.°. .°²°. .°±²±°. .°±²²²±°. _°±²²²²²±°_ ~°±±±±±±±±±±±±±±²²²²²²²²²±±±±±±±±±±±±±±°~ ~°±±²²²²²²²²²²²²²²²²²²²²²²²²²²²±±°~ ~°±±²²²²²²²²²²²²²²²²²²²²²±±°~ ~°±±²²²²²²²²²²²²²²²±±°~ ~°²²²²²²²²²²²²²²²°~ _±²²²²²²²²²²²²²²²± _±²²²²²²²²±²²²²²²²²± ±²²²²²²±±° °±±²²²²²²± °²²²²±±°~ ~°±±²²²²° °²²±±°~ ~°±±²²° °±±°~ ~°±±° °±~ S T A R ~±° C R A C K E R v 0.3 á b y T h e S O r C E r E r capsim@papayus.topnet.fr > A u g u s t 1 9 9 6 < ------------------------------------------------------------------------------ DISCLAIMER ------------------------------------------------------------------------------ This program is provided "as is" by The SOrCErEr, with no warranty of any kind, either expressed or implied. The author is not responsible for any use or misuse of this software and for ANY consequences, due to its usage or to any defect of the program, including but not limited to : loss of datas of any kind, of profit, hardware damages, cops knocking on your door, alien invasion, mad cow desease... ! USE STAR CRACKER AT _YOUR_OWN_RISKS_ ! ------------------------------------------------------------------------------ I) Introduction ------------------------------------------------------------------------------ First, I must advice the experimented crackers that there are some details in this file, that they might find stupid; but I've tried to write a documentation for all the users... STAR CRACKER (noted *C) is a Unix passwords cracker for DOS/4GW. The method employed is the brute force attack. The brute force, for those who don't know it, consists in encrypting many words and comparing the results with the encrypted password. This is the only way with the Unix DES, as it's not reversible. Once the password is encrypted, you can't find back the original word. (in fact, it may be possible, but not with the same method, and not with the same machine...;) To use *C properly, you have to download the "/etc/passwd" file from a Unix network to your PC (recent systems use other names, see (III) for more informations). Then, you'll be able to attack the password of any user referenced in the file, according to 2 methods : 1) wordlist With this, *C will try each word of a file against each password selected in the passwd file, with possible manipulations on the original words. (see 'Options') 2) combination With this method, *C will try combinations of characters. Fortunately, it won't try _all_ the combinations (up to 6e16) but only those who seem to form a correct word, according to statistics made on a words file. This method will be especially useful if you try to crack 1 password who resists at the wordlist attack. ------------------------------------------------------------------------------ I and a half) File listing (only two files !) ------------------------------------------------------------------------------ þ STARCRAK.EXE : The program itself (154353 bytes) þ STARCRAK.DOC : This documentation file. You can also use it as a first little passwd file (just to try, if you don't have any) ------------------------------------------------------------------------------ II) The files ------------------------------------------------------------------------------ STAR CRACKER works with many files, don't be lost ! ;) To change a filename, just press the red letter; to edit this file, press ALT-red_letter. You can change the editor path by the c0mmands-menu. To edit this help-file (starcrak.doc) while in the program, press ALT-H or F1. 1) Passwd file This is the file containing all the usernames and encrypted passwords of the users of the system, and some other informations. Here's what it should look like : root:ur/1tzsUmWXK2:0:1:system PRIVILEGED account:/usr/users/root:/bin/csh user1:abhtIHPO06GAs:101:20:name of the guy:/users/something/user1:/bin/csh user2:cdudDg6nVEZGA:102:20:name of the girl:/users/something/user2:/bin/csh user3:efRxqpKNiiMHQ:103:20:name of the dog:/users/something/user3:/bin/csh ... The most interesting field is the second one. These 13 characters form the encrypted password of the user. If you have a '*' instead of these 13 characters for all the accounts, the passwd file is shadowed. In this case, see (III). As well, if you have problems catching the passwd file, see (III) 2) Words file 1,2,3 These files are the wordlists you want to use for your attack; The statistics will also be made on them. The right format is one word per line. 3) Stats file This is the result of the statistics made on the words file(s), and the base for the combination attack. This file could be huge in some cases! 4) pAsswds base This is your actual data base of cracked passwords. Each time *C finds a password, it will be written in this file. At the beginning of each attack, *C will check if the already-cracked-users have changed their passwords. If they don't, *C won't lose any time for them. If they do, they'll be removed from the base. 5) Results file This file is the report of the attack, it will contain all the comments and remarks *C can make during an attack. For example : þ All the informations about the attack (its date, its type, the number of words...) þ If a user has changed his password since the last attack. þ If a power-breakdown has occured, and the date of the restart. þ The date of a password-finding. ... 6) paraMs file This file contains important settings for both combination & wordlist attack. It's constitued by 8 lines of characters. The 4 first lines ('According to statistics') are the characters allowed for the matching position in the word you're searching, according to the stats. That means that if a character from one of these lines don't figure in the stats, it won't be taken in account. The 4 last lines ('According to nothing') are the characters imposed for the matching position in the word. That means that the characters of these lines will be automatically included in the word, even if they don't figure in the stats. - These 4 last lines only concern the combination method. Example for both methods : þ If you've seen that the second letter of the password you want to attack is in the right half of the keyboard, then remove from the second line all the letters of the left half. Therefore, if you try a wordlist attack, only the words whose second letter is in the right half will be taken in account. If you try a combination attack, only the letters of the right half will be tested at the second position of the word. Examples for combination method : þ If you've seen that the last character of the word is '/', then remove all the letters from the line 'last position' of the part 'according to statistics' and put a '/' on the line 'last position' of the part 'according to nothing'. þ If you've seen that the 1st character of the word is either '1' or '2', then remove all the letters of the 1st line and place '12' on the 1st line of the second part of the file. Therefore, all the words tested will begin with a '1' or a '2'. Generally, the 4 last lines are reserved for non-alphabetical characters, which are rare in the stats. For each position, The 'according-to-nothing' characters will be tested before the 'according-to-statistics' ones. If the same character is on both parts of the file on 2 matching lines, then *C will refuse to treat the file. For the combination method, if the maximum length of the tested words is not limited (0), then the line 'last position' won't be taken in account. Instead of it, the line 'middle position' will be used. The line 'middle position' is used for all the middle positionS, that's to say between the second position and the last one. The character just following an 'according-to-nothing-character' will be considered as the beginning of a word (it will be taken in the stats as a word-start). IMPORTANT : You'll see that all the characters on the lines are included into two 'þ' (ASCII 254). This is useful to be sure that no undesirable space is resting at the start or at the end of the line. This character is just a delimiter, and won't be taken in account for the attack, although it's necessary for *C. If the file doesn't exist, it's automatically created when you run *C. 7) Internal usage files In addition to these files, *C uses some files for his internal management : @words@.tmp : Temporary words file @passwd@.tmp : Temporary passwords file @base@.tmp : Temporary passbase file starcrak.cfg : Configuration file, updated each time you quit *C starcrak.log : *C saves its situation in this file. bios.sc : Contains the bios-settings used for the standby option. 8) Other files... STAR CRACKER also needs these two files for the power-breakdown resistance management : þ STARCRAK.AUT : The AUTOEXEC.BAT file of STAR CRACKER, that you can modify... þ STARCRAK.CON : The CONFIG.SYS file of STAR CRACKER, that you can modify... These files are created each time you run STAR CRACKER, if they don't already exist. ------------------------------------------------------------------------------ II) The fields and buttons ------------------------------------------------------------------------------ 1) methoD Toggle between the two methods (wordlist / combination). 2) timeout delaY After this delay, *C will save its current situation (in order to restore the session later) and brutally interrupt itself, as if a power-breakdown had occured. This is useful if you use a programmable cutout-socket... BEWARE : The count of the timeout delay starts when *C starts cracking. In certain cases, some operations made before (especially "counting the number of attempts") can take several minutes when you initially run the attack (when the session is restored, the computed datas are just read in the .LOG file). So be careful if you use a programmable cutout-socket, take account of this delay to program the hour of the cutout. 3) sTatus evaluation every It's the delay between two status-evaluations. These evaluations concern the number of attempts already made, the number of remaining attempts, the time elapsed since the start of the attack, the time remaining, the number of encryptions per second, and the number of attempts per second. These two last values depend on the power of your CPU. I highly recommend to use at least a pentium 120. The Operating System you're using is very important too ! Don't try to run *C under WINDOWS (3.x, 95, NT or any later verslow, hu! 'xcuse me : "version") or OS/2. If you've installed NT or OS/2, use a multiboot. If you're under win95, boot with BootGUI=0 in MSDOS.SYS. In addition, if you run *C under one of these fascist operating systems, all the timings will be wrong, and so will be the performances evaluations... NOTES : þ The time remaining is just an estimation based on the number of attempts per second and the number of attempts remaining, not an exact value. The time remaining and the remaining attempts are of course the maximums for each. þ The number of attempts per second is often different from the number of encryptions per second, because when several users have the same salt, only one encryption is performed althought several attempts are made... þ The time evaluations don't take account of the length of the power breakdows, not even for the elapsed time... 4) saVing situation every This is the delay between 2 situation-savings, useful to restart an interrupted attack (manually or brutally)... The situation-saving updates a file called STARCRAK.LOG. Beware : Every time you run a new attack, this file is overwritten ! NOTES : þ The .log file doesn't contain the file-settings, so when restarting a session, the files will be those of the current config file; so if you change some files before restarting the session, the results may be very wrong! þ To restart a session, you also need the temporary files, that's why *C doesn't delete them when you stop an attack. 5) Options This only concerns the wordlist attack. In this field you will define the modifications to do on each word of the wordlist for a wordlist attack. asis : The words will be tested as they are. r : The words will be tested with their letters in reverse order lo : The words will be converted to lowercase before being tested lor : Lowercase and reverse up : Uppercase upr : Uppercase and reverse upf : First letter uppercase, the others lowercase upfr : First letter uppercase, the others lowercase, and then reverse lof : First letter lowercase, the others uppercase lofr : First letter lowercase, the others uppercase, and then reverse all : All the combinations of lower & uppercases in normal & reverse order => (2^(1+strlen(word)) encryptions for each word of the wordlist against one password. All the preceeding options can be combinated together, except 'all' who cancels the others. pre : The words will be prefixed with a characters string. Only entire words will be tested : If the prefix is 'the ', and the maximum length is 7, then only the words whose length is <=3 will be tested with this prefix. suf : The words will be suffixed with a characters string. Only entire words will be tested. pret : The words will be prefixed with a characters string. All words will be tested. The words exceeding the max length with the prefix will be truncated. suft : The words will be suffixed with a characters string. All words will be tested. IMPORTANT : No option is assumed by default, not even 'asis'. If the only option displayed in the field is 'r', then the words will *only* be tested in reverse order. NOTE : Each option takes the original word, as it is in the file, and performs its own manipulation on it. 6) 1st Bios scan / (no) standby when finisHed These options concern an interesting stuff of *C : When you run the 1st Bios scan, *C will record the current Bios settings, and then reboot your machine. During the boot, press 'Del' to enter the Bios-setup and modify it to the maximum power-saving. Then, you'll have to restart *C, and it will run the 2nd Bios scan, restablish the original settings, and reboot again. Don't worry, you'll have to do that only once; all the datas will be recorded... Then, if the option is activated, when *C has finished his work, it will toggle the Bios settings to those recorded at the second scan, and reboot the machine to make them efficient. Therefore, the machine will quickly turn to power saving mode. Evidently, you can also activate power savings in the 1st Bios scan, but be careful : don't suspend the CPU's work ! ;) You can suspend the hard disk rotation but also take care of the saving-delays : be sure that they won't slow the process by restarting the hard drive rotation. When you will come back, you'll be able to restore the original bios-settings (those of the 1st bios-scan) by the c0mmands menu. In addition, *C sends a out 3F8h,0FFh when he has finished his work (and the same to 2F8h); so if you want to make a hardware cutout... 