Password Crackers
This chapter examines password crackers. Because these tools are of such
significance in
security, I will cover many different types, including those not expressly
designed to
crack Internet-related passwords.
What Is a Password Cracker?
The term password cracker can be misinterpreted, so I want to define it here. A
password
cracker is any program that can decrypt passwords or otherwise disable password
protection. A password cracker need not decrypt anything. In fact, most of them
don't.
Real encrypted passwords, as you will shortly learn, cannot be
reverse-decrypted.
A more precise way to explain this is as follows: encrypted passwords cannot be
decrypted. Most modern, technical encryption processes are now one-way (that is,
there
is no process to be executed in reverse that will reveal the password in plain
text).
Instead, simulation tools are used, utilizing the same algorithm as the original
password
program. Through a comparative analysis, these tools try to match encrypted
versions of
the password to the original (this is explained a bit later in this chapter).
Many so-called
password crackers are nothing but brute-force engines--programs that try word
after
word, often at high speeds. These rely on the theory that eventually, you will
encounter
the right word or phrase. This theory has been proven to be sound, primarily due
to the
factor of human laziness. Humans simply do not take care to create strong
passwords.
However, this is not always the user's fault:
Users are rarely, if ever, educated as to what are wise choices for passwords.
If a
password is in the dictionary, it is extremely vulnerable to being cracked, and
users
are simply not coached as to "safe" choices for passwords. Of those users who
are
so educated, many think that simply because their password is not in
/usr/dict/words, it is safe from detection. Many users also say that because
they
do not have private files online, they are not concerned with the security of
their
account, little realizing that by providing an entry point to the system they
allow
damage to be wrought on their entire system by a malicious cracker.1
1Daniel V. Klein, A Survey of, and Improvements to, Password Security.
Software Engineering Institute, Carnegie Mellon University, Pennsylvania.
(PostScript creation date reported: February 22, 1991.)
The problem is a persistent one, despite the fact that password security
education
demands minimal resources. It is puzzling how such a critical security issue
(which can
easily be addressed) is often overlooked. The issue goes to the very core of
security:
...exploiting ill-chosen and poorly-protected passwords is one of the most
common
attacks on system security used by crackers. Almost every multi-user system uses
passwords to protect against unauthorized logons, but comparatively few
installations use them properly. The problem is universal in nature, not
system-specific; and the solutions are simple, inexpensive, and applicable to
any
computer, regardless of operating system or hardware. They can be understood by
anyone, and it doesn't take an administrator or a systems programmer to
implement
them.2
2K. Coady. Understanding Password Security For Users on & offline. New
England Telecommuting Newsletter, 1991.
In any event, I want to define even further the range of this chapter. For our
purposes,
people who provide registration passwords or CD keys are not password crackers,
nor are
they particularly relevant here. Individuals who copy common registration
numbers and
provide them over the Internet are pirates. I discuss these individuals (and
yes, I point to
some sites) at the end of this chapter. Nevertheless, these people (and the
files they
distribute, which often contain thousands of registration numbers) do not
qualify as
password crackers.
NOTE: These registration numbers and programs that circumvent password
protection are often called cracks. A Usenet newsgroup has actually been
devoted to providing such passwords and registration numbers. Not
surprisingly, within this newsgroup, many registration numbers are routinely
trafficked, and the software to which they apply is also often posted there.
That newsgroup is appropriately called alt.cracks.
The only exception to this rule is a program designed to subvert early
implementations of
the Microsoft CD key validation scheme (although the author of the source code
did not
intend that the program be used as a piracy tool). Some explanation is in order.
As part of its anti-piracy effort, Microsoft developed a method of consumer
authentication that makes use of the CD key. When installing a Microsoft product
for the
first time, users are confronted by a dialog box that requests the CD key. This
is a
challenge to you; if you have a valid key, the software continues to install and
all is well.
If, however, you provide an invalid key, the installation routine exits on
error, explaining
that the CD key is invalid.
Several individuals examined the key validation scheme and concluded that it was
poorly
designed. One programmer, Donald Moore, determined that through the following
procedure, a fictional key could be tested for authenticity. His formula is
sound and
basically involves these steps:
1. Take all numbers that are trivial and irrelevant to the key and discard them.ò
2. Add the remaining numbers together.
3. Divide the result by 7.
The number that you derive from this process is examined in decimal mode. If the
number
has no fractional part (there are no numeric values to the right of the decimal
point), the
key is valid. If the number contains a fractional part (there are numbers to the
right of the
decimal), the key is invalid. Moore then designed a small program that would
automate
this process.
Cross Reference: Moore's complete explanation and analysis of the CD key
validation routine is located at http://www.apexsc.com/vb/lib/lib3.html.
The programmer also posted source code to the Internet, written in
garden-variety C. I
have compiled this code on several platforms and it works equally well on all.
(The
platforms I have compiled it on include DOS, NT, Linux, and AIX.) The utility is
quite
valuable, I have found, for I often lose my CD keys.
Cross Reference: The source code is located at
http://www.futureone.com/~damaged/PC/Microsoft_CD_Key/mscdsrc.html.
This type of utility, I feel, qualifies in this chapter as a form of password
cracker. I
suspect that some of you will use this utility to subvert the CD key validation.
However, in
order to do so, you must first know a bit of C (and have a compiler available).
My feeling
is, if you have these tools, your level of expertise is high indeed, and you are
probably
beyond stealing software from Microsoft. (I hope.)
NOTE: Microsoft's method of protecting upgrade packages is also easily
bypassed. Upgrades install as long as you have the first disk of a previous
version of the specified software. Therefore, a user who obtains the first disk
of Microsoft Visual Basic Professional 3.0, for example, can install the 4.0
upgrade. For this reason, some pirate groups distribute images of that first
disk, which are then written to floppies. (In rare instances when the exact
image must appear on the floppy, some people use rawrite.exe or dd.exe,
two popular utilities that write an image directly to a floppy. This technique
differs from copying it to a floppy.) In addition, it is curious to note that
certain upgrade versions of VB will successfully install even without the
floppy providing that Microsoft Office has been installed first.
I should make it clear that I do not condone piracy (even though I feel that
many
commercial software products are criminally overpriced). I use Linux and GNU. In
that
respect, I owe much to Linus Torvalds and Richard Stallman. I have no fear of
violating the
law because most of the software I use is free to be redistributed to anyone.
(Also, I have
found Linux to be more stable than many other operating systems that cost
hundreds of
dollars more.)
Linux is an entirely copy-free operating system, and the GNU suite of programs
is under
the general public license. That is, you are free to redistribute these products
to anyone at
any time. Doing so does not violate any agreement with the software authors.
Many of
these utilities are free versions of popular commercial packages, including C
and C++
compilers, Web-development tools, or just about anything you can dream of. These
programs are free to anyone who can download them. They are, quite frankly, a
godsend to
anyone studying development.
In any event, the password crackers I will be examining here are exactly that:
they crack,
destroy, or otherwise subvert passwords. I provide information about
registration cracks
at the end of the chapter. That established, let's move forward.
How Do Password Crackers Work?
To understand how password crackers work, you need only understand how password
generators work. Most password generators use some form of cryptography.
Cryptography is the practice of writing in some form of code.
Cryptography
This definition is wide, and I want to narrow it. The etymological root of the
word
cryptography can help in this regard. Crypto stems from the Greek word kryptos.
