The dictionary generation software for Crack was subsequently reused by Muffett to create CrackLib, a proactive password checking library that is bundled with Debian and Red Hat Enterprise Linux-derived Linux distributions. Crack's dictionary generation rule syntax was subsequently borrowed and extended by Solar Designer for John the Ripper. These rules could also process the GECOS field in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. X<8l/i/olsi1so0$= Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter 'i' and the letter 'o', substitute all i's for 1's, substitute all o's for 0's, and append an = sign. These could range from the simple (do not change) to the extremely complex - the documentation gives this as an example: While traditional password cracking tools simply fed a pre-existing dictionary of words through the crypt() function, Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists. Ĭrack was also used by Kevin Mitnick when hacking into Sun Microsystems in 1993. Schwartz, a notable Perl programming expert, in 1995 was prosecuted for using Crack on the password file of a system at Intel, a case the verdict of which was eventually expunged. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker. The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrators arsenal.Ĭrack v5.0a released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt() variants such as those needed to attack the MD5 password hashes used on more modern Unix, Linux and Windows NT systems. Crack v3.2a+fcrypt, posted to on 23 August 1991, introduced an optimised version of the Unix crypt() function but was still only really a faster version of what was already available in other packages. The first public release of Crack was version 2.7a, which was posted to the Usenet newsgroups alt.sources and alt.security on 15 July 1991. This led to a total rewrite which became "Crack v2.0" and further development to improve usability. Muffett found that by re-engineering the memory management, he got a noticeable performance increase. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.Ĭrack began in 1990 when Alec Muffett, a Unix system administrator at the University of Wales Aberystwyth, was trying to improve Dan Farmer's 'pwc' cracker in COPS. Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |