password cracking exercise
Login as root. Obtain a copy of Alec Muffet's Crack program. It takes the form
of file crack5.0.tar.gz. See Alec's
website for http and/or ftp download sources. Also obtain crack5.0.README
and view it. You'll learn that
"Crack is a password guessing program that is designed to quickly locate insecurities in Unix (or other) password files by scanning the contents of a password file, looking for users who have misguidedly chosen a weak login password."
Unpack the tar file:
#cd
#tar -xzvf crack5.0.tar.gz
which produces a directory /root/c50a. Crack's fileset is in that directory. It isn't a simple, single-executable utility. It's the source code for the utility plus all the ancillary files needed to compile it, in the normal fashion of the source-code form of open source software distribution. Before you compile it there are some adaptations you need to make, with an editor.
Edit the script /root/c50a/Crack. Locate the following code, near line 40:
# vanilla unix cc
CC=cc
CFLAGS="-g -O $C5FLAGS"
#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD
MD5
# gcc 2.7.2
#CC=gcc
#CFLAGS="-g -O2 -Wall $C5FLAGS"
#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD
MD5
Change it to the following:
# vanilla unix cc
#CC=cc
#CFLAGS="-g -O $C5FLAGS"
#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD
MD5
# gcc 2.7.2
CC=gcc
CFLAGS="-g -O2 -Wall $C5FLAGS"
LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD MD5
The above changes conform Crack to the linux environment (for example, uses the name gcc for the c compiler, as linux does, instead of cc, as earlier unix versions did). Another change, below, is to make Crack use the same method as linux for encrypting passwords. (This method is called MD5.) To do that, perform the following:
# cd /root/c50a/src
# mv libdes libdes.orig
# cd util
# cp elcid.c elcid.c.orig
# cp elcid.c,bsd elcid.c
Now you can compile Crack:
# cd /root/c50a
# ./Crack -makeonly
The component executables of Crack have been built. You also need to build the dictionaries that come with it. A Crack dictionary is a reference sets of words to try as password candidates. They are considered "good guesses" so are attempted with priority in hopes of cracking passwords quicker than with purely random guessing only.
# ./Crack -makedict
Now Crack needs grist for the mill. Specifically, you need to give it the passwords you want it to crack. To do so, take a copy of the password file on your system. That's what the step below does. Put the copy in some other file someplace, like /root/passwords, below, for example.
# scripts/shadmrg.sv > /root/passwords
You're now ready to train Crack on this file full of passwords, and run it. Do so as follows:
# ./Crack /root/passwords
The screen messages flow then come to a halt and the prompt returns. It looks like Crack is finished. In fact, it's just getting started. The Crack script you ran isn't the actual password guesser. It's the script that launches the guesser. The guesser runs for an extended period of time, in the background. To see it run the "top" utility. Note the presence of (one or more instances of) the cracker process, near the top of the list consuming a high proportion of your computer's cpu time. The passwords are being guessed by this process. To exit the top utility, press ctrl-C.