💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › jack14.txt captured on 2021-12-04 at 18:04:22.

View Raw

More Information

-=-=-=-=-=-=-


??????????????????????????????????????????????????????????????????????????????
?                Cracker Jack, THE Unix Password Cracker                     ?
??????????????????????????????????????????????????????????????????????????????


June 1993        Doc's for Cracker Jack v 1.4


DISCLAIMER
==========
The copyright of this software is owned by the author, Jackal.
Please feel free to make copies and share them with your friends.
I can under no circumstances be held responsible for any consequences
of your use/misuse of this package, whatever that may be (system crash,
you going to jail, world war, etc..). Nor can I guarantee any functionality,
just take it or leave it.


What is Cracker Jack?
=====================
Cracker Jack is a Unix password checker/cracker, running on PC's.
As humble as I am, I don't think you'll find other Unix password
crackers for PC's, who will beat it in speed (if you do, I'll appreciate
if you let me know).
It is currently available in 2 versions (for 8086/88 and 80386.
I've dropped the 286 version, it wasn't significantly faster than
the 8086 version).
The 386 version is far faster than the other, please use that, if
you have a 386 or 486 CPU. Besides, the 386 version has no 640 kb limit,
so you can load a lot more accounts. The 386 version also runs under
OS/2 v. 2.0.
(Special versions for 486 and 586/Pentium might be available in the future.
Likewise, I might port it to other CPU's on other O/S'es than DOS and
OS/2, but don't count on it).


What's new in Cracker Jack 1.4?
===============================
I finally got that Borland C++ v 3.1, but I'm rather disappointed,
'coz in the meantime I've got hold on the GNU C compiler - IT'S GREAT!
After porting Jack to this compiler, it runs about 8% faster, at least
on my PC. I believe, however, that the speed increase is varying,
depending on your CPU type, cache RAM etc. Anyway, it now runs in
protected mode (and it REQUIRES a 386/486!), so there's no 640 kb limit.
Thanks to the EMX port of GNU C, it also runs under OS/2 2.0.
Furthermore, I've (once again) rearranged the account loading and
sorting algorithm, so there's virtually no startup delay, even when
loading several thousand accounts.

I have included a sort utility, JSORT. It doesn't have the 64 kb limit
as DOS SORT has. Currently it doesn't support single crack wordlists,
but I'm working on that.

JPP can now insert a dot BEFORE the password, with option -dot:0

That's basically it, no real news, but I thought this was worth
releasing.


What's new in Cracker Jack 1.3
==============================
- Rearranged and optimized the account loading/checking routines, thus
  gaining faster loading and space for more accounts per session.
- Added the -noname switch, which prevents Jack from loading the login
  names into memory, and thus lets you load even more accounts per
  session. The more accounts, the more comparisons/second.
- In single crack mode, it now checks ALL the accounts with
  same salts as the account being processed. This takes almost no extra
  time, so why not do it? It has given ME some accounts. :)
- It now checks the keyboard for Ctrl-C, so you don't have to wait eras
  when you wanna abort the session.
- Status is now only showed when you press a key (and on exit), so you get a
  bigger chance of seeing cracked passwords, before they scroll off the screen.
- It is now possible to restore an aborted single crack session.


Jackal's future plans:
- Fix JSORT to support single crack wordlists
- Implement password generator
- Add 'free crack' option to load accounts with same salts from other
  pwfiles (and/or same pwfile when using the -u option)
- Implement more options into JPP.
- Possibly implement the features of JPP into Jack itself, to avoid the
  need of lot of harddisk space for the DOS pipe, especially when you
  use -gecos:8
- Improve the docs

Files in the archive
====================
The following files are included in the archive:

JACK.EXE        Cracker Jack
JPP.EXE         Jack PreProcessor, manipulates words
JACKPOT.EXE     Shows you the passwords cracked so far
XTRACT.EXE      Extracts words from any file
JSORT.EXE       Sorts standard wordfiles (NOT single crack wordlists!)
JACK14.DOC      Hmmm, what can this be? :)
EMX.EXE         *) EMX runtime/system interface for DOS
EMX.DLL         *) EMX runtime/system interface for OS/2


	 Beware, that all executables are NOT the same in the 386 
	 version as in the 8086 version, although the names are the 
	 same.


How to use Cracker Jack
=======================
I guess you'll figure it out yourself, but there are some things that
might require a word of explanation.

Jack saves all cracked passwords in a file called JACK.POT, in the same
directory as JACK.EXE. Be aware of this, if you run Jack from a floppy
(who would do that?), don't write protect it.
Jack uses this file to check, if any of the passwords were cracked
previously, and won't try to crack them again. So, please don't delete
this file (it's readonly for the same reason).

JACKPOT.EXE shows you these passwords.
Since this is similar to the "validfile" output in previous versions of
Jack, I have removed this option. Some of you might miss it, but it
requires a lot of core, which I felt could be better used for cracking
more accounts.
JACKPOT.EXE HAS TO BE IN THE SAME DIRECTORY AS JACK.EXE!

With Jack it is possible to crack more than 1 passwd file, without you
have to combine them into one single. You can even use wildcards.

Every 10 minutes (and upon completion), Jack saves point information to
a file (RESTORE, unless you specified another name with the -r option).
In case the system crashes, you don't have to start all over.
But if you interrupt a session and start a new one, the old information
is overwritten. Therefore, always rename the file, if you want to use
it.

The -user option lets you specify the login names or user id's of the
accounts you want to crack. F.ex. -user:0 would load all accounts with
root priv's, whereas -user:root would just load the root account itself.

The single crack option (-single) in JACK is used in conjunction with
the login (-login) and gecos (-gecos:#) options of JPP. F.ex. would
	JPP -gecos:1 -lower pwfile | JACK -stdin -single pwfile
lowercase each word in the gecos fields and try it on the accounts
to whom it belongs AND to other accounts with the same salt.

There is one thing, you have to be aware of, when using single crack
mode; It is not adviced to direct the output from JPP to a file, and
then use this file as input for Jack. Because Jack does not load the
accounts it has cracked previously, the inputfile has to provide
login/gecos words from the UNCRACKED accounts ONLY! Otherwise JACK gets
out of syncronization, and tries the supplied words on the wrong
accounts. In other words, if you have cracked some accounts AFTER the
creation of the inputfile, you have to recreate it with JPP. This is
also the case if you restore a single crack session.
If you always PIPE the output from JPP into Jack, there's no problems.
JPP.EXE HAS TO BE IN THE SAME DIRECTORY AS JACK.EXE!

To illustrate the gecos option of JPP, suppose we have a passwd file
with the following account:

billy:EncrPassword:123:10:Billy The Kid:/usr/billy:/bin/csh

There are 4 levels of gecos manipulation.

    1: Each word
       e.g. "Billy", "The", "Kid"
    2: Combination of any 2 words
       e.g. "BillyThe", "BillyKid", "TheBilly", "TheKid" ,...
    4: Combination of 1 word and up to 2 initials
       e.g. "BillyTK", "BillyKT", "TKBilly", "TBillyK", "BKid" ,...
    8: Combination of substrings of up to 3 words
       e.g. "BiThKid", "BillKi", "BilTheKi", "TheBillyK", "BTK" ,...

Level 1, 2 and 4 can be added together. F.ex. if you want to get level 1
and level 4 in one run, specify -gecos:5.
Level 8 is an outsider; it always includes the other levels as well,
except that the output from level 8 is never more than 8 chars, to cut
down disk usage. Speaking of disk usage, remember to set the DOS TEMP
variable to a disk big enough to store the temporary file, created by
the DOS pipe (|). Preferrably the disk should be cached as well.

The XTRACT program was created for a specific need I had (to retrieve
fancy words from a game).
Usage: XTRACT MYFILE.XXX | SORT | JPP -include > WORDS.XXX
The reason to pipe it through JPP, is that JPP unique's it's output.
Another purpose for it, could be if you just had a couple of words
to pass to Cracker Jack, but didn't want to create a wordfile:
ECHO secret abc123 haleluja password | XTRACT | JACK -stdin pwfile


Known bugs/restrictions
=======================
You cannot specify more than one wordfile to JACK (although you
can to JPP)

You cannot use spaces in the parameters to JPP, but since only
the 7 lower bits of each char in the password is used, you can
use char # 160 (? = AltGr+1+6+0) instead. e.g:
JPP -gecos:4 -dot:1 pwfile | JPP -translate:.? | JACK -stdin -single pwfile

JSORT doesn't support single crack wordlists yet. In these wordlists,
generated by JPP's -login or -gecos options, there are some strings,
"***!***", which tells Jack to switch to the next salt. JSORT doesn't
recognise this string as anything special, and just treats it as a normal
input line.

................



Have phun, Jackal.



Contacting the author / How to get help / Dist. site
====================================================
The official distribution site for CrackerJack is Freeside, +45-3-122-3119.
Here you may contact the author, as well as obtain the latest version.

Zephyr, Freeside Sysop.