--- crack-5.0a.orig/Crack.make +++ crack-5.0a/Crack.make @@ -0,0 +1,210 @@ +#!/bin/sh +### +# This program was written by and is copyright Alec Muffett 1991, +# 1992, 1993, 1994, 1995, and 1996, and is provided as part of the +# Crack v5.0 Password Cracking package. +# +# The copyright holder disclaims all responsibility or liability with +# respect to its usage or its effect upon hardware or computer +# systems, and maintains copyright as set out in the "LICENCE" +# document which accompanies distributions of Crack v5.0 and upwards. +# +# This is the Crack.makeonly version which *only* compiles the utilities +# under run/dir used for Crack +# +# This program was made based on Crack by Javir Fernandez-Sanguino +# for the Debian GNU/Linux distribution + +### +# User-configurable junk for Crack +### + +# nice, generic path (RedHat Linux, Solaris1, Solaris2) +CRACK_PATH=/usr/local/bin:/usr/ccs/bin:/usr/sbin:/sbin:/usr/bin:/bin:/usr/ucb:/usr/etc:$PATH + +# compiler options for crack 5.0 +# +# -DUSE_BZERO /* add this to C5FLAGS if you don't have memset() */ +# -DUSE_MALLOC_H +# -DUSE_PWD_H +# -DUSE_SIGNAL_H +# -DUSE_STDLIB_H +# -DUSE_STRINGS_H +# -DUSE_STRING_H +# -DUSE_SYS_TYPES_H +# -DUSE_UNISTD_H +# -DMAXWORDLEN= /* ignore if you don't read the code */ +# -DNUMWORDS= /* ignore if you don't read the code */ +# -DSTRINGSIZE= /* ignore if you don't read the code */ + +# this set tested on: +# - solaris 2.5 +# - redhat linux 4.0 +# - digital unix v4.0 + +C5FLAGS="-DUSE_STRING_H -DUSE_STDLIB_H -DUSE_SIGNAL_H -DUSE_SYS_TYPES_H -DUSE_UNISTD_H -DUSE_PWD_H" + +# +# now pick your compiler +# + +# vanilla unix cc +#CC=cc +#CFLAGS="-g -O $C5FLAGS" +#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD MD5 + +# gcc 2.7.2 +CC=gcc +CFLAGS="-g -O2 -Wall $C5FLAGS" +LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD MD5 + +# digital unix v4.0, CFLAGS for ev4/ev5 chipsets (pick one) +#CC=cc +#CFLAGS="-O4 -fast -tune ev4 $C5FLAGS" +#CFLAGS="-O4 -fast -tune ev5 $C5FLAGS" +#LIBS= + +# Uncomment the next two lines if a) you are running Crack in +# networking mode, and b) your environment's operating system will not +# necessarily run binaries compiled on other revs of the same +# operating system which have the same architecture and the same +# *MAJOR* revision number. +# +# eg: if you have Foonix 2.0 boxes as well as Foonix 2.1 boxes; in +# this example, the major revision number is "2". If the Foonix 2.1 +# O/S will not run Foonix 2.0 binaries for some reason, or vice-versa, +# then uncomment these lines. + +#STRICT_OSREV=yes +#export STRICT_OSREV + +# Uncomment and/or modify on HP/UX or similar where the UCB "rsh" +# command has been renamed. See scripts/crack-rsh also +#CRACK_RSH=remsh +#CRACK_RCP=rcp + +########################################################### +########################################################### +#################### THAT'S ALL, FOLKS #################### +#### NOW GO CONFIGURE YOUR CRYPT ALGORITHM, EG: LIBDES #### +########################################################### +########################################################### + +### +# security +### + +umask 077 +export CRACK_PATH # So it can be picked up later +PATH=$CRACK_PATH # For temporary use... +export PATH + +### +# Defaults +### + +usage="Usage: Crack [options] [bindir] [[-fmt format] files]..." + +version="5.0a" # version string +deffmt=trad # for default trad2spf +dodie="" # for verbose usage/die +debug="false" # ...guess... +node=`uname -n` # more portable then `hostname` + +### +# home base +### + +CRACK_HOME=. + +if cd $CRACK_HOME +then + CRACK_HOME=`pwd` +else + echo "Fatal Error: $CRACK_HOME: cannot chdir" 1>&2 + exit 1 +fi + +export CRACK_HOME + +### +# sanity check +### + +if [ ! -f "$CRACK_HOME/Crack" ] +then + echo "Fatal Error: $CRACK_HOME: something weird going down" 1>&2 + exit 1 +fi + +### +# Hierarchy +### + +for dir in lib lib/bin +do + test -d $dir || mkdir $dir || exit 1 +done + +### +# Flagwaving +### + +echo "Crack $version: The Password Cracker." +echo "(c) Alec Muffett, 1991, 1992, 1993, 1994, 1995, 1996" +echo "System:" `uname -a 2>/dev/null` +echo "Home: $CRACK_HOME" +echo "Invoked: $0 $*" + + +### +# Sanity test bindir - written in gruntscript for clarity. +### + +bdname=`scripts/binstamp 2>/dev/null` + +if [ "x$bdname" = "x" ] +then + echo "Crack: error: cannot continue as binstamp returned empty string" 1>&2 + exit 0 +fi + +echo "Stamp: $bdname" +echo "" + +bindir=lib/bin/$bdname + + +### +# Reset PATH in advance +### + +PATH=$CRACK_HOME/scripts:$CRACK_HOME/$bindir:$PATH +export PATH + +### +# Make the binaries +### + +echo "Crack: making utilities in $bindir" + +if [ ! -d $bindir ] # small redundancy, big benefit +then + mkdir $bindir || exit 1 +fi + +make clean || exit 1 + +make ARGS="\"XDIR=../../$bindir\" \"XCFLAGS=$CFLAGS\" \"XCC=$CC\" \"XLIBS=$LIBS\"" utils || exit 1 + +### +# Make Only ? +### + +if [ "x$makeonlyflag" != "x" ] +then + echo "Crack: makeonly done" + exit 0 +fi + +exit 0 --- crack-5.0a.orig/c50-faq.txt +++ crack-5.0a/c50-faq.txt @@ -0,0 +1,303 @@ + + _________________________________________________________________ + + FAQ for Crack v5.0a + + Copyright (c) Alec Muffett, 1999, 2000, 2001 + Revised: Wed Mar 21 02:38:38 GMT 2001 + _________________________________________________________________ + + Download + + * Where can I go to download Crack? + Last time I checked: (12 June 2000) + [1]ftp://ftp.cerias.purdue.edu/pub/tools/unix/pwdutils/crack + [2]ftp://ftp.cert.dfn.de/pub/tools/password/Crack/ + With more dictionaries/wordlists available at: + [3]ftp://ftp.cerias.purdue.edu/pub/dict + [4]ftp://ftp.ox.ac.uk/pub/wordlists + A PGP signature to validate the contents of any download you might + find, is [5]available here. My key is on the keyservers. + * Can you send me the README for Crack? + Better yet, there's a copy of it [6]right here. Read it yourself. + * I can't download Crack! Will you please e-mail it to me? + Sorry, but no. It's too big for me to be mailing it to people who + invariably then tell me that it's in the wrong format for them + anyway, or who want to use it on Microsoft Windows. (see below) + _________________________________________________________________ + + Trolls [7][MORE] + + * How can I run Crack on a Win98/WinNT/MS-DOS system? + You can't. Crack is Unix software, written for Unix systems and + running primarily on Unix systems, and if you don't know what Unix + is, then you don't need to know about Crack. + * Can you hack this guy's account/password/computer for me? + Probably, but I am not going to; now be a good little trog and run + along and report yourself to your local police authorities, + please... + * Can you give me a Crack for TombRaider/Carmageddon/FinalFantasy? + Oh, go away and get a life, you horrible little oik. + * H3Y D00D - WAr3 KaN 1 BuY CRACK?!?!! + I am reliably informed that the answer to this is "any + street-corner in Oakland" - but being based in the UK I cannot + vouch for the accuracy of this statement. + _________________________________________________________________ + + Technical + + * When I run Crack, it says "Done." and exits immediately, and there + are no results when I run the Reporter script; why is this? + Crack is an unusual Unix program - it runs the actual cracking + process in the "background"; when you type: + Crack passwd.txt + ...or whatever, the Crack wrapper-script launches a background + process called crack-pwc, and it is this which guesses passwords. + It is crack-pwc that will run for a long time, and if you do: + ps -auxww ...or... + ps -ef + ...after running Crack, then you should see a copy of crack-pwc + running merrily in the background; ideally you should only have 1 + copy of crack-pwc running, for each CPU in your machine. + * How long does crack-pwc run for? + Hard to say, since this will depend upon the number of passwords + that are being cracked, and the speed of your machines. + The short answer is: at least hours, probably days, possibly + weeks. + The longest single continuous Crack run I have ever done, lasted a + little under seven months non-stop on a little-used Sun 4/330, + back in 1991. With faster CPUs available nowadays, things are + less-bad. + * How do I add a list of my own words to the Crack dictionaries? + Move the file containing the list of words into the dicts/1 + directory and do make rmdict in the Crack home directory; the + words will be merged, the next time you run Crack. + That's all you have to do; you may choose to compress or gzip your + wordlist file, if you like - Crack will automatically unpack it + when it needs it - but it is not essential. + * What are all the ".dwg" extensions on the Crack dictionary files + for? + Crack has a custom, built-in dictionary compression tool called + DAWG (Directed Acyclic Word Graph) which preprocesses sorted lists + of words to remove redundancy and make tools like gzip more + effective. + Don't worry about it - it's not something that's likely to ever be + needed by you in normal Crack usage. + * Where can I get more wordlists? + Last time I checked: + [8]ftp://ftp.ox.ac.uk/pub/wordlists/ + * On RedHat-based Linux distributions, Crack doesn't run, and I get + messages like this: + ../../run/bin/linux-2-unknown/dictfilt dictfilt.c elcid.o + .../../run/bin/linux-2-unknown/libc5.a + cc: elcid.o : No such file or directory + make[1]:***[../../run/bin/linux-2-unknown/dictfilt] Error 1 + make[1]: Leaving directory `/crack/c50a/src/util' + make[1]:*** [utils] Error 1 + It's a known problem: unfortunately the crypt() routine has now + been unbundled from libc in many operating systems, and linkers + tend to be more strict (or perhaps boneheaded?) than they used to + be. + Here is a [9]replacement for src/util/Makefile which should + alleviate the problem. Like all Makefiles, it requires + preservation of its TAB structure to work properly, so if your + "make" program complains about: + *** missing separator. Stop. + ...or similar, please try saving the file properly using your + browser function, and not just cutting and pasting out of the + browser window. + * I want to produce reports of crackable passwords which do not + actually contain the plaintext password itself. How do I do this? + This is easily achieved by tweaking the "Reporter" script in + Crack5.0; a little examination of the code, and it should be + obvious what to do. + * I want to compose my own rulesets; where can I find documentation? + Documentation on the rulesets is a bit scanty, but this [10]file + should be of help. + * I want to use Crack to check users' passwords when they are + changing them; can I do this? + Yes, however you ought to be looking at my CrackLib software which + does this, and not Crack itself. + * Crack 4.x used to have this really neat feature where it would + store passwords that it had not managed to guess, and it would not + bother to attack them again next time. Why doesn't 5.x do this? I + want this functionality back! + I removed this functionality because many Crack users were not + bothering to clear out the history of so-called "unguessable" + passwords every few months; the point was that a password that was + unguessable one month, might become guessable the next month, when + other updates/additions might have been added to the password map, + providing more guessing material for Crack. + People who want to reduce Crack runtime by only running it against + new additions and changes to the password file, are encouraged to + explore the opportunities that are afforded by the Unix commands + sort and comm, which can enable equivalent functionality in a + matter of seconds. + Keeping a sorted copy of the last password file you cracked, and + running comm against it and a sorted copy of the new password + file, will print any differences. Save these, and run Crack on + that data. + Users are still recommended to try Cracking the whole password + file, in one big chunk, changed or unchanged, at least + occasionally. + _________________________________________________________________ + + Miscellany + + * Is Crack supported? + I fix bugs as/when I may, and occasonally post new revs to the + net. Given how stupid people generally are regarding computer + security, I can forsee doing this until the day I die. I can + usually be persuaded to answer questions for beer. + * Is Crack Y2K Compliant? + Probably. If it isn't, I am sure I'll find out eventually. + * We'd like to use Crack for inclusion in a commercial product or + software distribution; is that OK? + Please ensure that you have read the software LICENSE file, and + double-check with me via e-mail if necessary. + * We'd like to license Crack for inclusion in a commercial product; + we'd like you to sign this disclaimer and contract and mail/fax it + back trans-atlantic to our legal department in California, because + it's obviously to your benefit that you do so. + Thank you for the contract documents. I shall frame them and put + them on the wall with the others in the toilet. Now kindly go read + the LICENSE file, and e-mail me if you have any questions, + although be aware that your response may be delayed by my rolling + on the floor in hysterical laughter. + * Would you consider enhancing Crack to run {on a cluster, in an SMP + or threaded environment, using MPI, PVM, POSIX threads, or alike}? + Ah, this old chestnut; there is a note in the Crack5 distribution + about this. Basically: because of the nature of the data being + cracked, there is no real advantage in threading the code. It's + easiest as one-process-per-CPU. + Consider: most of the point of threading and/or vector operations + and/or parallelisation is to take advantage of many/optimised CPUs + to do the same computational task in parallel/simultaneously/in + one operation. + The function of Crack is to try as efficiently as possible (ie: + once only) each of several million possible password guesses + against the distinct ciphertexts of several thousand users. + ie: to do several billion computationally *distinct* things. + It is (regrettably) in the nature of cryptography that generation + of each password hash (ie: call to crypt()) is of a + mostly-computationally-distinct nature, and that the only way to + use parallelization to speed this up would involve writing a + highly architecture-specific parallel-crypt() implementation, + which is not economically viable to create when compared to + equivalent serial password-cracking programs. + in short: if a one woman can make a baby in nine months, this does + *not* mean that nine women can make one baby in one month. + instead: nine women make nine babies in nine months, and all of + those nine babies arrive simultaneously at the *end* of the nine + months. + of course, if we *could* parallelise baby-creation, we would get + one baby per month for nine months, but the problems of locking, + surgery, gene-splicing and baby-fragment-reassembly would drag + down the time, raise overheads and costs, and in the end yield + exactly the same end-result as the serial-baby-creation-method. + 8-) + * Oh go on - surely there must be some way to parallelise cracking + operations? + Well, it depends on what I/you mean by "making it parallel"; if by + that you mean "creating a password hashing algorithm that makes + effective use of multiple CPUs to speed the essentially linear + crypt() mechanism" - then no, I don't believe it'd be viable + (without specialist hardware) because the process of getting a + password from an un-hashed state (say: Utah) to a hashed one (say: + California) is most quickly achieved by dropping the data onto a + single CPU (say: a Porsche 911) and driving non-stop. + The only overhead here is (of course) in tuning your algorithm for + your specific CPU architecture, to most closely resemble a Porsche + 911. + Nowadays, with locking overhead and synchronisation, using + traditional multi-cpu parallelisation and threading would be more + akin to hitch-hiking the length of the trip. + That said: there exists a technique called "bitslicing" which alas + is complicated to do unless you're a crypto geek, but which + basically involves packing as many people as feasible into your + Porsche and occasionally stopping in order to rotate their + positions. + In other words: on a 32-bit architecture you use bit-1 of your + datapath to do encryption operations that are pertinent to one + encryption, and you use bit-2 in order to do a second, bit-3 in + order to do a third, and so forth, achieving parallelism of up to + 32 crypt-calls this way... on a 64-bit architecture, of course you + do 64 at once. + (This technique was first written up by Biham several years ago, + but I may have thought of the idea first, though I never managed + to finish implementing it. I called the idea "polycrypt", + conceived on a bus trip returning from a bash in London with Paul + Leyland, and it was the main reason that I introduced the ELCID + interface into Crack5; the date on my code is mid-1994 but i don't + know when the bitslicing paper was conceived. Either way, I never + did anything with it - I got swamped by what to do with S-boxes - + so what the hell...) + You may realise now why I got out of the business of binding a + specific crypt() algorithm into Crack as early as possible. + In-between this sort of bit manipulation and/or issues of + pipelining, branch-delay slots, and use/avoidance of bizzare + multimedia CPU instructions to do the hard work for you in + hardware, I came to conclude that hacking crypt() routines was a + game for masochists. + * How does the DAWG dictionary-compression algorithm work? + Essentially it is a preprocessor for gzip that removes redundancy + from a sorted list of words, and typically shrinks an input + wordlist by some 50% without negatively impacting gzip's ability + to further compress the file. + In the new version of the DAWG code - slightly improved over the + version that ships with Crack v5.0, but fundamentally the same - + all you need do is: + 1. sort the wordlist into normal Unix order. (beware + localization!) + 2. for each word that the DAWG preprocessor reads... + 3. count how many leading characters it shares with the previous + word that was read... + 4. encode that number as a character from the set [0-9A-Za-z] + for values 0..61 (if the value is >61 then stop there) + 5. print said character (the encoded number) and the remaining + stem of the word + 6. end-for-loop + eg: + + foo + foot + footle + fubar + fub + grunt + compresses to: + + #!xdawg magic header + 0foo first word has no letters in common with anything + 3t next has three letters in common, and a 't' + 4le "foot" + "le" + 1ubar "f" + "ubar" + 3 "fub" + "" => truncation + 0grunt back to nothing in common + Inspiration for using DAWG in Crack came from Paul Leyland back in + the early 1990s, who mentioned something similar being used to + encode dictionaries for crossword-puzzle solving programs; we + continue to be