[techtalk] Re: Using Crack 5.0

Steve Kudlak chromexa at ovis.net
Sat Dec 4 13:50:26 EST 1999

subb3 at attglobal.net wrote:

> Thanks to all who replied. I needed to first, merge the local passwd file
> with the shadow password file. After that, I ran Crack on the merged file
> and cracker was running in the background.
> I have also tried Jack the Ripper, which is pretty good and easy to use.
> Both the programs are CPU intensive. Very CPU intensive. I have interrupted them
> after a 30 hours of running. The password files are short. Some of the you
> who replied had thousand+ passwords to crack. What kind of machine did you use
> and for how long?
> To speed up the testing, where can I find other dictionaries?
> I noticed one other thing, which is about application accounts. For an application,
> I create an account, which lists in the shadow file as:
> xyzapp:!:21483:0:99999:4:::
> The user accounts on the other hand were listed as:
> user1:ukXj89DjekEYQ:21586:0:99999:8:::
> Crack nor JR, tried anything on the application accounts. They tested only
> the user accounts. Is it because the encrypted password existed in the 2nd
> field? How does one test the integrity of the application accounts?
> Thank you once again.
> Subba Rao
> subb3 at attglobal.net
> http://pws.prserv.net/truemax/
> http://www.smcinnovations.com
> ************
> techtalk at linuxchix.org   http://www.linuxchix.org

People have gotten wise to lots of this. It used to be simple, find a military site on
the old ARPANET.  Run a test for girls names, and you'd get 100s of hits out of a list
of about 1000 users, 300 active. The brass as the military calls them, where a bit
better. But often then it was kids names, so just try baby name books for various eras.
But people have been warned and warned. Fro awhile XEROX would toss back at you any
password that was in Webster's.

But even if you set you password to Khajuraho (site of famous temple in India) dunno
how many hits you are going to get cracking.. OR if you mix theatrical and
pharmaceutical instructions adlibprn or ADlibPRN, those might be relatively difficult.
Using simple words from the Japanese dictionary was also pretty immune like SHASHIN
(photograph) but I assume that some one could get *** DAIJIN (Dictionary) and try, but
the number of words gets up there. In case sensitive systems, changing cases, or
pulling the GA3RY or MA3RY,
where as we all know the 3 is silent. :) helps. A more complex string would fix things.
So there is a number of things to do to defeat cracking programs while having passwords
that can be remembered. I mean I dunno if things like 4ANDROSTENEDIOL is that
vulnerable unless it becomes common.

This may have been why the big worry according to cert.org is unsecured linux systems
with a vulnerable port 98 have been the victims of sniffer attacks. Out of curiosity
one should try xyzzy and any capitilzation variants and other DND magic words. Of
course letters and number, case hacks should be tried on any of these. In the case of
crackers,  just like anything else, read the code. Most of them "try easy stuff first"
and then go to "brute force" (going word by word through the dictionary). I did see one
that tried the top 10,000 English words before going to "brute force" or "Simple Linear
Search through the dictionary." One did try looking seeing if the persons name was
chinese or japanese and trying a 10,000 common word search. It's the "brute force" or
"simple linear search" and that's where cpu intensive comes in."

So I'd say read the code, look at what you have. It has been a decade or so since I was
a network admin with security responsibility, so that I could do this honestly. So some
of this is old hat, but my sneaking suspicion is this is why sniffers are in these
days. I guess if I get a LINUX release with a sniffer I could read the code or read
Cult of the Dead Cow's sniffer code. So I hope that helps . I said some of this before
but ass ANdre Gide once said: "All this was said but (nobody/few) were listening, so it
bears repeating."

Have Fun,
Sends Steve

P.S. If I were to anything like this it would be to try to build an Echelon Style
"Vacuum Cleaner" to determine without looking at anything too private my web page
visiting habits and such. But I may have other fish to fry as they say.

techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list