7) (not) power-breakdoWn resistant Here comes a very useful function : Imagine that you have started a very long attack, on a 8 letters password. This could last up to 1 week, therefore you may want to sleep, go out, work, eat, or whatever... while your computer is computing. Now, imagine that, unfortunately, a power breakdown occurs during the third day... Will you have to restart all from the beginning ? WILL ALL THIS TIME BE LOST ??!?!!!! - No... *C is power breakdown resistant ;) If the option "power-breakdown-resistant" is activated, *C will rename your AUTOEXEC.BAT and CONFIG.SYS and replace them with the files STARCRAK.AUT and STARCRAK.CON generated by the program. Thanks to this, if a power breakdown occurs during his work, *C will automatically be restarted when the power comes back and it will restore his attack at the last saving. At the end of the attack, or if you stop it, your original system files will be recovered. If an accident prevents *C from managing this properly for any mysterious reason, don't worry, your original system files will have the following names: þ AUTOEXEC.SC þ CONFIG.SC But there's another interest : If you have a programmable cutout, you can use it to give a rest to your computer, for example 1 hour out of 12. Therefore you'll be able to let run *C several days along in total security, your computer won't become a toaster ! ;) (this is just for those who don't trust the modern technology ;)) If you do this, use the timeout delay of *C, in order to make sure that it won't be savagely interrupted by the cutout (the cutout won't occur while *C is writing on the disk, which could be dramatic). NOTES : þ In fact, the new AUTOEXEC.BAT file won't be STARCRAK.AUT, but a file containing only one line, calling SC.BAT (The new name of STARCRAK.AUT) þ The files STARCRAK.AUT and STARCRAK.CON are very simple, and you _must_ improve them with some other options, especially the DISK CACHE ! þ If you run once *C from a directory, and decide to move it in another one, delete STARCRAK.AUT before running it again, or else the path of the program in the file STARCRAK.AUT won't be correct... þ If there is any disk-problem after *C has restarted, it will stop at once and go on standby, since the disk problem must be caused by the power breakdown, and writing again on the disk could cause more damages... 8) password attaCked You can directly enter a password in this field, without selecting any user. If a user of the passwd file has this password, then *C will get his name. Even if no user can be associated to the password, the users having the same salt will be attacked too, unless you specified that you don't want it in the c0mmands menu. 9) User name In this field you will enter the name of the user whose account interests you. After you type a username, *C will look for his encrypted password in the passwd file, and place it in the right field. Wildcards (*?.) are allowed. If you use wildcards, the number of users matching the statement will be displayed, and of course, no particular encrypted password will be displayed in the 'password attaCked' field. Examples : * : Will attack every account of the passwd file. c* : Will attack every account whose username begins with a 'c' ... : Will attack every account whose username is 3 characters long ?? : Same thing for 2 charaters long The usage of the wildcards is the same as with Unix or DOS, except that the '.' and the '?' must match exactly one character. STAR CRACKER will extract all the users matching this field in the passwd file to generate his temporary-passwd-file. If some users not extracted have a common salt with some users actually extracted, they'll be also attacked, as that doesn't take any supplementary time. If, for any personnal reason, you want to prevent *C from doing that, use the c0mmands menu. 10) preFix This is the prefix used if the 'pre' or 'pret' option is turned on. 11) suffiX This is the suffix used if the 'suf' or 'suft' option is turned on. 12) now testing (X,Y) During an attack, this field will periodically display the current word being tested against the password. Be careful : The word displayed is not tested until another word is displayed! It's just an indication... the word displayed is the one being tested just when the evaluation occurs... The two numbers X and Y have an important meaning : For both kinds of attack, X will be the minimum length of the words, and Y the maximum length. But some details are different depending on the kind of the attack : þ Wordlist attack If Y is 0, then all the words whose length is >=X will be tested, the words exceeding 8 characters will be truncated. þ Combination attack *C will first test for all the combinations on the shorter lengths. If Y is 0, then the words of 8 characters will be assumed as being truncated.(that's important regarding to the stats) The possibility of assuming that the words are truncated or not is important, because many Unix users don't know that the maximum length of the password is 8 characters, and they often have longer passwords. So if you notice that a person types more than 8 charaters, use the '0' for Y. 13) makE statistics The base for the stats will be the current words file. The bigger is the wordlist, the more accurate are the stats. Before starting to compute the stats, *C will ask the stats threshold, that's to say the minimum number of times that a character must appear in the file to be taken in account in the stats. (generally 1) Here's how *C makes the stats : First, it computes which are the most frequent letters as first letter of a word. This is the first line of the stats. Then, it computes which are the most frequent letters as second letter following each other letter. These are the lines 2-97. Then, it computes which are the most frequent letters as middle letter following each couple of letters. These are the lines 98-9313. Finally, it computes which are the most frequent letters as last letter following each couple of letters. These are the 9314 last lines. NOTE : If you don't have enough memory for the 32-bits tables (they take over 7 Mb), you can choose to use the 16-bits tables. The difference is that if you use a large words-file as base for the stats, the 16-bits tables may be less accurate. CAUTION : This version of *C doesn't check the consistence of the stats ! Be sure to use a large wordlist... 14) attacK! Run the attack with the current settings. During the attack, you can press CTRL-C to stop it (and you'll be able to restart later), or press the space-bar to toggle between *C's screen and an innocent DOS prompt ;) 15) c0mmands Access the commands-menu : þ Dos command. If you run a shell, just quit it with "exit" þ Change the editor path þ Beep when found a password þ Restore the last session, if it was manually interrupted þ Restore the bios-settings of the 1st bios-scan and reboot þ don't attack users not selected, having the same salt as some selected ones Press the colored letter to execute the matching action... ------------------------------------------------------------------------------ III) Technical details ------------------------------------------------------------------------------ 1) How to catch the passwd file ? If your Unix system doesn't have a /etc/passwd file, or if it's shadowed, here's the various filenames of this file depending on the system : Unix Path Token ---- ---- ----- AIX 3 /etc/security/passwd ! or /tcb/auth/files// A/UX 3.0s /tcb/files/auth/?/* BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files// SunOS4.1+c2 /etc/security/passwd.adjunct ##username SunOS 5.0 /etc/shadow System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb * (taken from the alt.2600 FAQ) if the interesting file is protected, here's a little program that will display all the informations of the passwd file. Unfortunately, that doesn't work on *all* systems! :( // Catch the informations of the passwd file, even if the Sysop doesn't want;) // (taken from the alt.2600 FAQ) #include #include int main() { struct passwd *p; while(p=getpwent()) // getpwent is the magic function! ;) printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); return 0; } 2) Material requirements I recommend to use at least a Pentium 120; 8 Megs of RAM are enough for a minimal usage, but 16 Megs are recommended to compute the stats (the 32 bits tables take more than 7 Megs). Be sure to have a sufficient disk space, the stats files can be large sometimes... STAR CRACKER is optimized for Pentium processors. I didn't have much time for that kind of tests, maybe more accurate informations about that in later versions, thanks to your contributions... ------------------------------------------------------------------------------ IV) Various notes ------------------------------------------------------------------------------ 1) Bug reports, comments... For any comments, suggestions, advices, bug reports, benchs or questions about STAR CRACKER (I know this doc is not very clear !), please Email me; Please don't Email me any questions about Unix cracking or whatever : I'm not an expert and there are many FAQs on those subjects... If you report a bug, it must be reproductible, and please try to be accurate (send the cfg & log files, describe exactly what you did... and what you got.) If your contribution is useful, I'll include your name in the doc of the next release in a part called "beta testers"... If you have a faster encryption algorithm who works under DOS/4GW and don't want to code a whole cracker, you can send it to me with your usage-conditions (credits, flashing name on the top of the screen, $100000...;)) Don't worry, they'll be respected (If they are reasonable). I'm also looking for a nice ANSI graphic for the last screen... same thing for the credits. 