will read a list of guesses directly
from the output generated by "command-line", until the input source is
exhausted. See the "dictrun.conf" file for examples.
The rule-filenames cited above are the names of files which contain
"mangling" rules. These rules are macro commands, one per line, which
specify patterns and actions that are applied to words from a
dictionary in order to generate a series of guesses.
For instance, onesuch rule:
/ese3u
...will select words which contain the letter "e", replace it with the
digit "3", and force the rest of the word to uppercase. For more
detailed explanation and samples, see the files in the "conf"
directory, and the section on rule syntax, below.
* conf/globrule.conf
This file contains just two mangling rules; this first is applied to
all words as they are read into the dictionary generating program, and
the second applied to all words as they are about to leave the
dictionary program to be sorted and then used as guesses.
This permits users to hard-code restrictions on the minimum and maximum
length of guesses that Crack should generate, as well as any other
arbitrary restrictions that should be desired.
The default rule merely truncates guesses at the maximum useful size,
to prevent the cracker from doing un-necessary work attempting to uses
different words for guesses that are, from the computer's point of
view, identical.
* conf/network.conf
This is the file used to configure Crack for network running; this file
contains lines, each of which has several fields:
host:relpow:nfsbool:rshuser:crackdir
Where:
o host
This is the name of the host to which Crack should "rsh", in order
to despatch a job. There can be several instances of the same
hostname in the file, if desired, in order to dispatch more than
one job to a given host (if it has more than one CPU, for
instance).
o relpow
This is a fairly arbitrary measure of the host's power, so that
Crack can divide the workload of cracking evenly according to
ability.
The traditional value for this field is the number of
crypts/second that the host's CPU can achieve (see the test suite
bundled with libdes), or some guesstimate of relative power based
on your slowest machine being "1", with a fudge-factor thrown in
for machines that can only do cracking out-of-hours.
o nfsbool (default: "y")
This should be a string, "y" or "n", specifying whether the remote
host shares the "Crack" filestore with the master server from
which "Crack -network" is being run.
o rshuser (optional)
This specifies the username to invoke for the "rsh" command when
connecting to the host, if it is different from the user who is
running "Crack".
o crackdir (required)
This specifies the path to the directory in which the "Crack"
script resides, on the remote host.
Once this file has been correctly configured, the user should be able
to invoke "Crack -network", as below.
* conf/rules.
These are the files containing mangle rules, one per line, as are
utilised in the "dictrun.conf" file, above; comments should be on a
line of their own and begin with a "#" character, and trailing
whitespace is ignored.
* scripts/nastygram
* scripts/pauser
There are the two scripts which will probably be most tweaked by the
user; "nastygram" is a script which dispatches notification of
passwords being cracked to the user concerned (see elsewhere in this
text for details) and will require configuration of the "mail" command
to be used, and of the message text.
"Pauser" is a script that the password cracker will execute
sporadically (at most once per minute) which can be written so as not
to exit if certain conditions exist in the operating system, eg: that
it is being executed in working hours, or that there are too many users
on the machine, or whatever.
The "cracker" will be suspended until the "pauser" script exits, and
therefore this permits the user a great deal of control over how/when
"Crack" operates.
----------------------------------------------------------------------------
* The "sort" command barfs from lack of space
Crack can make quite heavy demands on space in "/tmp" when sorting
password data or dictionaries, which can (on occasion) lead to overfull
/tmp partitions, with all the pain which that usually causes.
To obviate this problem, crack always invokes "sort" using the
"crack-sort" wrapper, held in the "scripts" directory; this permits the
user to tweak options on the "sort" command to make it use a different,
larger area of spool space, by editing the script.
* HP/UX and networking (rsh, rcp)
Some operating systems (notably HP/UX) do (or did) rename the standard
Berkeley "rsh" executable to "remsh". If you suffer thusly, you can
supply the name of your local "rsh" command as a variable in the
"Crack" script, so that Crack can dispatch networked jobs when running
in "-network" mode.
* Mail command in "nastygram"
Users who intend to use the "-mail" option for "Crack" are reminded
that they should take time to configure the "nastygram" script held in
the "scripts" directory for their site, especially the body of the
message that is sent, as well as the "mail" command (sometimes "Mail"
or "mailx") that is used to dispatch the message.
* smartcat: /usr/dict/*words*: No such file or directory
This message will appear on some systems (notably FreeBSD) which do not
have a "words" file, or similarly-named dictionaries, held in
"/usr/dict".
In the specific instance of FreeBSD I believe that the files are held
in /usr/share/dict or similar. Edit the "conf/dictgrps.conf" file to
remedy this.
----------------------------------------------------------------------------
Since early versions of Crack, it has been possible to distribute the load
of password cracking around hosts on a network (or among several processors
on a single machine) in a manner proportional to the power of the machines
at your disposal.
In Crack 5.0, this functionality requires the existence of a "perl" binary
on your master machine, but apart from that little has changed in essence;
the user should:
1. edit "conf/network.conf" (see above)
2. run: Crack -network [other flags] filename ...
...whereupon the input will be divided into parts and distributed to the
machines via "rsh", and the crackers will be invoked.
If the machines are not connected via NFS (or other shared filestore) there
will be a certain loss of flexibility in gathering report output, but it is
still possible to do effective cracking in such a setup, so long as the
flags are set in the "network.conf" file to copy the gecos-derived
dictionaries to the remote host before starting the cracker; there will
merely be a little more manual work required.
----------------------------------------------------------------------------
* noop: [space] or : (colon)
The presence of a colon or space in a rule affects nothing in the
output from the rule; they are permitted for reasons of clarity.
* restart: *
The 'restart' command - an asterisk - resets the buffer to an initial
starting state; this is not actually very useful for Crack, but may be
used in other applications
* prepend: ^X
The prepend rule affixes the character X to the beginning of the word
in the buffer.
* append: $X
The append rule affixes the character X to the end of the word in the
buffer.
* dfirst: [
Deletes the first character from the word in the buffer.
* dlast: ]
Deletes the last character from the word in the buffer.
* reverse: r
Takes the word in the buffer and turns it back to front.
* duplicate: d
Takes the word in the buffer and appends a copy of itself.
* reflect: f
Takes the word in the buffer and appends a reversed copy of itself.
* uppercase: u
Takes the word in the buffer and forces any letters to uppercase.
* lowercase: l
Takes the word in the buffer and forces any letters to lowercase.
* capitalise: c
Takes the word in the buffer, capitalises the first character and
forces any other letters to lowercase.
* ncapital: C
Takes the word in the buffer, lowercases the first character and forces
any other letters to uppercase.
* pluralise: p
Takes the word in the buffer and pluralises it according to English
dictionary rules.
* togcase: t
Swaps upper for lower-case in the word, and vice versa.
* lt: N
Rejects the word unless it is greater-than N characters long (see
Numbering, below).
* match: /X or /?C
Rejects the word unless it contains character X, or a character which
is a member of class C.
* not: !X or !?C
Rejects the word if it contains character X, or a character which is a
member of class C.
* mfirst: (X or (?C
Rejects the word unless the first character is X, or is a member of
class C.
* mlast: )X or )?C
Rejects the word unless the last character is X, or is a member of
class C.
* equals: =NX or =N?C
Rejects the word unless character number N (see Numbering, below) is X,
or is a member of class C.
* atleast: %NX or %X?C
Rejects the word unless it contains at least N instances of character
X, or of members of class C.
* substitute: sXY or s?CY
Replaces all instances of X, or of members of class C, with character
Y.
* extract: xNM
Extracts the substring of length M (see Numbering, below), starting
from position N, from the word, and discards the rest.
* overstrike: oNX
Overwrites the character at position N with X; no bounds checking is
done other than to ensure you won't stomp on a NUL terminator, so
judicious use of > and < is advised.
* insert: iNX
Inserts character X at position N, shuffling all other letters
rightwards.
* purge: @X or @?C
Remove all instances of X (or characters of class C) from the word.
* snip: 'N
Truncate word at length N.
Character Classes
These are shorthands for convenient batches of characters, which might be
used in rules above.
* vowels: ?v
* consonants: ?c
* whitespace: ?w
* punctuation: ?p
* symbols: ?s
* lowercase: ?l
* uppercase: ?u
* digits: ?d
* alphabetics: ?a
* alphanumerics: ?x
Numbering
In all circumstances where a numeric argument to a rule can be applied,
numbers 0..36 can be specified by using the characters "0" thru "9" and "A"
thru "Z".
Users may also specify lengths relative to the maximum plaintext password
length as specified by their ELCID library; in this case, where "x" is the
maximum plaintext length, the length x is represented by an asterisk "*",
the length (x - 1) by a hyphen "-", and (x - 1) by a plus, "+".
All characters in a word are numbered starting from zero, so to overstrike
the first character of a word with X, you would use:
o0X
...as a rule.
----------------------------------------------------------------------------
See doc/faq.txt, doc/appendix,v4.1.txt, and doc/fips181.txt.
----------------------------------------------------------------------------
See doc/threading.txt and doc/usenet-article.txt.
----------------------------------------------------------------------------
See doc/gui.txt.
----------------------------------------------------------------------------
Reformat your hard-drive and install Linux, then try again. CAUTION: this
process may lose data.
----------------------------------------------------------------------------
I have no idea, though I suspect there must be some password paradigm in use
under NT to make it worthwhile; if you have enough unixy stuff on your NT
machine, you might be able to hack something up, else look into installing
Perl for NT and use Crack6.
----------------------------------------------------------------------------