Kryptos was used to describe anything that was hidden, obscured, veiled, secret,
or
mysterious. Graph is derived from graphia, which means writing. Thus,
cryptography is
the art of secret writing. An excellent and concise description of cryptography
is given by
Yaman Akdeniz in his paper Cryptography & Encryption:
Cryptography defined as "the science and study of secret writing," concerns the
ways in which communications and data can be encoded to prevent disclosure of
their contents through eavesdropping or message interception, using codes,
ciphers,
and other methods, so that only certain people can see the real message.3
3Yaman Akdeniz, Cryptography & Encryption August 1996, Cyber-Rights &
Cyber-Liberties (UK) at
http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm. (Criminal Justice
Studies of the Law Faculty of University of Leeds, Leeds LS2 9JT.)
Most passwords are subjected to some form of cryptography. That is, passwords
are
encrypted. To illustrate this process, let me reduce it to its most fundamental.
Imagine
that you created your own code, where each letter of the alphabet corresponded
to a
number (see Figure 10.1).
FIGURE 10.1.
A primitive example of a code.
In Figure 10.1, there is a table, or legend, to the left. Below each letter is a
corresponding
number. Thus, A = 7, B = 2, and so forth. This is a code of sorts, similar to
the kind seen
in secret-decoder kits found by children in their cereal boxes. You probably
remember
them: They came with decoder rings and sometimes even included a tiny code book
for
breaking the code manually.
Unfortunately, such a code can be easily broken. For example, if each letter has
a fixed
numeric counterpart (that is, that counterpart never changes), it means that you
will only
be using 26 different numbers (presumably 1 through 26, although you could
choose
numbers arbitrarily). Assume that the message you are seeking to hide contains
letters but
no numbers. Lexical analysis would reveal your code within a few seconds. There
are
software programs that perform such analysis at high speed, searching for
patterns
common to your language.
ROT-13
Another method (slightly more complex) is where each letter becomes another
letter,
based on a standard, incremental (or decremental) operation. To demonstrate this
technique, I will defer to ROT-13 encoding. ROT-13 is a method whereby each
letter is
replaced by a substitute letter. The substitute letter is derived by moving 13
letters ahead
(see Figure 10.2).
FIGURE 10.2.
The ROT-13 principle of letter substitution.
This, too, is an ineffective method of encoding or encrypting a message
(although it
reportedly worked in Roman times for Caesar, who used a shift-by-three formula).
There
are programs that quickly identify this pattern. However, this does not mean
that
techniques like ROT-13 are useless. I want to illustrate why and, in the
process, I can
demonstrate the first important point about passwords and encryption generally:
Any form of encryption may be useful, given particular circumstances. These
circumstances may depend upon time, the sensitivity of the information, and from
whom you want to hide data.
In other words, techniques like the ROT-13 implementation may be quite useful
under
certain circumstances. Here is an example: Suppose a user wants to post a
cracking
technique to a Usenet group. He or she has found a hole and wants to publicize
it while it
is still exploitable. Fine. To prevent bona-fide security specialists from
discovering that
hole as quickly as crackers, ROT-13 can be used.
Remember how I pointed out that groups like NCSA routinely download Usenet
traffic on
a wholesale basis? Many groups also use popular search engines to ferret out
cracker
techniques. These search engines primarily employ regex (regular expression)
searches
(that is, they search by word or phrase). For example, the searching party
(perhaps NCSA,
perhaps any interested party) may enter a combination of words such as
crack
hack
vulnerability
hole
When this combination of words is entered correctly, a wealth of information
emerges.
Correctly might mean many things; each engine works slightly differently. For
example,
some render incisive results if the words are enclosed in quotation marks. This
sometimes forces a search that is case sensitive. Equally, many engines provide
for the
use of different Boolean expressions. Some even provide fuzzy-logic searches or
the
capability to mark whether a word appears adjacent, before, or after another
word or
expression.
When the cracker applies the ROT-13 algorithm to a message, such search engines
will
miss the post. For example, the message
Guvf zrffntr jnf rapbqrq va EBG-13 pbqvat. Obl, qvq vg ybbx fperjl hagvy jr
haeniryrq
vg!
is clearly beyond the reach of the average search engine. What it really looks like is this:
This message was encoded in ROT-13 coding. Boy, did it look screwy until we
unraveled it!
Most modern mail and newsreaders support ROT-13 encoding and decoding (Free
Agent
by Forte is one; Netscape Navigator's Mail package is another). Again, this is a
very
simple form of encoding something, but it demonstrates the concept. Now, let's
get a bit
more specific.
DES and Crypt
Many different operating systems are on the Internet. The majority of servers,
however,
run some form of UNIX. On the UNIX platform, all user login IDs and passwords
are
stored in a central location. That location, for many years, was in the
directory /etc
within a file passwd (/etc/passwd). The format of this file contains various
fields. Of
those, we are concerned with two: the login ID and the password.
The login ID is stored plain text, or in perfectly readable English. (This is
used as a key
for encryption.) The password is stored in an encrypted form. The encryption
process is
performed using Crypt(3), a program based on the data encryption standard (DES).
IBM
developed the earliest version of DES; today, it is used on all UNIX platforms
for
password encryption. DES is endorsed jointly by the National Bureau of Standards
and the
National Security Agency. In fact, since 1977, DES has been the generally
accepted
method for safeguarding sensitive data. Figure 10.3 contains a brief timeline of
DES
development.
FIGURE 10.3.
Brief timeline of the development of DES.
DES was developed primarily for the protection of certain nonclassified
information that
might exist in federal offices. As set forth in Federal Information Processing
Standards
Publication 74, Guidelines for Implementing and Using the NBS Data Encryption
Standard:
Because of the unavailability of general cryptographic technology outside the
national security arena, and because security provisions, including encryption,
were
needed in unclassified applications involving Federal Government computer
systems, NBS initiated a computer security program in 1973 which included the
development of a standard for computer data encryption. Since Federal standards
impact on the private sector, NBS solicited the interest and cooperation of
industry
and user communities in this work.
Information about the original mechanical development of DES is scarce.
Reportedly, at
the request of the National Security Agency, IBM caused certain documents to be
classified. (They will likely remain so for some years to come.) However, the
source
code for Crypt(3) (the currently implementation of DES in UNIX) is widely
available.
This is significant, because in all the years that source has been available for
Crypt, no one
has yet found a way to easily reverse-encode information encrypted with it.
TIP: Want to try your luck at cracking Crypt? Get the source! It comes with
the standard GNU distribution of C libraries, which can be found at
ftp://gatekeeper.dec.com/glibc-1.09.1.tar.gz. (Please note that if you
are not on U.S. soil or within U.S. jurisdiction, you must download the source
for Crypt from a site outside the United States. The site usually given for this
is ftp://ftp.uni-c.dk./glibc-1.09-crypt.tar.z.
Certain implementations of Crypt work differently. In general, however, the
process is as
follows:
1. Your password is taken in plain text (or, in cryptographic jargon, clear text).
2. Your password is then utilized as a key to encrypt a series of zeros (64 in
all).
The resulting encoded text is thereafter referred to as cipher text, the
unreadable
material that results after plain text has been encrypted.
Certain versions of Crypt, notably Crypt(3), take additional steps. For example,
after
going through this process, it encrypts the already encrypted text, again using
your
password as a key. This a fairly strong method of encryption; it is extremely
difficult to
break.
In brief, DES takes submitted data and encodes it using a one-way operation
sometimes
referred to as a hash. This operation is special from a mathematical point of
view for one
reason: While it is relatively simple to encode data this way, decoding it is
computationally complex and resource intensive. It is estimated, for example,
that the
same password can be encoded in 4,096 different ways. The average user, without
any
knowledge of the system, could probably spend his or her entire life attempting
to crack
DES and never be successful. To get that in proper perspective, examine an
estimate from
the National Institute of Standards and Technology:
The cryptographic algorithm [DES] transforms a 64-bit binary value into a unique
64-bit binary value based on a 56-bit variable. If the complete 64-bit input is
used
(i.e., none of the input bits should be predetermined from block to block) and
if the
56-bit variable is randomly chosen, no technique other than trying all possible
keys
using known input and output for the DES will guarantee finding the chosen key.
As
there are over 70,000,000,000,000,000 (seventy quadrillion) possible keys of 56
bits, the feasibility of deriving a particular key in this way is extremely
unlikely in
typical threat environments.4
4NIST, December 30, 1993. "Data Encryption Standard (DES)," Federal
Information Processing Standards Publication 46-2.
http://csrc.nist.gov/fips/fips46-2.txt.
One would think that DES is entirely infallible. It isn't. Although the
information cannot
be reverse-encoded, passwords encrypted via DES can be revealed through a
comparative
process. The process works as follows:
1. You obtain a dictionary file, which is really no more than a flat file (plain
text)
list of words (these are commonly referred to as wordlists).
2. These words are fed through any number of programs that encrypt each word.
Such encryption conforms to the DES standard.
3. Each resulting encrypted word is compared with the target password. If a
match
occurs, there is better than a 90 percent chance that the password was cracked.
This in itself is amazing; nevertheless, password-cracking programs made for
this purpose
are even more amazing than they initially appear. For example, such cracking
programs
often subject each word to a list of rules. A rule could be anything, any manner
in which a
word might appear. Typical rules might include
Alternate upper- and lowercase lettering.
Spell the word forward and then backward, and then fuse
the two results (for example: cannac).
Add the number 1 to the beginning and/or end of each word.
Naturally, the more rules one applies to the words, the longer the cracking
process takes.
However, more rules also guarantee a higher likelihood of success. This is so
for a
number of reasons:
The UNIX file system is case sensitive (WORKSTATION is interpreted
differently than Workstation or workstation). That alone makes a UNIX
password infinitely more complex to crack than a password generated on a
DOS/Windows machine. Alternating letters and numbers in passwords is a
common practice by those aware of security issues. When cracking passwords
from such a source, many rules should be applied.
The emergence of such programs has greatly altered the security of the Internet.
The
reasons can be easily understood by anyone. One reason is because such tools are
effective:
Crypt uses the resistance of DES to known plain text attack and make it
computationally unfeasible to determine the original password that produced a
given
encrypted password by exhaustive search. The only publicly known technique that
may reveal certain passwords is password guessing: passing large wordlists
through
the crypt function to see if any match the encrypted password entries in an
/etc/passwd file. Our experience is that this type of attack is successful
unless
explicit steps are taken to thwart it. Generally we find 30 percent of the
passwords
on previously unsecured systems.5
5David Feldmeier and Philip R. Karn. UNIX Password Security--Ten Years
Later. (Bellcore).
Another reason is that the passwords on many systems remain available. In other
words,
for many years, the task of the cracker was nearly over if he or she could
obtain that
/etc/passwd file. When in possession of the encrypted passwords, a suitably
powerful
machine, and a cracking program, the cracker was ready to crack (provided, of
course, that
he or she had good wordlists).
Wordlists are generally constructed with one word per line, in plain text, and
using no
carriage returns. They average at about 1MB each (although one could feasibly
create a
wordlist some 20MB in size). As you may have guessed, many wordlists are
available on
the Internet; these come in a wide variety of languages (thus, an American
cracker can
crack an Italian machine and vice versa).
Cross Reference: There are a few popular depositories for wordlists. These
collections contain every imaginable type of wordlist. Some are simply
dictionaries and others contain hyphenated words, upper and lower case, and
so on. One exceptionally good source is at
http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html. However, perhaps
the most definitive collection is available at the COAST project at Purdue. Its
page is located at http://www.cs.purdue.edu/coast/.
The Password-Cracking Process
Before I get even more specific, I want to graphically illustrate the
password-cracking
process (see Figure 10.4).
The graphical representation in Figure 10.4 will serve you well. I want to
explain a bit
about each portion of the process. First, I should briefly cover the hardware
issues.
Hardware Issues
As noted in Figure 10.4, a 66MHz machine or higher is typical. Indeed, it is a
basic
requirement. Without delving deep into an argument for this or that processor
(or this or
that platform), I should at least state this: In actual practice, cracking a
large password file
is a CPU- and memory-intensive task. It can often take days. Whether you are a
hobbyist,
cracker, or system administrator, you would be well advised to take note of this
point.
Before actually cracking a large password file, you might want to inventory your
equipment and resources.
I have found that to perform a successful (and comfortable) crack of a large
password file,
one should have 66MHz of processing power and 32MB of RAM (or better). It can be
done with less, even a 25MHz processor and 8MB of RAM. However, if you use a
machine so configured, you cannot expect to use it for any other tasks. (At
least, this is
true of any IBM AT compatible. I have seen this done on a Sun SPARCstation 1 and
the
user was still able to run other processes, even in OpenWindows.)
FIGURE 10.4.
The process of cracking, graphically illustrated.
Equally, there are techniques for overcoming this problem. One is the parlor
trick of
distributed cracking. Distributed cracking is where the cracker runs the
cracking
program in parallel, on separate processors. There are a few ways to do this.
One is to
break the password file into pieces and crack those pieces on separate machines.
In this
way, the job is distributed among a series of workstations, thus cutting
resource drain and
the time it takes to crack the entire file.
The problem with distributed cracking is that it makes a lot of noise. Remember
the
Randal Schwartz case? Mr. Schwartz probably would never have been discovered if
he
were not distributing the CPU load. Another system administrator noticed the
heavy
processor power being eaten. (He also noted that one process had been running
for more
than a day.) Thus, distributed cracking really isn't viable for crackers unless
they are the
administrator of a site or they have a network at home (which is not so unusual
these days;
I have a network at home that consists of Windows 95, Windows NT, Linux, Sun,
and
Novell boxes).
The Mechanics of Password Cracking
In any event, as Figure 10.4 shows, the wordlist is sent through the encryption
process,
generally one word at a time. Rules are applied to the word and, after each such
application, the word is again compared to the target password (which is also
encrypted).
If no match occurs, the next word is sent through the process.
Some password crackers perform this task differently. Some take the entire list
of words,
apply a rule, and from this derive their next list. This list is then encrypted
and matched
against the target password. The difference is not academic. The second
technique is
probably much faster.
In the final stage, if a match occurs, the password is then deemed cracked. The
plain-text
word is then piped to a file (recorded in a plain-text file for later
examination).
It is of some significance that the majority of password cracking utilities are
not user
friendly. In fact, when executed, some of them forward nothing more than a
cryptic
message, such as
File?
Most also do not have extensive documentation with them. There are a few reasons
for
this phenomenon:
There is very little left to say. The program cracks passwords and does nothing
more.
The majority are authored by crackers from the underground. Thus, the programs
were developed on the fly, and these individuals have little time to generate
complex help files and tutorials. It is assumed that when you unpack such a
tool, you
know what you are doing. (The exceptions to this rule are, of course, those
cracking
utilities that are written by bona fide security professionals. These usually
include
release notes, explaining pitfalls, bugs, and possible solutions. Some even come
with a few sample wordlists. These generally consist of several hundred words
and
proper names.)
The Password Crackers
The remainder of this chapter is devoted to individual password crackers. Some
are made
for cracking UNIX passwd files, and some are not. Some of the tools here are not
even
password crackers; instead, they are auxiliary utilities that can be used in
conjunction with
(or for the improvement of) existing password crackers.
Crack by Alec Muffett
Crack is probably the most celebrated tool for cracking encrypted UNIX
passwords. It is
now the industry standard for checking networks for characteristically weak
passwords. It
was written by Alec D. E. Muffet, a UNIX software engineer in Wales. In the docs
provided with the distribution, Mr. Muffett concisely articulates the program's
purpose:
Crack is a freely available program designed to find standard UNIX
eight-character
DES encrypted passwords by standard guessing techniques...It is written to be
flexible, configurable and fast, and to be able to make use of several networked
hosts via the Berkeley rsh program (or similar), where possible.
Crack is for use on UNIX platforms only. It comes as a tarred, g'zipped file and
is
available at so many sites, I will refrain from listing them here (use the
search string
crack-4.1.tar.gz or crack-4.1.tar.Z). After downloaded to the local disk, it is
unzipped and untarred into a suitable directory (I prefer putting it into the
/root/
directory tree). After you finish that process, your directory (Crack-4.1) will
look
similar to the one shown in Figure 10.5.
FIGURE 10.5.
The Crack directory structure.
To get up and running, you need only set the root directory for Crack (this is
the directory
beneath which all the Crack resources can be found). This value is assigned to a
variable
(Crack_Home) in the configuration files. This is merely an environment variable
that, when
set, tells the Crack program where the remaining resources reside. To set this
variable,
edit the file Crack, which is a /bin/sh script that starts up the Crack engine.
After editing
this file, you can begin. This file, which consists of plain-text commands,
code, and
variables, can be edited in any text editor or word processor. However, it must
be saved to
plain text.
NOTE: You may or may not need to quickly acquire a wordlist. As it happens,
many distributions of Crack are accompanied by sample wordlist (or
dictionary) files. Your mileage may vary in this respect. I would suggest
getting your copy of Crack from established (as opposed to underground)
sites. This will make it more likely that you will get a sample wordlist
(although to do any serious password cracking, you will need to acquire bigger
and more suitable wordlists).
You initiate a Crack session by calling the program and providing the name of a
password
file and any command-line arguments, including specifications for using multiple
workstations and such. If you refer to the Xterm snapshot in Figure 10.5, you
will see a
file there named my_password_file. This is a sample passwd file that I cracked
to
generate an example. To crack that file, I issued the following command:
Crack my_password_file
Crack started the process and wrote the progress of the operation to files with
an out
prefix. In this case, the file was called outSamsHack300. Following is an
excerpt from that
file; examine it closely.
pwc: Jan 30 19:26:49 Crack v4.1f: The Password Cracker,
(c) Alec D.E. Muffett, 1992
pwc: Jan 30 19:26:49 Loading Data, host=SamsHack pid=300
pwc: Jan 30 19:26:49 Loaded 2 password entries with 2
different (salts: 100%
pwc: Jan 30 19:26:49 Loaded 240 rules from `Scripts/dicts.rules'.
pwc: Jan 30 19:26:49 Loaded 74 rules from `Scripts/gecos.rules'.
pwc: Jan 30 19:26:49 Starting pass 1 - password information
pwc: Jan 30 19:26:49 FeedBack: 0 users done, 2 users left to crack.
pwc: Jan 30 19:26:49 Starting pass 2 - dictionary words
pwc: Jan 30 19:26:49 Applying rule `!?Al' to file `Dicts/bigdict'
pwc: Jan 30 19:26:50 Rejected 12492 words on loading,
89160 words (left to sort
pwc: Jan 30 19:26:51 Sort discarded 947 words;
FINAL DICTIONARY (SIZE: 88213
pwc: Jan 30 19:27:41 Guessed ROOT PASSWORD root
(/bin/bash (in my_password_file) [laura] EYFu7c842Bcus
pwc: Jan 30 19:27:41 Closing feedback file.
As you can see, Crack guessed the correct password for root. This process took
just
under a minute. Line 1 reveals the time at which the process was initiated (Jan
30
19:26:49); line 12 reveals that the password--Laura--was cracked at 19:27:41.
This was
done using a 133MHz processor and 32MB of RAM.
Because the password file I used was so small, neither time nor resources was an
issue. In
practice, however, if you are cracking a file with hundreds of entries, Crack
will eat
resources voraciously. This is especially so if you are using multiple wordlists
that are in
compressed form. (Crack will actually identify these as compressed files and
will
uncompress them.)
As mentioned earlier, Crack can distribute the work to different workstations on
a UNIX
network. Even more extraordinary than this, the machines can be of different
architectures. Thus, you might have an IBM-compatible running Linux, a RS/6000
running
AIX, and a Macintosh running A/UX.
Crack is extremely lightweight and is probably the most reliable password
cracker
available.
TIP: To perform a networked cracking session, you must build a
network.conf file. This is used by the program to identify which hosts to
network, their architecture, and other key variables. One can also specify
command-line options that are invoked as Crack is unleashed on each
machine. In other words, each machine may be running Crack and using
different command-line options. This can be conveniently managed from one
machine.
Cross Reference: Macintosh users can also enjoy the speed and efficiency
of Crack by using the most recent port of it, called MacKrack v2.01b1. It is
available at http://www.borg.com/~docrain/mac-hack.html.
CrackerJack by Jackal
CrackerJack is a renowned UNIX password cracker designed expressly for the DOS
platform. Contrary to popular notions, CrackerJack is not a straight port of
Crack (not
even close). Nevertheless, CrackerJack is an extremely fast and easy-to-use
cracking
utility. For several years, CrackerJack has been the choice for DOS users;
although many
other cracker utilities have cropped up, CrackerJack remains quite popular (it's
a cult
thing). Later versions were reportedly compiled using GNU C and C++.
CrackerJack's
author reports that through this recompiling process, the program gained
noticeable
speed.
TIP: CrackerJack also now works on the OS/2 platform.
The are some noticeable drawbacks to CrackerJack, including
Users can only specify one dictionary file at a time.
Memory-allocation conventions prevent CrackerJack from running in Windows 95.
Despite these snags, CrackerJack is reliable and, for moderate tasks, requires
only limited
resources. It takes sparse processor power, doesn't require a windowed
environment, and
can run from a floppy.
Cross Reference: CrackerJack is widely available, although not as widely as
one would expect. Here are a few reliable sites:
http://www.fc.net/phrack/under/misc.html
http://www.ilf.net/~toast/files/
http://www.paranoia.com/~steppin/misc.html
http://www.interware.net/~jcooper/cracks.htm
http://globalkos.org/files.html
PaceCrack95 (pacemkr@bluemoon.net)
PaceCrack95 is designed to work on the Windows 95 platform in console mode, in a
shell window. Its author reports that PaceCrack95 was prompted by deficiencies
in other
DOS-based crackers. He writes:
Well you might be wondering why I have written a program like this when there
already is [sic] many out there that do the same thing. There are many reasons,
I
wanted to challenge myself and this was a useful way to do it. Also there was
this
guy (Borris) that kept bugging me to make this for him because Cracker Jack (By
Jackal) doesn't run in Win95/NT because of the weird way it uses the memory.
What was needed was a program that runs in Win95 and the speed of the cracking
was up there with Cracker Jack.
To the author's credit, he created a program that does just that. It is fast,
compact, and
efficient. Unfortunately, however, PaceCrack95 is a new development not yet
widely
available (I believe it was distributed in July 1996).
Cross Reference: There is a shortage of reliable sites from which to retrieve
PaceCrack95, but it can be found at
http://tms.netrom.com/~cassidy/crack.htm.
Qcrack by the Crypt Keeper
Qcrack was originally designed for use on the Linux platform. It has recently
been ported
to the MS-DOS/Windows platform (reportedly sometime in July 1996). Qcrack is
therefore among the newest wave of password crackers that have cropped up in the
last
year or so. This has increased the number of choices in the void. This utility
is extremely
fast, but there are some major drawbacks. One relates to storage. As the author,
the Crypt
Keeper, explains:
QInit [one of several binaries in the distribution] generates a hash table where
each
entry corresponds to a salt value and contains the first two bytes of the hash.
Each
password becomes about 4KB worth of data, so this file gets large quickly. A
file
with 5000 words can be expected to be 20MB of disk. This makes it important to
have both a lot of disk space, and a very select dictionary. Included, a file
called cpw
is a list containing what I consider to be "good" words for the typical account.
I have
had zero hits with this file on some password files, and I have also had almost
a 30
percent hit rate on others.
NOTE: Note that Qcrack is a bit slower than some other utilities of this
nature, but is probably worth it. Parallelizing is possible, but not in the true
sense. Basically, one can use different machines and use different dictionaries
(as Qcrack's author suggests). However, this is not the same form of
parallelizing that can be implemented with Muffett's Crack. (Not to split hairs,
but using Qcrack in this fashion will greatly speed up the process of the
crack.)
Just one more interesting tidbit: The author of Qcrack, in a stroke of vision,
suggested
that someone create a CD-ROM of nothing but wordlist dictionaries (granted, this
would
probably be of less use to those with slow CD-ROMs; repeated access across
drives
could slow the system a bit).
Cross Reference: Qcrack can be found in the following places:
http://lix.polytechnique.fr/~delaunay/bookmarks/linux/qcrack.html
http://klon.ipr.nl/underground/underground.html
http://tms.netrom.com/~cassidy/crack.htm
John the Ripper by Solar Designer
John the Ripper is a relatively new UNIX password cracker that runs on the
DOS/Windows 95 platform. The binary distribution suggests that the coding was
finished
in December 1996. Early distributions of this program were buggy. Those of you
working
with less than 4MB of RAM might want to avoid this utility. Its author suggests
that the
program can run with less than 4MB, but a lot of disk access will be going on.
Cross Reference: John the Ripper runs on Linux as well. The Linux version
is currently in beta and is being distributed as an ELF binary. It can be found
by searching for the string john-linux.tar.zip.
Undoubtedly, these early efforts were flawed because the author attempted to
include so
many functions. Although John the Ripper may not yet be perfect, it is sizing up
as quite a
program. It runs in DOS (or in Windows 95 via a shell window) and has extensive
options.
Rather than list those here, I have provided a screenshot of the opening screen
that
appears if you start John without any arguments (see Figure 10.6).
FIGURE 10.6.
The John the Ripper opening screen.
In this respect, John incorporates many of the amenities and necessities of
other, more
established programs. I fully expect that within six months of this writing,
John the Ripper
will be among the most popular cracking utilities.
Cross Reference: The DOS version of John the Ripper, which is relatively
large in terms of password crackers, can be found at
http://tms.netrom.com/~cassidy/crack.htm.
Pcrack (PerlCrack; Current Version Is 0.3) by Offspring and Naïve
Pcrack is a Perl script for use on the UNIX platform (this does not mean that
Pcrack
couldn't be implemented on the NT platform; it simply means that some heavy-duty
porting would be in order). This utility has its advantages because it is quite
compact and,
when loaded onto the interpreter, fast. Nonetheless, one must obviously have not
only
some form of UNIX, but also access to Perl. As I have already pointed out, such
utilities
are best employed by someone with root access to a UNIX box. Many system
administrators have undertaken the practice of restricting Perl access these
days.
Cross Reference: Pcrack is not widely available, but
http://tms.netrom.com/~cassidy/crack.htm appears to be a reliable
source.
Hades by Remote and Zabkar (?)
Hades is yet another cracking utility that reveals UNIX /etc/passwd passwords.
Or is it?
Hades is very fast, faster than Muffett's Crack and far faster than CrackerJack
(at least in
tests I have performed).
The distribution comes with some source code and manual pages, as well as an
advisory,
which I quote here:
We created the Hades Password Cracker to show that world-readable encrypted
passwords in /etc/passwd are a major vulnerability of the UNIX operating system
and its derivatives. This program can be used by system operators to discover
weak
passwords and disable them, in order to make the system more secure.
With the exception of Muffett's Crack, Hades is the most well-documented
password
cracker available. The authors have taken exceptional care to provide you with
every
possible amenity. The Hades distribution consists of a series of small utilities
that, when
employed together, formulate a powerful cracking suite. For each such utility, a
man
(manual) page exists. The individual utilities included with the distribution
perform the
following functions:
The Merge utility merges two dictionaries (wordlists) into a third, the name of
which is specified by you.
The Optimize utility cleans dictionary (wordlists) files by formatting them; all
duplicate entries can be conveniently deleted and long words are truncated.
The Hits utility archives all passwords cracked in a previous section,
outputting the
data to a user-specified file. From this file, Hades can derive another
dictionary.
Cross Reference: Hades is so widely available that I will refrain from giving
a list of sites here. Users who wish to try out this well-crafted utility should
search for one or both of the following search terms:
hades.zip
hades.arj
Star Cracker by the Sorcerer
Star Cracker was designed to work under the DOS4GW environment. Okay...this
particular utility is a bit of a curiosity. The author was extremely thorough,
and although
the features he or she added are of great value and interest, one wonders when
the author
takes out time to have fun. In any event, here are some of the more curious
features:
Fail-safe power outage provision--If there is a blackout in your city and your
computer goes down, your work is not lost. (Is that a kicker or what?) Upon
reboot,
Star Cracker recovers all the work previously done (up until the point of the
power
outage) and keeps right on going.
Time-release operation--You can establish time windows when the program is to do
its work. That means you could specify, "Crack this file for 11 hours. When the
11
hours are up, wait 3 hours more. After the 3 hours more, start again."
To UNIX users, this second amenity doesn't mean much. UNIX users have always had
the
ability to time jobs. However, on the DOS platform, this capability has been
varied and
scarce (although there are utilities, such as tm, that can schedule jobs).
Moreover, this cracking utility has a menu of options: functions that make the
cracking
process a lot easier. You've really got to see this one to believe it. A nicely
done job.
Cross Reference: Star Cracker is available at
http://citus.speednet.com.au/~ramms/.
Killer Cracker by Doctor Dissector
Killer Cracker is another fairly famous cracking engine. It is distributed
almost always as
source code. The package compiles without event on a number of different
operating
systems, although I would argue that it works best under UNIX.
NOTE: Unless you obtain a binary release, you will need a C compiler.
Killer Cracker has so many command-line options, it is difficult to know which
ones to
mention here. Nonetheless, here are a few highlights of this highly portable and
efficient
cracking tool:
Manipulation of some rules at the command prompt, including case sensitivity.
Command-line specification for method of operation, including in what order the
words are tested (for example, test each word completely before moving on to the
next).
Under BSD, Killer Crack can be instructed to monopolize the processor
altogether,
forcing the maximum amount of CPU power available for the crack.
The program can check for nonprintable and control characters as possible
keystrokes within the current target password file.
In all, this program is quite complete. Perhaps that is why it remains so
popular. It has
been ported to the Macintosh operating system, it works on a DOS system, and it
was
designed under UNIX. It is portable and easily compiled.
Cross Reference: Killer Cracker can be obtained at these locations:
http://hack.box.sk/stuff/linux1/kc9.zip (DOS 16 bit)
http://hack.box.sk/stuff/linux1/kc9_32.zip (DOS 32 bit)
http://www.ilf.net/Toast/files/unix/kc9_11.tgz (UNIX)
http://www.netaxs.com/~hager/mac/hack/KillerCrackerv8.sit.bin
(Mac)
Hellfire Cracker by the Racketeer and the Presence
Another grass-roots work, Hellfire Cracker is a utility for cracking UNIX
password files
using the DOS platform. It was developed using the GNU compiler. This utility is
quite
fast, although not by virtue of the encryption engine. Its major drawback is
that
user-friendly functions are practically nonexistent. Nevertheless, it makes up
for this in
speed and efficiency.
One amenity of Hellfire is that it is now distributed almost exclusively in
binary form,
which obviates the need for a C compiler.
Cross Reference: This utility can be found on many sites, but I have
encountered problems finding reliable ones. This one, however is reliable:
http://www.ilf.net/~toast/files/.
XIT by Roche'Crypt
XIT is yet another UNIX /etc/passwd file cracker, but it is a good one.
Distinguishing
characteristics include
The capability to recover from power failure or sudden reboot
Full C source code available for analysis
The capability to provide up-to-the-second status reports
Full support for (get this!) 286 machines
The capability to exploit the existence of a disk cache for speed and increased
performance
The Claymore utility has been around for several years. However, it is not as
widely
available as one would expect. It also comes in different compressed formats,
although
the greater number are zipped.
Cross Reference: One reliable place to find XIT is
http://www.ilf.net/~toast/files/xit20.zip.
Claymore by the Grenadier
The Claymore utility is slightly different from its counterparts. It runs on any
Windows
platform, including 95 and NT.
NOTE: Claymore does not work in DOS or even a DOS shell window.
Figure 10.7 shows Claymore's opening window.
FIGURE 10.7.
The Claymore opening screen.
There is not a lot to this utility, but some amenities are worth mentioning.
First, Claymore
can be used as a brute force cracker for many systems. It can be used to crack
UNIX
/etc/passwd files, but it can also be used to crack other types of programs
(including
those requiring a login/password pair to get in).
One rather comical aspect of this brute force cracker is its overzealousness.
According to
the author:
Keep an eye on the computer. Claymore will keep entering passwords even after it
has broken through. Also remember that many times a wrong password will make
the computer beep so you may want to silence the speaker. Sometimes Claymore
will throw out key strokes faster than the other program can except them. In
these
cases tell Claymore to repeat a certain key stroke, that has no other function
in the
target program, over and over again so that Claymore is slowed down and the
attacked program has time to catch up.
This is what I would classify as a true, brute-force cracking utility! One
interesting aspect
is this: You can specify that the program send control and other nonprintable
characters
during the crack. The structure of the syntax to do so suggests that Claymore
was written
in Microsoft Visual Basic. Moreover, one almost immediately draws the conclusion
that
the VB function SendKeys plays a big part of this application. In any event, it
works
extremely well.
Cross Reference: Claymore is available at many locations on the Internet,
but http://www.ilf.net/~toast/files/claym10.zip is almost guaranteed to
be available.
Guess by Christian Beaumont
Guess is a compact, simple application designed to attack UNIX /etc/passwd
files. It is
presented with style but not much pomp. The interface is designed for DOS, but
will
successfully run through a DOS windowed shell. Of main interest is the source,
which is
included with the binary distribution. Guess was created sometime in 1991, it
seems. For
some reason, it has not yet gained the notoriety of its counterparts; this is
strange, for it
works well.
Cross Reference: Guess is available widely, so I will refrain from listing
locations here. It is easy enough to find; use the search string guess.zip.
PC UNIX Password Cracker by Doctor Dissector
I have included the PC UNIX Password Cracker utility (which runs on the DOS
platform)
primarily for historical reasons. First, it was released sometime in 1990. As
such, it
includes support not only for 386 and 286 machines, but for 8086 machines.
(That's right.
Got an old XT lying around the house? Put it to good use and crack some
passwords!) I
won't dwell on this utility, but I will say this: The program is extremely well
designed and
has innumerable command-line options. Naturally, you will probably want
something a bit
more up to date (perhaps other work of the good Doctor's) but if you really do
have an old
XT, this is for you.
Cross Reference: PC UNIX Cracker can be found at
http://www.ilf.net/~toast/files/pwcrackers/pcupc201.zip.
Merlin by Computer Incident Advisory Capability (CIAC) DOE
Merlin is not a password cracker. Rather, it is a tool for managing password
crackers as
well as scanners, audit tools, and other security-related utilities. In short,
it is a fairly
sophisticated tool for holistic management of the security process. Figure 10.8
shows
Merlin's opening screen.
Merlin is for UNIX platforms only. It has reportedly been tested (with positive
results) on
a number of flavors, including but not limited to IRIX, Linux, SunOS, Solaris,
and HP-UX.
One of the main attractions of Merlin is this: Although it has been specifically
designed
to support only five common security tools, it is highly extensible (it is
written in Perl
almost exclusively). Thus, one could conceivably incorporate any number of tools
into
the scheme of the program.
Merlin is a wonderful tool for integrating a handful of command-line tools into
a single,
easily managed package. It addresses the fact that the majority of UNIX-based
security
programs are based in the command-line interface (CLI). The five applications
supported
are
COPS
Tiger
Crack
TripWire
SPI (government contractors and agencies only)
FIGURE 10.8.
Merlin's opening screen.
Note that Merlin does not supply any of these utilities in the distribution.
Rather, you
must acquire these programs and then configure Merlin to work with them (similar
to the
way one configures external viewers and helpers in Netscape's Navigator). The
concept
may seem lame, but the tool provides an easy, centralized point from which to
perform
some fairly common (and grueling) security tasks. In other words, Merlin is more
than a
bogus front-end. In my opinion, it is a good contribution to the security trade.
TIP: Those who are new to the UNIX platform may have to do a little hacking
to get Merlin working. For example, Merlin relies on you to have correctly
configured your browser to properly handle *.pl files (it goes without saying
that Perl is one requisite). Also, Merlin apparently runs an internal HTTP
server and looks for connections from the local host. This means you must
have your system properly configured for loopback.
Merlin (and programs like it) are an important and increasing trend (a trend
kicked off by
Farmer and Venema). Because such programs are designed primarily in an HTML/Perl
base, they are highly portable to various platforms in the UNIX community. They
also
tend to take slim network resources and, after the code has been loaded into the
interpreter, they move pretty fast. Finally, these tools are easier to use,
making security
less of an insurmountable task. The data is right there and easily manipulated.
This can
only help strengthen security and provide newbies with an education.
Other Types of Password Crackers
Now you'll venture into more exotic areas. Here you will find a wide variety of
password
crackers for almost any type of system or application.
ZipCrack by Michael A. Quinlan
ZipCrack does just what you would think it would: It is designed to brute-force
passwords
that have been applied to files with a *.zip extension (in other words, it
cracks the
password on files generated with PKZIP).
No docs are included in the distribution (at least, not the few files that I
have examined),
but I am not sure there is any need. The program is straightforward. You simply
provide
the target file, and the program does the rest.
The program was written in Turbo Pascal, and the source code is included with
the
distribution. ZipCrack will work on any IBM-compatible that is a 286 or higher.
The file
description reports that ZipCrack will crack all those passwords generated by
PKZIP 2.0.
The author also warns that although short passwords can be obtained within a
reasonable
length of time, long passwords can take "centuries." Nevertheless, I sincerely
doubt that
many individuals provide passwords longer than five characters. ZipCrack is a
useful
utility for the average toolbox; it's one of those utilities that you think you
will never need
and later, at 3:00 in the morning, you swear bitterly because you don't have it.
Cross Reference: ZipCrack is widely available; use the search string
zipcrk10.zip.
Fast Zip 2.0 (Author Unknown)
Fast Zip 2.0 is, essentially, identical to ZipCrack. It cracks zipped passwords.
Cross Reference: To find Fast Zip 2.0, use the search string fzc101.zip.
Decrypt by Gabriel Fineman
An obscure but nonetheless interesting utility, Decrypt breaks WordPerfect
passwords. It
is written in BASIC and works well. The program is not perfect, but it is
successful a good
deal of the time. The author reports that Decrypt checks for passwords with keys
from 1
through 23. The program was released in 1993 and is widely available.
Cross Reference: To find Decrypt, use the search string decrypt.zip.
Glide (Author Unknown)
There is not a lot of documentation with the Glide utility. This program is used
exclusively to crack PWL files, which are password files generated in Microsoft
Windows for Workgroups and later versions of Windows. The lack of documentation,
I
think, is forgivable. The C source is included with the distribution. For anyone
who hacks
or cracks Microsoft Windows boxes, this utility is a must.
Cross Reference: Glide is available at these locations:
http://www.iaehv.nl/users/rvdpeet/unrelate/glide.zip
http://hack.box.sk/stuff/glide.zip
http://www.ilf.net/~toast/files/pwcrackers/glide.zip
AMI Decode (Author Unknown)
The AMI Decode utility is designed expressly to grab the CMOS password from any
machine using an American Megatrends BIOS. Before you go searching for this
utility,
you might try the factory-default CMOS password. It is, oddly enough, AMI. In
any event,
the program works, and that is what counts.
Cross Reference: To find AMI Decode, use the search string amidecod.zip.
NetCrack by James O'Kane
NetCrack is an interesting utility for use on the Novell NetWare platform. It
applies a
brute-force attack against the bindery. It's slow, but still quite reliable.
Cross Reference: To find NetCrack, use the search string netcrack.zip.
PGPCrack by Mark Miller
Before readers who use PGP get worked up, a bit of background is in order.
Pretty Good
Privacy (PGP) is probably the strongest and most reliable encryption utility
available to
the public sector. Its author, Phil Zimmermann, sums it up as follows:
PGPTM uses public-key encryption to protect e-mail and data files. Communicate
securely with people you've never met, with no secure channels needed for prior
exchange of keys. PGP is well featured and fast, with sophisticated key
management, digital signatures, data compression, and good ergonomic design.
PGP can apply a series of encryption techniques. One of these, which is
discussed in
Chapter 13, "Techniques to Hide One's Identity," is IDEA. To give you an idea of
how
difficult IDEA is to crack, here is an excerpt from the PGP Attack FAQ, authored
by
Route (an authority on encryption and a member of "The Guild," a hacker group):
If you had 1,000,000,000 machines that could try 1,000,000,000 keys/sec, it
would
still take all these machines longer than the universe as we know it has existed
and
then some, to find the key. IDEA, as far as present technology is concerned, is
not
vulnerable to brute-force attack, pure and simple.
In essence, a message encrypted using a 1024-bit key generated with a healthy
and long
passphrase is, for all purposes, unbreakable. So, why did Mr. Miller author this
interesting
tool? Because passphrases can be poorly chosen and, if a PGP-encrypted message
is to be
cracked, the passphrase is a good place to start. Miller reports:
On a 486/66DX, I found that it takes about 7 seconds to read in a 1.2 megabyte
passphrase file and try to decrypt the file using every passphrase. Considering
the
fact that the NSA, other government agencies, and large corporations have an
incredible amount of computing power, the benefit of using a large, random
passphrase is quite obvious.
Is this utility of any use? It is quite promising. Miller includes the source
with the
distribution as well as a file of possible passphrases (I have found at least
one of those
passphrases to be one I have used). The program is written in C and runs in the
DOS,
UNIX, and OS/2 environments.
Cross Reference: PGPCrack is available at several, reliable locations,
including
http://www.voicenet.com/~markm/pgpcrack.html (DOS version)
http://www.voicenet.com/~markm/pgpcrack-os2.zip (OS/2 version)
http://www.voicenet.com/~markm/pgpcrack.v99b.tar.gz (UNIX
version)
The ICS Toolkit by Richard Spillman
The ICS Toolkit utility is an all-purpose utility for studying Cryptanalysis. It
runs well in
Microsoft Windows 3.11 but is more difficult to use in Windows 95 or Windows NT.
It
uses an older version of VBRUN300.DLL and therefore, users with later versions
would be
wise to move the newer copy to a temporary directory. (The ICS application will
not
install unless it can place its version of VBRUN300.DLL into the
c:\windows\system
directory.) This utility will help you learn how ciphers are created and how to
break them.
It is really quite comprehensive, although it takes some ingenuity to set up. It
was
programmed for older versions of Microsoft Windows. The interface is more
utilitarian
than attractive.
EXCrack by John E. Kuslich
The EXCrack utility recovers passwords applied in the Microsoft Excel
environment. Mr.
Kuslich is very clear that this software is not free but licensable (and
copyrighted);
therefore, I have neglected to provide screenshots or quoted information. It's
safe to say
the utility works well.
Cross Reference: To find EXCrack, use the search string excrak.zip.
CP.EXE by Lyal Collins
CP.EXE recovers or cracks passwords for CompuServe that are generated in CISNAV
and
WINCIM. It reportedly works on DOSCIM passwords as well. It a fast and reliable
way to
test whether your password is vulnerable to attack.
Cross Reference: This utility has been widely distributed and can be found by
issuing the search string cis_pw.zip.
Password NT by Midwestern Commerce, Inc.
The Password NT utility recovers, or cracks, administrator password files on the
Microsoft Windows NT 3.51 platform. In this respect, it is the NT equivalent of
any
program that cracks the root account in UNIX. Note that some hacking is required
to use
this utility; if the original drive on which the target password is located is
NTFS (and
therefore access-control options are enabled), you will need to move the
password to a
drive that is not access-control protected. To do this, you must move the
password to a
drive also running 3.51 workstation or server. Therefore, this isn't really an
instant
solution. Nevertheless, after everything is properly set, it will take no time
at all.
Cross Reference: A nicely done utility, Password NT is always available at
the company's home page
(http://www.omna.com/yes/AndyBaron/recovery.htm).
There are well over 100 other utilities of a similar character. I will refrain
from listing
them here. I think that the previous list is sufficient to get you started
studying password
security. At least you can use these utilities to test the relative strength of
your
passwords.
Resources
At this stage, I would like to address some concepts in password security, as
well as give
you sources for further education.
I hope that you will go to the Net and retrieve each of the papers I am about to
cite. If you
are serious about learning security, you will follow this pattern throughout
this book. By
following these references in the order they are presented, you will gain an
instant
education in password security. However, if your time is sparse, the following
paragraphs
will at least provide you with some insight into password security.
