Lesson 1 for Newbies by kM webmaster @ hackersclub.com Read the Following then download the .ZIP file for a learning experience of a lifetime ================================================================== This text file is meant to teach people how easy it is to crack passwd. This file isn't shadow'd (which means the system adminstrator isn't a very good one and protection wasn't setup correctly. Anyone could have log'd in with anonymous access and obtained a copy of the passwd file. Sometimes its common for System Admins to make dummy passwd files, this wasn't the case. I verified whether or not this was the real passwd file and after cracking a few accounts, I decided to test them. Guess what they worked). I choose not to use them because its against the law. I sent the system admin a message saying they had a problem and they needed to fix it. ** DISCLAIMER ** This is to be used strictly for informational purposes ONLY! I will not be held responsible for misuse and abuse of this information. This is just a lesson. ** ** Today people choose bad passwords to use, why? Users want a password they can remember. Most ISPs allow people to use first names, last names as passwords. (keep this in mind when cracking passwd). Lots of people try to fake it by putting a name plus a digit after it. (Trudy1). When you crack this file you will see up front how poor some of the passwords are. Anyhow, here is a recent passwd file taken from somewhere (I'm not going to tell you, so don't ask) You can use either Cracker Jack (found in the files area) or John the Ripper (UCF's PW Cracker) also found in the files area. The difference between the two programs? Crackerjack is picky about what drivers and devices are loaded into memory. Thus a clean boot is required to run it. John the Ripper isn't picky and runs in a dos box in Windows 95 just fine. John the Ripper also uses the Pentium processor better and runs quicker than Crackerjack. ** Just a note ** I have put together a Cracker Jack FAQ in the files area if you want some more reference. Its also included in the Lesson1.zip file. The choice is yours. I personally use John the Ripper. Download Lesson1.zip It has the following files... puffs.dic <- Cracker Jack's Default Dictionary hackme.txt <- Passwd file info.txt <- This information file cjack.faq <- Cracker Jack FAQ written by kM Put those files into the directory of your cracker. Invoke your cracker to crack that password file. For John the Ripper the command line is... john -w:puffs.dic hackme.txt (to see a list of the switches just type john) The cracker will load and attempt to crack the passwd file. It will crack these files and show you ouput on the screen. password - Userid For Cracker Jack the command Type Jack (hit enter) It will ask for the pwfile (hackme.txt) then the wordfile (puffs.dic) Now you can also use other dictionaries or create your own in a text editor like notepad or edit. PWfile(s) : hackme.txt Wordfile : puffs.dic It will ouput what it cracks to the screen and create a file called jack.pot or john.pot. You won't have to write this down..with cracker jack it will store the cracked ids into a file called jack.pot. You can use a program that comes with Cracker Jack called jackpot.exe to write a text file for you with the information and everything. This is what you do after you are finished cracking the passwd file. jackpot hackme.txt > cracked.txt jackpot reads the passwd file and compares it to Jack.pot and the > means pipe it to a text file cracked.txt is a name I made up. Name it anything you want. After you do this your cracked.txt should look like this... PWfile(s) : hackme.txt gkantor:marika:3009:301:George Kantor:/u3/gkantor:/bin/ksh 1 account cracked, 885 left. Have fun. Download the ZIP file for your learning experience See how other crackers do it hands on Now get cracking...hope you learn something. This file is meant to show newbies how easy it is to crack a password file. The hard part is getting them. :)