BRUTE: A brute force approach to hacking Unix passwords. Version 1.1

BRUTE: A brute force approach to hacking Unix passwords. Version 1.1

------------------------------------------------------------------------------

Here's how to use it in a nutshell...



Download the passwd file from your local unix site, or have someone download

it for you. It should be in the unix format (that is, line feeds but no

carriage returns) so don't run it through any conversion programs--Brute uses

it "as-is".

To check a single password against your list do this:

BRUTE passwd Password

(that would check the passwd file for the password "Password"). Brute is

case sensitive (just as unix is), so "Password" is different than "password".

To convince yourself that brute actually works you'll probably want to run it

with your password and see that it pulls up your account. It will.

---

Brute can be used with a list of passwords. In this case, edit up a list or

use a pre-made one (one password per line) and call brute like this:

BRUTE passwd @passlist.txt

(where passlist.txt is the name of your list-of-passwords. The @ sign tells

brute that you're using list file). Note that you don't have to use the name

"passlist.txt" for your word list, and you don't have to use the name

"passwd" for the password file. This allows you to keep separate word lists

for different types of unix sites, and separate password files.

Right now that's about it. There are a few enhancements I'm planning in the

future, but this ought to do the trick for you. Any passwords found are

written to the file "PWD_HITS.DAT".

Brute ignores unpassworded and invalidly-passworded accounts automatically,

so you should probably check the passwd file for these babys yourself.

---

Brute is about 25% faster than it's nearest competitor.

Have fun.

Prometheus

---

Version 1.1: Fixed the icky short int bug which causes the "Password"

counter to go negative after 32k attempts (changed to long

int--now it will go negative should you reach 2 billion

attempts in a single setting, which isn't extrememly likely.

Added the "*" password to check for the username as a password

(forward and reversed). Either put * on a line by itself in

your word list file, or call brute like this: brute passwd *

---

Version 2.0: I'm using the fastcrypt routine as ported to DOS by Gandalf and

distributed in OBJ form by sir hackalot. I haven't measured

the speed increase, but it's not as much as I had hoped. Maybe

twice as fast. Anyhow, such is life.

ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ

ÜÝÄ’œ›Š úúúúúúúúúúúúúúú THE HOLLOW'S ALLIANCE úúúúúúúúúúúúúúú AliceÄÞÜ ú

ÜÝÄ (415)849-2688 Ÿ‰‰ë æ"r hîŽë (415)849-2688 ÄÞÜ ú

ÜÝ ÄÄ Ä Ä Ä Ä Ä Ä T-file Distribution Cent-a-RoR Ä Ä Ä Ä Ä Ä ÄÄ ÞÜ ú

ÜÝDr. Murdock ú Powerful Paul ú RatSnatcher ú Sir Death ú Pressed RatÞÜ ú

ÜÝ ÄÄ Ä Ä Ä R o R - A l u c a r d Ä Ä Ä ÄÄ ÞÜ ú

ÜÝÄ The Corporate Headquarters of Shawn-Da-Lay Boy Productions, Inc.ÄÞÜ ú

ÜÝÄúúúú Ø úúúúSmooth is the Descent and Easy is the Wayúúúúú Ø úúúúúÄÞÜ ú

ÜÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛÜ ú

úúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúúú