FastJack - Unix Password Cracker

@for C Developers
@author Kai Ruhl
@since 1999-06
@load FastJack.tar.bz2

Abstract

The FastJack password cracker is a fast but dumb password cracker for un*x like system password files. In spite of some obscure (more or less) brute force or dictionary approach it simply tests the contents already given in the password file - usually the name, job or similar things.

Anyone who would use that tool, would, theoretically, be amazed about the amount of accounts that one could retrieve using this rather dumb method.

Jumpstart

First, to get it run: U have hopefully unpacked it all into a directory named "FastJack" in which u r now. Run the script "Compile". U should now have a executable "jack". Now u r ready to go. Copy the passwd file to be cracked in the current directory. Then, type "jack <passwd file>". lets assume the passwd file is named "pFile", then type:

jack pFile

Result: there a 3 resulting files (still assuming that the passwd file is named "pFile"):

pFile.pass Contains lines with account name, encrypted password and decrypted passwd. U can instantly use this.
pFile.done Contains original lines from pFile; more specifically, those lines which passwords have been cracked.
pFile.fail Contains original lines from pFile; more specifically, those lines which passwords have *not* been cracked.

The file important for u is "pFile.pass", as it contains the cracked passwords.

The Theory

Ok, why this working approach? FastJack is a *dumb* cracker, thought for a first approach to save cycles. so, my recommended way is:

Run FastJack on your password file (let it be "pFile" again). Take "pFile.pass" into your collection. throw "pFile.done" away. use a *real* password cracker (like "John The Ripper") on "pFile.fail".

Wakarimashita ka? Jack is only the first wash. Next one. What does FastJack exactly test?

  1. Tokens. A token is defined as a word in the description line of the password file, where tokens are divided by " " or ",".
  2. The complete token lowercase.
  3. The complete token uppercase.
To test all upper/lowercase permutations would take too much time (hey, it is *Fast*Jack !). I tried it.

If u want to see more, change the "#undef DEBUG" into a "#define DEBUG" in the FastJack.c file.

Niceties

First, I am fully aware that I am a total C beginner (although I have spent some time with asm, pascal, java). If I have totally overlooked something which could make FastJack much more performant, please mail me at fastjack@land-of-kain.de. Thanx.

Second, the copyleft. This whole here runs under GNU Public License. Basically it means the source is free, as long as u deliver everything derived from it *always* with source and the right to modify.

Third, social. There is always this girl or guy in your neighbourhood, hacking talented but totally "dont-know-how". Help her/him. Makes a better world ;-)

So long, and thanx for the fish!

  - KNR

EOF (Aug:1999)