💾 Archived View for gemini.spam.works › mirrors › textfiles › computers › DOCUMENTATION › kc.txt captured on 2022-07-16 at 23:38:47.
⬅️ Previous capture (2022-06-12)
-=-=-=-=-=-=-
+------------------------------------------------------+
| |
| KILLER CRACKER: Portable Un*x Password Cracker |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| Version 8.00 LTD, Dated 7/28/91 |
| |
| Written By Doctor Dissector |
| Copyright (c) 1991, By Doctor Dissector |
| |
+------------------------------------------------------+
*** LIMITED EDITION !!!!! DO NOT DISTRIBUTE !!!!! LIMITED EDITION ***
License
-------
This program is NOT free software BUT may be used without charge or
payment in any form IF your copy is a "registered" distributed version.
You may modify it as much as you please, however, you MAY NOT
re-distribute it, in any shape or for: ie. modified OR unmodified,
without the expressed written consent (ie. e-mail) of Doctor
Dissector. (bbs.doctord@doomsday.spies.com)
This program was initially distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Disclaimer
----------
This program was written and released just to prove that Un*x
accounts can be effectively cracked utilizing modified DES password
encryption (crypt) routines and proper programming skills.
I, Doctor Dissector, the author of Killer Cracker, do not endorse
any type of illegal appropriation of computer accounts using programs
such as this; my goal is only to prove that the Un*x operating
system's greatest weakness in security lies in the /etc/passwd file.
Doctor Dissector will not be held responsible for the actions of
anyone who may misuse this program since he cannot control the actions
of the people who might become exposed to this program's use for illegal
means.
Quick Instructions
------------------
To compile under any operating system using "make", edit the file
"Makefile" included with this package to your needs and type "make".
File Listing & Description
--------------------------
WHATSNEW.800 -- Info on new modifications/additions to this version
KC.DOC -- This document file
KC.EXE -- MS/PC-DOS executable
KC.H -- Killer Cracker source code header file
KC.C -- Killer Cracker source code
MAKEFILE. -- Makefile for KC, edit this and use "make" to compile!
B_ORDER.C -- Determines if your machine is Network Byte Order
BCRYPT.H -- Bcrypt encryption source code header file
BCRYPT.C -- Bcrypt encryption source code
XFDES.H -- XFDES encryption source code header file
XFDES.C -- XFDES encryption source code
GOODWORD.W -- Collection of words from various sources
GIRLWORD.W -- Collection of female first names
Description
-----------
Killer Cracker (KC) is a program which effectively, and quickly,
encrypts a sequence of guesses (words) utilizing a modified form of the
DES Un*x password encryption alogrithm. These encrypted guesses are
then compared to the fields in any typical /etc/passwd file; any matches
are recorded for future reference.
Guesses to KC are read from several sources. The primary source of
guesses to encrypt come from a textfile (ASCII) of words separated by
CR/LF pairs or LFs (depending on operating system). Other guesses are
taken from each individual account in any /etc/passwd file; the login name
and two respective GECOS field entries. In addition, single characters
(a-z, A-Z, 0-9) and "funny" characters (^A-^Z, ESC, SPACE) can be tested
as guesses as well. KC also has the ability to make several combinations
for several guesses from one guess (i.e. test the guess in normal case,
uppercase, lowercase, and backwards) and the option to pre-pend or append
any number of characters to the beginning or end of any guessed word.
KC was also written in C source, which has been released and included
in KC's release package. The source was developed to be highly portable
with most other C compilers, especially the Un*x C compilers.
Execution
---------
Killer Cracker can be invoked using various methods from the command
line (shell prompt). Normally, KC will be called directly from the command
line; thus, usage from the command line will be discussed first. In order
to obtain a brief summary of KC's options from the command line, KC can be
invoked with the '-?' or '/?' flag. Incedentally, all flags to KC must be
either preceded by a '-' or a '/' character. The following info will
discuss KC's command line flags and offer detailed descriptions for each.
Under some Un*x shells, you may have to type the -? in double quotes ("-?")
in order to get the appropriate response.
Usage: kc -?bcfghlostu -<1|2>[:]<chars> -<p|w|v>[:]<filename> -z[:]<minutes>
kc -r[:]<filename>
Parms: -1 prefix chars -p /etc/passwd file -r restore file
-2 suffix chars -w guess word file -v valid account file
Flags: -? explain usage -b test backwards -c test up/low cases
-f test funny chars -g test GECOS fields -h hog resources
-l test login names -o suppress output -s single char test
-t test crypt result -u user based crack -z timeout (minutes)
Brief Summary Of Flags
----------------------
-? KC will print a brief summary of the available command line flags
as shown above.
Description Of Flags
--------------------
-p[:]<file> Filename/path+filename of the /etc/passwd file to be
cracked. The ':' character is optional (can be used to
clarify the command line). If no filename is specified,
KC will prompt you for one.
-w[:]<file> Filename/path+filename of the wordfile where all password
guesses are stored. Format of the words inside this
wordfile must be one word per line, no blank lines are
allowed. The ':' character is optional (can be used to
clarify the command line). If no filename is specified,
KC will prompt you for one.
-v[:]<file> Filename/path+filename of the output file, where all
valid account/password combinations will be saved.
The ':' character is optional (can be used to clarify the
command line). If no filename is specified, KC will
prompt you for one.
-r[:]<file> Filename/path+filename of the restorefile you would like
KC to read options and restoredata from. If this flag is
invoked without a following filename (i.e. "kc -r"), KC
will assume a default filename of "restore". Also note
that if this flag is specified, all other flags from the
command line will be ignored. The ':' character is
optional (can be used to clarify the command line).
-1[:]<char> The characters KC will be instructed to pre-pend to the
front of each word tested, one single character at a time.
For example, if you used the flag "-1:abc", each test
would test each word as "aWORD", "bWORD", and "cWORD".
-2[:]<char> The characters KC will be instructed to append to the
end of each word tested, one single character at a time.
For example, if you used the flag "-1:abc", each test
would test each word as "WORDa", "WORDb", and "WORDc".
-z[:]<time> Under the Un*x environment, this will instruct KC to
abort after the specified <time> in MINUTES.
-b KC will be instructed to create a word combination from the
available guesses as the reverse (backwards) from of the original
guess. KC is intelligent and will not repeat testing of guesses
which are the same foreward and backward (i.e. "MOM" backwards is
"MOM", KC will not test this guess in reverse). Refer to "Examples
Of Guesses" for more information.
-c KC will be instructed to create word combinations from the
available guesses in all uppercase and all lowercase. KC is
intelligent and guesses which are the same in all uppercase or
all lowercase will be skipped from testing in the respective
combination. See "Examples Of Guesses" for more information.
-f KC will be instructed to test the "funny" control characters ^A-^Z,
ESC, and SPACE as guesses before testing guesses from the wordfile.
-g KC will be instructed to test two words from the /etc/passwd GECOS
field of each individual account as guesses for that particular
account. KC will skip over entries in the GECOS field who's second
character is the '.' period character to avoid testing initials.
-h KC will be instructed to hog all available system resources under
(and ONLY under) the BSD Unix system. This means that KC will
attempt to raise the current resource limit of its process to the
maximum allowed value (if it is not at its maximum already). This
could result in dramatic performance increases as well as increased
suspicion to the process, but the end result is for you, the
end user to decide.
-l KC will be instructed to test the login name from the /etc/passwd
GECOS field of each individual account as a guess for that
particular account.
-o KC will be instructed to suppress all output from printing to the
local console/terminal. Normally, information about the current
session is printed to the standard output; however, on the Un*x
operating system where background processing requires output to be
directed away from the local console/terminal, verbose output could
be a problem. Also note that this flag, when executed under the
Un*x operating system, will automatically fork KC into the
background (returning you quickly to the shell prompt) and the
NOHUP flag (HUP signal ignore) will be placed on its process (so
logoff will not result in termination of the current session).
-s KC will be instructed to test the single characters, a-z, A-Z, and
0-9 as guesses before testing guesses from the wordfile.
-t KC will be instructed to test the result of a single, pre-installed,
encrypt/comparison using the default encryption routines. If you
get an encryption error, then your system WILL NOT effectively
crack passwords.
-u KC will be instructed to compare every word from the wordfile
avainst an account before moging to the next account. When
cracking by WORDS, KC will enable same-word-memory which
increses speed over cracking by users up to 40%. Normally,
KC will crack for passwords in the following format:
Default Format
--------------
word #1: test account #1's password
test account #2's password...
word #2: test account #1's password
test account #2's password...
word #3: test account #1's password
test account #2's password... (etc.)
This flag will instruct KC to follow the following format:
Optional Format
---------------
user #1's password: test word #1
test word #2
test word #3...
user #2's password: test word #1
test word #2
test word #3...
user #3's password: test word #1
test word #2
test word #3... (etc.)
Usage Examples
--------------
kc -c -p:passwd.212 -w:dict.txt -v:valid.212
The above command will instruct KC to read encrypted passwords
from the file passwd.212 (/etc/passwd format), read guesses from
the file dict.txt, and write any valid account/password
combinations to the file valid.212. All guesses will be tested
in normal, upper, and lowercase. Output will be verbose to the
console.
kc -cbo -ppwfile.txt -wwords.txt -vresults.txt
The above command will instruct Killer Cracker to read encrypted
passwords from the file pwfile.txt, read guesses from words.txt,
and write all valid account/password combinations into
results.txt. All guesses will be tested in normal, upper,
lowercase and reverse-normal, reverse-upper, and reverse-
lowercase. All output will be suppressed.
kc -glu -ppasswd.txt -wwords.txt -vvalid.txt
The above command will instruct Killer Cracker to read encrypted
passwords from passwd.txt, read guesses from words.txt, and write
valid account/password combinations to valid.txt. In addition,
the account/login names will be tested as passwords for each
account, and the GECOS field strings will be tested as passwords
for each account. When cracking begins, KC will crack passwords
using the optional format. Output will be verbose to the standard
output.
kc -c -p:passwd.txt
The above command will instruct KC to read encrypted passwords
from passwd.txt, interactively request the filenames for the
wordfile and the validfile, and test guesses in normal, upper,
and lowercase.
kc -rOLDCRACK.KC
The above command will instruct KC to read the restorefile
OLDCRACK.KC and restore the session as saved in that file.
Examples Of Guesses
-------------------
Killer Cracker can test words as normal, uppercase, lowercase,
reversed, and with numerical suffixes. The following table displays the
guesses for the words "Guess", "password", "PW", and 'MOM'. The '