fbpx
Wikipedia

Crack (password software)

November 11, 2023

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems[1][2][3][4] and the first to introduce programmable dictionary generation as well.

Crack began in 1990 when Alec Muffett, a Unix system administrator at the University of Wales Aberystwyth, was trying to improve Dan Farmer's 'pwc' cracker in COPS. Muffett found that by re-engineering the memory management, he got a noticeable performance increase. This led to a total rewrite[5] which became "Crack v2.0" and further development to improve usability.

Public Releases edit

The first public release of Crack was version 2.7a, which was posted to the Usenet newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a+fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the Unix crypt() function but was still only really a faster version of what was already available in other packages.

The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrator's arsenal.

  • Programmable dictionary generator
  • Network distributed password cracking

Crack v5.0a[6] released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt() variants such as those needed to attack the MD5 password hashes used on more modern Unix, Linux and Windows NT[7] systems. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker.

Legal issues arising from using Crack edit

Randal L. Schwartz, a notable Perl programming expert, in 1995 was prosecuted for using Crack[8][9] on the password file of a system at Intel, a case the verdict of which was eventually expunged.[10]

Crack was also used by Kevin Mitnick when hacking into Sun Microsystems in 1993.[11]

Programmable dictionary generator edit

While traditional password cracking tools simply fed a pre-existing dictionary of words through the crypt() function, Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists.

These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example:

X<8l/i/olsi1so0$=
Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign.

These rules could also process the GECOS field in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. Crack's dictionary generation rule syntax was subsequently borrowed[12] and extended[13] by Solar Designer for John the Ripper.

The dictionary generation software for Crack was subsequently reused by Muffett[14] to create CrackLib, a proactive password checking library that is bundled with Debian[15] and Red Hat Enterprise Linux-derived[16] Linux distributions.

Network distributed password cracking edit

As password cracking is inherently embarrassingly parallel Crack v4.0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking effort.

All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the -network option.

See also edit

References edit

  1. ^ David R. Mirza Ahmad; Ryan Russell (25 April 2002). Hack proofing your network. Syngress. pp. 181–. ISBN 978-1-928994-70-1. Retrieved 17 February 2012.
  2. ^ William R. Cheswick; Steven M. Bellovin; Aviel D. Rubin (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Professional. pp. 129–. ISBN 978-0-201-63466-2. Retrieved 17 February 2012.
  3. ^ Venema, Wietse (1996-07-01). "Murphy's law and computer security". Proceedings of the Sixth USENIX UNIX Security Symposium. Retrieved 2012-02-17.
  4. ^ Anonymous (2003). Maximum security. Sams Publishing. pp. 269–. ISBN 978-0-672-32459-8. Retrieved 17 February 2012.
  5. ^ Muffett, Alec (15 July 2004). "Crypticide I: Thirteen Years of Crack". blog post. Retrieved 2012-02-17.
  6. ^ Muffett, Alec. "Crack v5.0". Retrieved 2012-02-17.
  7. ^ Sverre H. Huseby (15 March 2004). Innocent code: a security wake-up call for Web programmers. John Wiley & Sons. pp. 148–. ISBN 978-0-470-85744-1. Retrieved 17 February 2012.
  8. ^ Simson Garfinkel; Gene Spafford; Alan Schwartz (17 May 2011). Practical UNIX and Internet Security. O'Reilly Media, Inc. pp. 608–. ISBN 978-1-4493-1012-7. Retrieved 17 February 2012.
  9. ^ Hakim, Anthony (2004-10-10), "Global Information Assurance Certification Paper Global Information Assurance Certification Paper", Intel v. Randal L. Schwartz (PDF), SANS Institute, p. 5, retrieved 2012-02-17
  10. ^ "Randal Schwartz's Charges Expunged - Slashdot". March 2007. Retrieved 2012-02-17.
  11. ^ Mitnick, Kevin (2011). "Here comes the Sun". Ghost in the Wires. Little, Brown. ISBN 978-0-316-03770-9.
  12. ^ Designer, Solar. "John the Ripper - credits". Solar Designer. Retrieved 2012-02-17.
  13. ^ Designer, Solar. "John the Ripper - wordlist rules syntax". Solar Designer. Retrieved 2012-02-17.
  14. ^ David N. Blank-Edelman (21 May 2009). Automating system administration with Perl. O'Reilly Media, Inc. pp. 461–. ISBN 978-0-596-00639-6. Retrieved 17 February 2012.
  15. ^ "Debian Package Search". Retrieved 2012-02-17.
  16. ^ . Archived from the original on 2012-04-21. Retrieved 2012-02-17.

External links edit

    crack

    November 11, 2023
    crack, password, software, crack, unix, password, cracking, program, designed, allow, system, administrators, locate, users, have, weak, passwords, vulnerable, dictionary, attack, crack, first, standalone, password, cracker, unix, systems, first, introduce, pr. Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack Crack was the first standalone password cracker for Unix systems 1 2 3 4 and the first to introduce programmable dictionary generation as well CrackDeveloper s Alec MuffettStable release5 0a June 2000Operating systemUnixTypepassword crackingWebsitewww crypticide comCrack began in 1990 when Alec Muffett a Unix system administrator at the University of Wales Aberystwyth was trying to improve Dan Farmer s pwc cracker in COPS Muffett found that by re engineering the memory management he got a noticeable performance increase This led to a total rewrite 5 which became Crack v2 0 and further development to improve usability Contents 1 Public Releases 2 Legal issues arising from using Crack 3 Programmable dictionary generator 4 Network distributed password cracking 5 See also 6 References 7 External linksPublic Releases editThe first public release of Crack was version 2 7a which was posted to the Usenet newsgroups alt sources and alt security on 15 July 1991 Crack v3 2a fcrypt posted to comp sources misc on 23 August 1991 introduced an optimised version of the Unix crypt function but was still only really a faster version of what was already available in other packages The release of Crack v4 0a on 3 November 1991 however introduced several new features that made it a formidable tool in the system administrator s arsenal Programmable dictionary generator Network distributed password crackingCrack v5 0a 6 released in 2000 did not introduce any new features but instead concentrated on improving the code and introducing more flexibility such as the ability to integrate other crypt variants such as those needed to attack the MD5 password hashes used on more modern Unix Linux and Windows NT 7 systems It also bundled Crack v6 a minimalist password cracker and Crack v7 a brute force password cracker Legal issues arising from using Crack editRandal L Schwartz a notable Perl programming expert in 1995 was prosecuted for using Crack 8 9 on the password file of a system at Intel a case the verdict of which was eventually expunged 10 Crack was also used by Kevin Mitnick when hacking into Sun Microsystems in 1993 11 Programmable dictionary generator editWhile traditional password cracking tools simply fed a pre existing dictionary of words through the crypt function Crack v4 0a introduced the ability to apply rules to this word list to generate modified versions of these word lists These could range from the simple do not change to the extremely complex the documentation gives this as an example X lt 8l i olsi1so0 Reject the word unless it is less than 8 characters long lowercase the word reject it if it does not contain both the letter i and the letter o substitute all i s for 1 s substitute all o s for 0 s and append an sign These rules could also process the GECOS field in the password file allowing the program to use the stored names of the users in addition to the existing word lists Crack s dictionary generation rule syntax was subsequently borrowed 12 and extended 13 by Solar Designer for John the Ripper The dictionary generation software for Crack was subsequently reused by Muffett 14 to create CrackLib a proactive password checking library that is bundled with Debian 15 and Red Hat Enterprise Linux derived 16 Linux distributions Network distributed password cracking editAs password cracking is inherently embarrassingly parallel Crack v4 0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking effort All that was required for this was to provide Crack with a configuration file containing the machine names processing power rates and flags required to build Crack on those machines and call it with the network option See also editComputer security Password cracking Aircrack ng Cain and Abel DaveGrohl Hashcat John the Ripper L0phtCrack Ophcrack RainbowCrackReferences edit David R Mirza Ahmad Ryan Russell 25 April 2002 Hack proofing your network Syngress pp 181 ISBN 978 1 928994 70 1 Retrieved 17 February 2012 William R Cheswick Steven M Bellovin Aviel D Rubin 2003 Firewalls and Internet security repelling the wily hacker Addison Wesley Professional pp 129 ISBN 978 0 201 63466 2 Retrieved 17 February 2012 Venema Wietse 1996 07 01 Murphy s law and computer security Proceedings of the Sixth USENIX UNIX Security Symposium Retrieved 2012 02 17 Anonymous 2003 Maximum security Sams Publishing pp 269 ISBN 978 0 672 32459 8 Retrieved 17 February 2012 Muffett Alec 15 July 2004 Crypticide I Thirteen Years of Crack blog post Retrieved 2012 02 17 Muffett Alec Crack v5 0 Retrieved 2012 02 17 Sverre H Huseby 15 March 2004 Innocent code a security wake up call for Web programmers John Wiley amp Sons pp 148 ISBN 978 0 470 85744 1 Retrieved 17 February 2012 Simson Garfinkel Gene Spafford Alan Schwartz 17 May 2011 Practical UNIX and Internet Security O Reilly Media Inc pp 608 ISBN 978 1 4493 1012 7 Retrieved 17 February 2012 Hakim Anthony 2004 10 10 Global Information Assurance Certification Paper Global Information Assurance Certification Paper Intel v Randal L Schwartz PDF SANS Institute p 5 retrieved 2012 02 17 Randal Schwartz s Charges Expunged Slashdot March 2007 Retrieved 2012 02 17 Mitnick Kevin 2011 Here comes the Sun Ghost in the Wires Little Brown ISBN 978 0 316 03770 9 Designer Solar John the Ripper credits Solar Designer Retrieved 2012 02 17 Designer Solar John the Ripper wordlist rules syntax Solar Designer Retrieved 2012 02 17 David N Blank Edelman 21 May 2009 Automating system administration with Perl O Reilly Media Inc pp 461 ISBN 978 0 596 00639 6 Retrieved 17 February 2012 Debian Package Search Retrieved 2012 02 17 CrackLib Enhancement Update Archived from the original on 2012 04 21 Retrieved 2012 02 17 External links editPassword cracking A quick guide to success crack Retrieved from https en wikipedia org w index php title Crack password software amp oldid 1182540856, wikipedia, wiki, book, books, library,

    article

    , read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.