2) Known bugs & restrictions þ There must be a lot of bugs (this is a beta version!), that's why I didn't use PMWLITE, because it doesn't handle the exceptions. þ The passwords containing aging characters won't be taken in account :( I've no documentation on that subject, except some lines in the alt.2600 faq, but that's not enough... If someone has a good doc on it, please send it to me... Especially I would like to know all the things about the passwd length (isn't it 13 characters anymore ?!!)... þ *C doesn't test by itself all the combinations of 2 characters and the alone characters, as some other crackers do... Yet it's unbelievable that some users have passwords of 4 or 5 charaters... I hope there are NO users who have passwords of 1 or 2 characters ! ;) *C won't either test the GECOS field of the passwd file, neither the username as a password... Maybe that kind of things in a later version... þ As I only used the standard 32-bits arithmetic, it is possible that some values exceed the maximum value of a 32 bits number (attempts, time). If it is the case, instead of the exact values, you'll have the maximum ones, preceeded by a '>'. But with the time, when the values reach the limit, they will circle round and be TOTALLY WRONG! 3) Efficiency Don't expect STAR CRACKER to crack *all* the passwords you want. Some experimented users may have resistant passwords of 8 characters, containing lowercases, uppercases, digits and ponctuation signs... Such a password would take several centuries to crack with a PC (in 1996). 4) Some more info ? If you want some more informations, details or whatever about unix passwords cracking, I recommend to consult the alt.2600 FAQ, this is good! :) There are also many text files on those subjects... Just use a good search- engine... 5) Credits As I used Eric Young's fast-crypt implementation, I have to respect the conditions of his notice (even if I modified his routines a little), so I include his copyright, conditions and disclaimer. THIS ONLY CONCERNS THE ENCRYPTION SYSTEM. ALL OTHER PARTS OF THIS SOFT ARE OWNED BY The SOrCErEr. "Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this code is used in a product, Eric Young should be given attribution as the author of the parts used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@mincom.oz.au) this software is provided by eric young ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. in no event shall the author or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage." 6) Future evolutions The first beta versions of *C were made at the scratch, but the version 1.0 should come out one day of 1997 (maybe in january or february, or never...) and it may include : þ Faster encryption algorithm (if I find one) þ Elimination of some redundant code. þ Multi passwd-file management. þ Possibility to build your own rules of manipulation of the wordlist. þ IPX-Network management for multi-processors attacks. þ More verifications on the statements and files. þ Best I/O interface. þ 64 bits arithmetic. ...and all other interesting stuffs you may suggest me by Email... Please tell me if you want an other release, and which of these evolutions you would like to see first... I need to be encouraged :) 7) Distribution Please distribute STAR CRACKER with its documentation *as is*, give it to all your friendz, put it on some good FTP sites, newsgroups and BBS's, but please don't modify anything in it... ------------------------------------------------------------------------------ V) Historic ------------------------------------------------------------------------------ þ Jully 1996 : v 0.1á þ August 1996 : v 0.2á : "stats file"-bug fixed. þ August 1996 : v 0.3á : - Bug in the evaluation of the number of attempts with the 'all' option corrected. - 'Date of the last saving'-bug fixed. - Some other little bugs (in the results file) fixed. - Nice font added :) ------------------------------------------------------------------------------ Greetingz ------------------------------------------------------------------------------ Greetingz go to all those who love computer-science for itself, not for the money; to all the hackerz of the world... Special greetingz to Sandrine, my parents, my brother, all my family, Zed, sylvain, james, julien, franky, radu, JT, Vince, Eric the gOOd, Daneel, The MaraboO, assarm, sabjul, The*faT, guillaume, loule, CoreD, ron, spock69, thierry, franck, lightman, vector, KoWy, glou, curion, all the #coders and all the others !!!... The SOrCErEr ~~~~~~~~~~~~ capsim@papayus.topnet.fr