Viper v1.1 (Single Account - Graphical User Interface) Wiltered Fire : http://www.wilter.com/wf/ --- Summary: --- This program will crack passwords. It will crack a lot of passwords. In particular, it will crack DES/crypt() passwords used on most unix systems, which must be retrieved either from the /etc/passwd or /etc/shadow file. I wouldn't reccomend using this if you don't understand what I just said... Traditional crackers use the dictionary method, while this one does not. With the dictionary method, every dictionary word is tried, hoping for a weak password. This program checks all passwords. It will literally go from aaaaaaaa to zzzzzzzz. To be more exact, it actually goes from a to 000000000000. It will check all combinations of the character ranges : a-z, A-Z, 0-9 for a password length of 1 to 12. This will take a long, long time. Realistically this make take days, or even weeks. As the password length increases, the amount of possible passwords increases exponentially, as can be seen in this table: Length Possible Exact 1 62 62^1 2 3,844 62^2 3 238,328 62^3 4 14,776,336 62^4 5 916,132,832 62^5 6 56,800,235,584 62^6 7 3,521,614,606,208 62^7 8 2.183401055849e+14 62^8 9 1.353708654626e+16 62^9 10 8.392993658683e+17 62^10 11 5.203656068384e+19 62^11 12 3.226266762398e+21 62^12 --- So what? --- The common password security dogma has been that if your password is not a dictionary word, it is secure. This program puts that to rest. Security people have always known that someone could theoretically go through every password possible, but it would just take so long as to not make is feasable. However, with the ever increasing speed of CPU's, that is no longer the case. Even if it takes a month to find the password, it is still worth it, if the original intrusion was not detected. Now, the working dogma should really be a password of 12+ characters with non-alphanumerics, and even then it is not secure. The point of this is really to put theory into actual written code. --- Usage: --- Copy a line from your /etc/passwd or /etc/shadow file, paste it in the account field, and hit 'crack'. It will bring itself to the top, and display the password when it finds it. Really how you should use this program is to pick out a privledged account, put it in there, and try to forget about it for a few days. Just check up on it every once in awhile. If you are itching to find a passwords, this is account: test:qkvZFZjnWmv42:10633:::::: It will be found early on in the password length four run. It will show you what password length it is working on in that status bar, and in the title bar. It will also show what the last password it attempted was (every 40000 cracks), so you can keep track of its progress. This should be obvious, but this program is only a last resort. Use standard crackers first. This will take a long, long, long time. You have to really want that password (or have a monster machine) to even try this. --- Why can't I... --- - Why does it only try up to a password length of 12? - Any higher than that, and it would be entirely insane. If it isn't found by 12, you're probably not going to. It either is _very_ long, or has a special chararacter in it. -Why only alphanumnerics? What about special characters? - Keep two things in mind. Most passwords are only letters and numbers, and each extra character you add to the set greatly increases the time it takes to go trough a password length. However, an option to do this will may be added in a future version... -Why is the GUI so sluggish when it is cracking?- This is a trade off. It will crack faster if it doesn't have to keep up with what's happening to its window. This will vary from machine to machine, but moving or minimizing it will take a few seconds... -Why is my computer slower?- Well, let's think about that.. Maybe because you're encrypting every possible alphanumneric sequence within 12 characters? Seriously though, if this is a problem, you can work around this - but only in windows NT. You can use either use the start command when you initially run viper and set the priority, or you can open up task manager and right click on the process, and set the priority that way. --- Revision History --- v1.1 : Ported to windows GUI, made into a single account brute force app. v1.0 : Original command line release, standard cracker. -Hale / admin@deviance.org 02-12-1999