Cracker Jack FAQ Written by kM Corrections and Password files can be sent to km@airmail.net for cracking. Questions and Comments are welcome too.. ======================================= The number one problem in today's internet server is a bad security setup. If someone doesn't protect or shawdow that passwd file in the /etc directory someone is going to take it and have total control of your server. By default Unix drops the passwords (encrypted) into a passwd if the /etc. Its the admins job to make sure that no one can download this and run it against a brute force attacker. IE: Cracker Jack. I use Cracker Jack because so far it seems to work fine for me. It does work and I will prove it to you. Ok enuff of the bullshit..now if you can get or trade for a passwd file. I can show you in the faq what you need to do in order to crack the fucker. Step 1: Cracker Jack is picky when it comes to memory...you better have no flaws in it. Therefore when you boot your computer (win95 /dos) bypass all configurations and drop to dos. In DOS 6.22 its f5 when it says "Starting MS-DOS" Win95 you can do Shift-F8 and then F5 till you get to a dos prompt. Cracker Jack has been tested by me in both enviorments and works correctly only under a clean boot. --------------------------------------------------------------------------- Step 2: Go into the Cracker Jack Directory. Cracker Jack uses a word list in which it compares the encrypted password to the wordlist in which you specify. You can make one up if you like or use the default one that comes with Cracker Jack. Puffs.dic Now...depending on where the passwd file comes from (country) slap a dictionary file from that country against it. (Example: Mexican Passwd file...hit it with a Spanish Dictionary). Ok now that we have this clear lets start... -------------------------------------------------------------------------- Step 3: Run jack.exe.. You should get this...if you get something else try booting your PC clean. If not find another copy..might be corrupted. Cracker Jack version 1.4 for OS/2 and DOS (386) Copyright (C) 1993, The Jackal, Denmark PWfile(s) : Wordfile : Where it asks you for the pwfile... put the passwd lists name. Where it asks for the Wordfile put the dictionary name. Now it will start cracking the bitch. You will here beeps and see screen output when it cracks an account. It will display the password it cracked and the user id next to it. Here is an example: Cracker Jack version 1.4 for OS/2 and DOS (386) Copyright (C) 1993, The Jackal, Denmark PWfile(s) : gate.pwd Wordfile : puffs.dic Initializing session data... Loaded 886 total accounts with 768 different salts. Cracking... (Hit any key for status, Ctrl-C to abort) ------------------------------------------------------------------------- After it cracks one you should see this display.. Cracker Jack version 1.4 for OS/2 and DOS (386) Copyright (C) 1993, The Jackal, Denmark PWfile(s) : gate.pwd Wordfile : puffs.dic Initializing session data... Loaded 886 total accounts with 768 different salts. Cracking... (Hit any key for status, Ctrl-C to abort) marika (gkantor) ^- Password ^- UserId You won't have to write this down..with cracker jack it will store the cracked ids into a file called jack.pot. You can use a program that comes with Cracker Jack called jackpot.exe to write a text file for you with the information and everything. This is what you do after you are finished cracking the passwd file. jackpot gate.pwd > cracked.txt jackpot reads the passwd file and compares it to Jack.pot and the > means pipe it to a text file cracked.txt is a name I made up. Name it anything you want. After you do this your cracked.txt should look like this... PWfile(s) : gate.pwd gkantor:marika:3009:301:George Kantor:/u3/gkantor:/bin/ksh 1 account cracked, 885 left. --------------------------------------------------------------------- *** REMEMBER *** You can use any wordfile or dictionary file you want...just specify it on the wordfile line. ** NOTE ** Use this as a learning tool...I won't be held liable for your lameness. Now that I have given you newbies all you need to know about using cracker jack please give me my due credit for sitting down and writing this bad little puppy out for you. I have cracked many password files and the only ones that are hard to crack are the shadow'd passwd files. They too can be cracked but they take a little more time..and thats another faq intirely. So if your a systems admin...protect the passwd file from little fucks like me.. - kM - Webmaster of HackerZ Hideout http://web2.airmail.net/km/hack.htm