About UNIX Password Security
UNIX password security, when implemented correctly, is fairly reliable. The
problem is
that people pick weak passwords. Unfortunately, because UNIX is a multi-user
system,
every user with a weak password represents a risk to the remaining users. This
is a
problem that must be addressed:
It is of utmost importance that all users on a system choose a password that is
not
easy to guess. The security of each individual user is important to the security
of the
whole system. Users often have no idea how a multi-user system works and don't
realize that they, by choosing an easy-to-remember password, indirectly make it
possible for an outsider to manipulate the entire system.6
6Walter Belgers, UNIX Password Security. December 6, 1993.
TIP: The above-mentioned paper, UNIX Password Security, gives an
excellent overview of exactly how DES works into the UNIX password
scheme. This includes a schematic that shows the actual process of encryption
using DES. For users new to security, this is an excellent starting point.
Cross Reference: Locate UNIX Password Security by entering the search
string password.ps.
What are weak passwords? Characteristically, they are anything that might occur
in a
dictionary. Moreover, proper names are poor choices for passwords. However,
there is no
need to theorize on what passwords are easily cracked. Safe to say, if the
password
appears in a password cracking wordlist available on the Internet, the password
is no good.
So, instead of wondering, get yourself a few lists.
Cross Reference: Start your search for wordlists at
http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html.
By regularly checking the strength of the passwords on your network, you can
ensure that
crackers cannot penetrate it (at least not through exploiting bad password
choices). Such a
regimen can greatly improve your system security. In fact, many ISPs and other
sites are
now employing tools that check a user's password when it is first created. This
basically
implements the philosophy that
...the best solution to the problem of having easily guessed passwords on a
system is
to prevent them from getting on the system in the first place. If a program such
as a
password cracker reacts by guessing detectable passwords already in place, then
although the security hole is found, the hole existed for as long as the program
took
to detect it...If however, the program which changes users' passwords...checks
for
the safety and guessability before that password is associated with the user's
account, then the security hole is never put in place.7
7Matthew Bishop, UC Davis, California, and Daniel Klein, LoneWolf Systems
Inc. "Improving System Security via Proactive Password Checking." (Appeared
in Computers and Security [14, pp. 233-249], 1995.)
TIP: This paper is probably one of the best case studies and treatments of
easily-guessable passwords. It treats the subject in depth, illustrating
real-life
examples of various passwords that one would think are secure but actually
are not.
Cross Reference: Locate Improving System Security via Proactive
Password Checking by entering the search string bk95.ps.
NOTE: As you go along, you will see many of these files have a *.ps
extension. This signifies a PostScript file. PostScript is a language and
method of preparing documents. It was created by Adobe, the makers of
Acrobat and Photoshop.
To read a PostScript file, you need a viewer. One very good one is
Ghostscript, which is shareware and can be found at
http://www.cs.wisc.edu/~ghost/.
Another good package (and a little more lightweight) is a utility called Rops.
Rops is available for Windows and is located here:
http://www5.zdnet.com/ (the ZDNet software library)
http://oak.oakland.edu (the Oak software repository)
Other papers of importance include the following:
"Observing Reusable Password Choices"
Purdue Technical Report CSD-TR 92-049
Eugene H. Spafford
Department of Computer Sciences, Purdue University
Date: July 3, 1992
Search String: Observe.ps
"Password Security: A Case History"
Robert Morris and Ken Thompson
Bell Laboratories
Date: Unknown
Search String: pwstudy.ps
"Opus: Preventing Weak Password Choices"
Purdue Technical Report CSD-TR 92-028
Eugene H. Spafford
Department of Computer Sciences, Purdue University
Date: June 1991
Search String: opus.PS.gz
"Federal Information Processing Standards Publication 181"
Announcing the Standard for Automated Password Generator
Date: October 5, 1993
URL:
http://www.alw.nih.gov/Security/FIRST/papers/password/fips181.txt
"Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against
Dictionary Attacks and Password File Compromise"
Steven M. Bellovin and Michael Merrit
AT&T Bell Laboratories
Date: Unknown
Search String: aeke.ps
"A High-Speed Software Implementation of DES"
David C. Feldmeier
Computer Communication Research Group
Bellcore
Date: June 1989
Search String: des.ps
"Using Content Addressable Search Engines to Encrypt and Break DES"
Peter C. Wayner
Computer Science Department
Cornell University
Date: Unknown
Search String: desbreak.ps
"Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary
Attacks"
Steven M. Bellovin and Michael Merrit
AT&T Bell Laboratories
Date: Unknown
Search String: neke.ps
"Computer Break-ins: A Case Study"
Leendert Van Doorn
Vrije Universiteit, The Netherlands
Date: Thursday, January 21, 1993
Search String: holland_case.ps
"Security Breaches: Five Recent Incidents at Columbia University"
Fuat Baran, Howard
Kaye, and Margarita Suarez
Center for Computing Activities
Colombia University
Date: June 27, 1990
Search String: columbia_incidents.ps
Other Sources and Documents
Following is a list of other resources. Some are not available on the Internet.
However,
there are articles that can be obtained through various online services (perhaps
Uncover)
or at your local library through interlibrary loan or through microfiche. You
may have to
search more aggressively for some of these, perhaps using the Library of
Congress
(locis.loc.gov) or perhaps an even more effective tool, like WorldCat
(www.oclc.org).
"Undetectable Online Password Guessing Attacks"
Yun Ding and Patrick Horster,
OSR, 29(4), pp. 77-86
Date: October 1995
"Optimal Authentication Protocols Resistant to Password Guessing Attacks"
Li Gong
Stanford Research Institute
Computer Science Laboratory
Men Park, CA
Date: Unknown
Search String: optimal-pass.dvi or optimal-pass.ps
"A Password Authentication Scheme Based on Discrete Logarithms"
Tzong Chen Wu and Chin Chen Chang
International Journal of Computational Mathematics; Vol. 41, Number 1-2,
pp. 31-37
1991
"Differential Cryptanalysis of DES-like Cryptosystems"
Eli Biham and Adi Shamir
Journal of Cryptology, 4(1), pp. 3-72
1990
"A Proposed Mode for Triple-DES Encryption"
Don Coppersmith, Don B. Johnson, and Stephen M. Matyas
IBM Journal of Research and Development, 40(2), pp. 253-262
March 1996
"An Experiment on DES Statistical Cryptanalysis"
Serve Vaudenay
Conference on Computer and Communications Security, pp. 139-147
ACM Press
March 1996
"Department of Defense Password Management Guideline"
If you want to gain a more historical perspective regarding password security,
start with
the Department of Defense Password Management Guideline. This document was
produced by the Department of Defense Computer Security Center at Fort Meade,
Maryland.
Cross Reference: You can find the Department of Defense Password
Management Guideline at
http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt.
Summary
You have reached the end of this chapter, and I have only a few things left to
say in
closing. One point I want to make is this: password crackers are growing in
number.
Because these tools often take significant processing power, it is not unusual
for crackers
to crack a large and powerful site just so they can use the processor power
available there.
For example, if you can crack a network with, say, 800 workstations, you can use
at least
some of those machines to perform high-speed cracking. By distributing the
workload to
several of these machines, you can ensure a much quicker result.
Many people argue that there is no legitimate reason persuasive enough to
warrant the
creation of such tools. That view is untenable. Password crackers provide a
valuable
service to system administrators by alerting them of weak passwords on the
network. The
problem is not that password crackers exist; the problem is that they aren't
used
frequently enough by the good guys. I hope that this book heightens awareness of
that fact.