#!/usr/bin/perl ###### # crpasswd: brute force DES password hashes # Author: Jimmy Scott # Nick: Sick` # Mail: jimmy *at* inet-solutions.be # Address: Jimmy Scott # Goordijk 66 # 2930 BRASSCHAAT # BELGIUM # source: http://pub.devbox.be ### # # Copyright (C) 2003 Jimmy Scott # # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # 1. Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. The names of the authors may not be used to endorse or promote products # derived from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # ###### sub crack { my ($prefix, $remaining)=@_; $remaining--; foreach my $char (@alphabet) { if ($remaining > 0) { my $newprefix=$prefix . $char; crack($newprefix, $remaining); } else { my $check = crypt($prefix . $char, $salt); if ( $check eq $hashed ) { my $password = $prefix . $char; print "password found: $password\n"; exit 0; } } } } if (! ($_=$ARGV[0])) { print "usage: ./crpasswd [-p prefix] [-c positions] [-a alphabet] hashed_password\n\n", "OPTIONS:\n", " -p prefix = prefix for beginning password with\n", " -c positions = positions left to crack\n", " -a alphabet = use other alphabet\n\n", "ALPHABETS:\n", " 1 = default (a .. z, A .. Z, 0 .. 9)\n", " 2 = (a .. z)\n", " 3 = (A .. Z)\n", " 4 = (0 .. 9)\n", " 5 = (a .. z, A .. Z)\n", " 6 = (A .. Z, a .. z)\n", " 7 = (0 .. 9, a .. z, A .. Z)\n", " 8 = (0 .. 9, A .. Z, a .. z)\n"; } else { @params=@ARGV; chomp @params; while ($params[0]=~/^-/) { if ($params[0]=~/^-(p|c|a)$/) { if ($params[0]=~/^-p$/) { $prefix=$params[1] || die "could not initialize prefix: $!\n"; print "prefix set to: $prefix\n" } if ($params[0]=~/^-c$/) { $remaining=$params[1] || die "could not initialize remaining: $!\n"; print "remaining set to: $remaining\n" } if ($params[0]=~/^-a$/) { die "alphabet: illegal value\n" if (! ($params[1]=~/^(1|2|3|4|5|6|7|8)$/)); @alphabet=(a .. z, A .. Z, 0 .. 9) if ($params[1]=~/^1$/); @alphabet=(a .. z) if ($params[1]=~/^2$/); @alphabet=(A .. Z) if ($params[1]=~/^3$/); @alphabet=(0 .. 9) if ($params[1]=~/^4$/); @alphabet=(a .. z, A .. Z) if ($params[1]=~/^5$/); @alphabet=(A .. Z, a .. z) if ($params[1]=~/^6$/); @alphabet=(0 .. 9, a .. z, A .. Z) if ($params[1]=~/^7$/); @alphabet=(0 .. 9, A .. Z, a .. z) if ($params[1]=~/^8$/); print "alphabet set to: $params[1]\n"; } shift @params; shift @params; } else { die "error: $params[0]: bad parameter.\n"; } } $hashed=$params[0]; print "hashed password set to: $hashed\n"; ($salt1, $salt2) = split(//, $hashed); $salt = $salt1 . $salt2; print "salt set to: $salt\n"; if (! (@alphabet)) { @alphabet = (a .. z, A .. Z, 0 .. 9); print "alphabet set to: default\n"; } if (! ($prefix)) { $prefix=""; print "prefix set to: none\n"; } if (! ($remaining)) { for ($remainig=1; $remaining<=8; $remaining++) { print scalar(localtime) . ": trying $remaining chars\n" if ($remaining); crack($prefix,$remaining); } } else { crack($prefix,$remaining); } }