astonished at how effective DAWG is on sorted + inputs without materially impacting subsequent compression (ie: + gzip); a gzipped-DAWG file is also typically about 50% of the size + of the gzipped non-DAWGed file. + Just goes to prove that knowledge of the sort of input you'll be + dealing with, can beat a general-purpose program hands-down; there + are also interesting conclusions that can be drawn regarding the + entropy of human languages after sorting. + _________________________________________________________________ + + [INLINE] + +References + + 1. ftp://ftp.cerias.purdue.edu/pub/tools/unix/pwdutils/crack + 2. ftp://ftp.cert.dfn.de/pub/tools/password/Crack/ + 3. ftp://ftp.cerias.purdue.edu/pub/dict + 4. ftp://ftp.ox.ac.uk/pub/wordlists + 5. file://localhost/extra/desarrollo/jfs/debian/security/DO/crack/crack-5.0a/c50a.tgz.asc + 6. file://localhost/extra/desarrollo/jfs/debian/security/DO/crack/crack-5.0a/c50a.txt + 7. file://localhost/extra/desarrollo/jfs/debian/security/DO/crack/crack-5.0a/crack-users.txt + 8. ftp://ftp.ox.ac.uk/pub/wordlists/ + 9. file://localhost/extra/desarrollo/jfs/debian/security/DO/crack/crack-5.0a/c50-linux-util-makefile.txt + 10. file://localhost/extra/desarrollo/jfs/debian/security/DO/crack/crack-5.0a/c50-rules.txt --- crack-5.0a.orig/Makefile +++ crack-5.0a/Makefile @@ -39,17 +39,17 @@ tidy: clean -scripts/plaster -scripts/fbmerge - -rm -f run/[DIEGTKM]* - -rm -f run/dict/gecos.* - -rm -f run/dict/gcperm.* + -rm -f lib/[DIEGTKM]* + -rm -f lib/dict/gecos.* + -rm -f lib/dict/gcperm.* spotless: tidy - -rm -rf run/bin + -rm -rf lib/bin rmdict: - -rm -rf run/dict + -rm -rf lib/dict clobber: spotless rmdict - -cat run/F-merged >> F-merged.save - -rm -rf run + -cat lib/F-merged >> F-merged.save + -rm -rf lib ( cd extra ; make clean ) --- crack-5.0a.orig/Crack +++ crack-5.0a/Crack @@ -15,74 +15,6 @@ # nice, generic path (RedHat Linux, Solaris1, Solaris2) CRACK_PATH=/usr/local/bin:/usr/ccs/bin:/usr/sbin:/sbin:/usr/bin:/bin:/usr/ucb:/usr/etc:$PATH -# compiler options for crack 5.0 -# -# -DUSE_BZERO /* add this to C5FLAGS if you don't have memset() */ -# -DUSE_MALLOC_H -# -DUSE_PWD_H -# -DUSE_SIGNAL_H -# -DUSE_STDLIB_H -# -DUSE_STRINGS_H -# -DUSE_STRING_H -# -DUSE_SYS_TYPES_H -# -DUSE_UNISTD_H -# -DMAXWORDLEN= /* ignore if you don't read the code */ -# -DNUMWORDS= /* ignore if you don't read the code */ -# -DSTRINGSIZE= /* ignore if you don't read the code */ - -# this set tested on: -# - solaris 2.5 -# - redhat linux 4.0 -# - digital unix v4.0 - -C5FLAGS="-DUSE_STRING_H -DUSE_STDLIB_H -DUSE_SIGNAL_H -DUSE_SYS_TYPES_H -DUSE_UNISTD_H -DUSE_PWD_H" - -# -# now pick your compiler -# - -# vanilla unix cc -CC=cc -CFLAGS="-g -O $C5FLAGS" -#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD MD5 - -# gcc 2.7.2 -#CC=gcc -#CFLAGS="-g -O2 -Wall $C5FLAGS" -#LIBS=-lcrypt # uncomment only if necessary to use stdlib crypt(), eg: NetBSD MD5 - -# digital unix v4.0, CFLAGS for ev4/ev5 chipsets (pick one) -#CC=cc -#CFLAGS="-O4 -fast -tune ev4 $C5FLAGS" -#CFLAGS="-O4 -fast -tune ev5 $C5FLAGS" -#LIBS= - -# Uncomment the next two lines if a) you are running Crack in -# networking mode, and b) your environment's operating system will not -# necessarily run binaries compiled on other revs of the same -# operating system which have the same architecture and the same -# *MAJOR* revision number. -# -# eg: if you have Foonix 2.0 boxes as well as Foonix 2.1 boxes; in -# this example, the major revision number is "2". If the Foonix 2.1 -# O/S will not run Foonix 2.0 binaries for some reason, or vice-versa, -# then uncomment these lines. - -#STRICT_OSREV=yes -#export STRICT_OSREV - -# Uncomment and/or modify on HP/UX or similar where the UCB "rsh" -# command has been renamed. See scripts/crack-rsh also -#CRACK_RSH=remsh -#CRACK_RCP=rcp - -########################################################### -########################################################### -#################### THAT'S ALL, FOLKS #################### -#### NOW GO CONFIGURE YOUR CRYPT ALGORITHM, EG: LIBDES #### -########################################################### -########################################################### - ### # security ### @@ -330,32 +262,8 @@ ### PATH=$CRACK_HOME/scripts:$CRACK_HOME/$bindir:$PATH -export PATH - -### -# Make the binaries -### - -echo "Crack: making utilities in $bindir" - -if [ ! -d $bindir ] # small redundancy, big benefit -then - mkdir $bindir || exit 1 -fi +export PATH -make clean || exit 1 - -make ARGS="\"XDIR=../../$bindir\" \"XCFLAGS=$CFLAGS\" \"XCC=$CC\" \"XLIBS=$LIBS\"" utils || exit 1 - -### -# Make Only ? -### - -if [ "x$makeonlyflag" != "x" ] -then - echo "Crack: makeonly done" - exit 0 -fi ### # Make the dictionary passes @@ -460,7 +368,7 @@ shift done | - crack-sort -t: +1 + crack-sort -t: -k 1 ) 3>&1 | fbfilt $crackfb $crackmf > $crackin # remove feedback-guessable users --- crack-5.0a.orig/c50-faq.html +++ crack-5.0a/c50-faq.html @@ -0,0 +1,582 @@ + + + +Crack Password Cracker FAQ + + + + +
+

FAQ for Crack v5.0a

+ +Copyright (c) Alec Muffett, 1999, 2000, 2001
+Revised: Wed Mar 21 02:38:38 GMT 2001 + + +

+ +

+

Download

+ + + +
+

Trolls [MORE]

+ + + +
+

Technical

+ + + +
+

Miscellany

+ + +
+ + + --- crack-5.0a.orig/scripts/smartcat +++ crack-5.0a/scripts/smartcat @@ -57,11 +57,12 @@ echo "$0: error: ran off end of filename" 1>&2 exit 1 ;; - *.Z) - exec uncompress | - $0 -backend `basename $file .Z` ;; +# *.Z) +# Gnu's gzip can also umcompress .Z files +# exec uncompress | +# $0 -backend `basename $file .Z` ;; - *.z) + *.z|*.ZZ) ( gzip -d || ( cat >$PCATF; pcat $PCATF ; rm -f $PCATF ) ) 2>/dev/null | $0 -backend `basename $file .z` ;; --- crack-5.0a.orig/scripts/netcrack +++ crack-5.0a/scripts/netcrack @@ -1,4 +1,4 @@ -: # -*- perl -*- +#!/usr/bin/perl ### # This program was written by and is copyright Alec Muffett 1991, # 1992, 1993, 1994, 1995, and 1996, and is provided as part of the --- crack-5.0a.orig/scripts/binstamp +++ crack-5.0a/scripts/binstamp @@ -14,6 +14,13 @@ RELEASE=`uname -r` ARCH=`uname -p || arch || uname -m` +# For Debian we do *not* want architectures, this is handled +# by the different packages +if [ -f /etc/debian_version ] ; then + echo "debian" + exit 0 +fi + case $ARCH in i486) ARCH=i386 ;; x86) ARCH=i386 ;; --- crack-5.0a.orig/src/util/Makefile +++ crack-5.0a/src/util/Makefile @@ -1,6 +1,6 @@ ### # This program was written by and is copyright Alec Muffett 1991, -# 1992, 1993, 1994, 1995, and 1996, and is provided as part of the +# 1992, 1993, 1994, 1995, 1996 & 1997, and is provided as part of the # Crack v5.0 Password Cracking package. # # The copyright holder disclaims all responsibility or liability with @@ -9,13 +9,12 @@ # document which accompanies distributions of Crack v5.0 and upwards. ### -CFLAGS= $(XCFLAGS) -I../lib +CFLAGS= $(XCFLAGS) -I../lib -D_XOPEN_SOURCE CC= $(XCC) XLIB=$(XDIR)/libc5.a $(XLIBS) EXE= $(XDIR)/dawg \ - $(XDIR)/dictfilt \ $(XDIR)/kickdict \ $(XDIR)/cracker @@ -42,21 +41,25 @@ $(XDIR)/stdlib-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) + $(CC) $(CFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) date > $@ $(XDIR)/libdes-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../libdes/libdes.a + $(CC) $(CFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../libdes/libdes.a date > $@ $(XDIR)/ufc-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -DINITDES -DFCRYPT -c elcid.c $(CC) $(CFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../ufc-crypt/libufc.a + $(CC) $(CFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../ufc-crypt/libufc.a date > $@ $(XDIR)/gnu-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../crypt/libufc.a + $(CC) $(CFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../crypt/libufc.a date > $@ #------------------------------------------------------------------ @@ -64,13 +67,7 @@ $(XDIR)/dawg: dawg.c $(XLIB) $(CC) $(CFLAGS) -o $(XDIR)/dawg dawg.c $(XLIB) rm -f $(XDIR)/xdawg - ln $(XDIR)/dawg $(XDIR)/xdawg - -#------------------------------------------------------------------ - -# don't you just love dependency graphs? -$(XDIR)/dictfilt: dictfilt.c $(XLIB) $(XDIR)/cracker - $(CC) $(CFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) + ln -s dawg $(XDIR)/xdawg #------------------------------------------------------------------ --- crack-5.0a.orig/src/libdes/stcmuMmo +++ crack-5.0a/src/libdes/stcmuMmo @@ -0,0 +1 @@ +! --- crack-5.0a.orig/src/libdes/read_pwd.c +++ crack-5.0a/src/libdes/read_pwd.c @@ -55,7 +55,7 @@ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY */ -#if defined(sgi) || defined(__sgi) +#if defined(sgi) || defined(__sgi) || defined (__GLIBC__) #define TERMIOS #undef TERMIO #undef SGTTY --- crack-5.0a.orig/extra/Dictstats.pl +++ crack-5.0a/extra/Dictstats.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl ### # This program was written by and is copyright Alec Muffett 1991, # 1992, 1993, 1994, 1995, and 1996, and is provided as part of the --- crack-5.0a.orig/debian/Crack.8 +++ crack-5.0a/debian/Crack.8 @@ -0,0 +1,136 @@ +.TH CRACK 8 +.SH NAME +Crack, Reporter \- programs to break password files +.SH SYNOPSIS +.B Crack +.I [options] [\-fmt format] [file ...] +.br +.B Crack\-Reporter +.I [\-quiet] [\-html] +.SH "DESCRIPTION" +This manual page documents briefly the +.BR Crack, +and +.B Crack\-Reporter +commands. +This manual page was written for the Debian GNU/Linux distribution +because the original program does not have a manual page. +Instead, there is some documentation available at +.I /usr/share/doc/crack +which you are encouraged to read +.PP +.B Crack +is not a program designed to break the password of every user in +the file. Rather, it is designed to find weak passwords in the file, by +attacking those sorts of bad passwords which are most likely to be used, +in the order in which they would most easily be found (ie: are most +likely to be used by a moronic user). + +Crack is not designed to break user passwords; it is designed to break +password files. This is a subtle but important distinction. + +.B Crack\-Reporter +will show what passwords have been cracked, as well as view +errors that have been detected in the source password files, etc. +Guesses are listed chronologically, so users who wish to see incremental +changes in the output as Crack continues to run over a course of days or +weeks, are encouraged to wrap invocations of \fBCrack\-Reporter\fR in a script with +\fBdiff\fR. + + +.SH OPTIONS +A summary of options are included below. +For Crack: +.TP +.B \-makedict +Creates and compresses the dictionaries \fBCrack\fR will use +.TP +.B \-makeonly +Compiles the binaries for \fBCrack\fR (not necessary for Debian GNU/Linux since +they are already provided) +.TP +.B \-debug +Lets you see what the Crack script is doing. +.TP +.B \-recover +Used when restarting an abnormally-terminated run; suppresses rebuild +of the gecos-derived dictionaries. +.TP +.B \-fgnd +Runs the password cracker in the foreground, with stdin, stdout and +stderr attached to the usual places. +.TP +.B \-fmt format +Specifies the input file format. +.TP +.B \-from N +Starts password cracking from rule number "N". +.TP +.B \-keep +Prevents deletion of the temporary file used to store the password +cracker's input. +.TP +.B \-mail +E-Mail a warning message to anyone whose password is cracked. +See the script \fBnastygram\fR. +.TP +.B \-network +Runs the password cracker in \fInetwork\fR mode. +.TP +.B \-nice N +Runs the password cracker at a reduced priority, so that other jobs can +take priority over the CPU. +.TP +.B \-kill filename +.TP +.B \-remote +Internal options used to support networking. + +For Crack\-Reporter +.B \-html +Produces output in a fairly basic HTML-readable format. +.B \-quiet +Suppresses the reporting of errors in the password file +(corrupt entries, etc) + +.SH EXAMPLES +To run Crack + + # Crack \-nice 10 /etc/passwd + +If a Crack session is killed accidentally, it can be restarted with moderate +efficiency by doing: + + mv run/Dhostname.N run/tempfilename + Crack \-recover \-fmt spf run/tempfilename + +However if all you wish to do is start cracking passwords from some specific +rule number, or to restart a run whilst skipping over a few rulesets, try: + + Crack [\-recover] \-from N filename ... + +\&...where N is the number of the rule to start working from. + +.SH FILES +.I /usr/share/Crack +Location of the Crack program and scripts. +.I /var/lib/Crack/ +Location for the temporary files used by Crack. + +.SH "SEE ALSO" +You will find more documentation about Crack in the text files available in +.IR /usr/share/doc/crack\-common +Documentation includes the program's Manual (in HTML and Text files), the +User's Frequently Asked Questions (FAQ), examples, articles and even some +humour. + +.SH AUTHOR +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). + +.I Crack +and +.I Crack\-Reporter +(originally called \fIReporter\fR) +were written by Alec Muffett + --- crack-5.0a.orig/debian/rules +++ crack-5.0a/debian/rules @@ -0,0 +1,152 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +export DH_COMPAT=4 + + + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + #~$(MAKE) + chmod 755 Crack.make + ./Crack.make + # this is the crypt version, move it to other place + mv lib/bin/debian/ lib/bin/debian-crypt + # To build the MD5 version + mv src/libdes src/libdes.orig + cd src/util && cp elcid.c elcid.c.orig && cp elcid.c,bsd elcid.c + ./Crack.make + mv lib/bin/debian/ lib/bin/debian-md5 + # Now restore it to the previous situation + mv src/libdes.orig src/libdes + cd src/util && cp elcid.c.orig elcid.c + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + # This is done just in case + if [ -d src/libdes.orig ] ; then \ + mv src/libdes.orig src/libdes ; \ + cd src/util && cp elcid.c.orig elcid.c ;\ + fi + -$(MAKE) spotless + -rm -rf lib + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/crack. + #$(MAKE) install DESTDIR=$(CURDIR)/debian/crack + # For the common package + install -m755 Crack Reporter debian/crack-common/usr/share/Crack/ + install -m644 Makefile debian/crack-common/usr/share/Crack/ + install -m755 scripts/* debian/crack-common/usr/share/Crack/scripts/ + for i in dict ; do \ + cp -a $$i debian/crack-common/usr/share/Crack/; \ + done + cp -a conf/* debian/crack-common/etc/Crack/ + cd debian/crack-common/usr/share/Crack/ && ln -s /etc/Crack conf + chmod a+x debian/crack-common/usr/share/Crack/Crack debian/crack-common/usr/share/Crack/Reporter + # For the DES version + cp -a lib/bin/debian-crypt/* debian/crack/usr/lib/Crack + cd debian/crack/usr/share/Crack && ln -s /var/lib/Crack run + + cd debian/crack/var/lib/Crack/bin/ && ln -s /usr/lib/Crack debian + install -m755 debian/Crack debian/Crack-Reporter debian/crack/usr/sbin/ + # For the MD5 version + cp -a lib/bin/debian-md5/* debian/crack-md5/usr/lib/Crack + cd debian/crack-md5/usr/share/Crack && ln -s /var/lib/Crack run + + cd debian/crack-md5/var/lib/Crack/bin/ && ln -s /usr/lib/Crack debian + install -m755 debian/Crack debian/Crack-Reporter debian/crack-md5/usr/sbin/ +# Could change into this the previous statements: +# dh_movefiles + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: build install + dh_testdir -i + dh_testroot -i +# dh_installdebconf -i + dh_installdocs -i -pcrack-common doc/* + dh_installexamples -i extra/* + dh_installmenu -i + dh_installcron -i + dh_installman -i debian/Crack.8 + cd debian/crack-common/usr/share/man/man8/ && ln -s Crack.8 Crack-Reporter.8 + dh_installinfo -i + dh_installchangelogs -i + dh_link -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a +# dh_installdebconf -a + dh_installdocs -a + dh_installexamples -a + dh_installmenu -a +# dh_installlogrotate -a +# dh_installemacsen -a +# dh_installpam -a +# dh_installmime -a +# dh_installinit -a + dh_installcron -a +# dh_installman -a + dh_installinfo -a +# dh_undocumented -a -A Crack.8 Crack-Reporter.8 + dh_installchangelogs -a + dh_strip -a + dh_link -a + dh_compress -a + dh_fixperms -a +# dh_makeshlibs -a + dh_installdeb -a +# dh_perl -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- crack-5.0a.orig/debian/control +++ crack-5.0a/debian/control @@ -0,0 +1,46 @@ +Source: crack +Section: admin +Priority: optional +Maintainer: Pawel Wiecek +Build-Depends: debhelper (>> 3.0.0) +Standards-Version: 3.6.2 + +Package: crack-common +Architecture: all +Depends: make +Recommends: wordlist +Breaks: crack (<< 5.0a-9.2) +Replaces: crack (<< 5.0a-9.2) +Description: Password guessing program + Crack is program designed to quickly locate vulnerabilities + in Unix (or other) password files by scanning the contents + of a password file, looking for users who have misguidedly + chosen a weak login password. + . + This package provides the common files for the crypt() and + MD5 versions. + +Package: crack +Architecture: any +Depends: crack-common, ${shlibs:Depends} +Conflicts: crack-md5 +Description: Password guessing program + Crack is program designed to quickly locate vulnerabilities + in Unix (or other) password files by scanning the contents + of a password file, looking for users who have misguidedly + chosen a weak login password. + . + This package provides the runtime files for the crypt() version. + +Package: crack-md5 +Architecture: any +Depends: crack-common, ${shlibs:Depends} +Conflicts: crack +Provides: crack +Description: Password guessing program + Crack is program designed to quickly locate vulnerabilities + in Unix (or other) password files by scanning the contents + of a password file, looking for users who have misguidedly + chosen a weak login password. + . + This package provides the runtime files for the MD5 version. --- crack-5.0a.orig/debian/crack-common.docs +++ crack-5.0a/debian/crack-common.docs @@ -0,0 +1,4 @@ +manual.txt +manual.html +c50-faq.html +c50-faq.txt --- crack-5.0a.orig/debian/changelog +++ crack-5.0a/debian/changelog @@ -0,0 +1,129 @@ +crack (5.0a-9.3) unstable; urgency=low + + * Non-maintainer upload. + * debian/control: add Breaks/Replaces on older crack to crack-common, + necessary after moving the doc-base files. This should have happened in + 5.0a-9.2 already. Thanks to Andreas Beckmann for the bug report. + Closes: #668897. + + -- gregor herrmann Sun, 15 Apr 2012 15:06:18 +0200 + +crack (5.0a-9.2) unstable; urgency=low + + * Fix "Do not expect the /var/run/ content to persist": + apply patch from Georgios M. Zarkadas that moves the contents of /var/run + to /var/lib. (Closes: #387756) + * Move doc-base files to crack-common package (lintian error). + + -- gregor herrmann Wed, 11 Apr 2012 17:52:13 +0200 + +crack (5.0a-9.1) unstable; urgency=low + + * Non-maintainer upload. + * Use -k option to sort (Closes: #380540) + + -- Julien Danjou Sat, 02 Aug 2008 10:13:35 +0200 + +crack (5.0a-9) unstable; urgency=low + + * Completely rewritten wrapper script to avoid misbehavior for certain + parameter combinations (closes: #340453) + * Applied patch from Petr Salinger to enable + builds on GNU/kFreeBSD (closes: #337428) + + -- Pawel Wiecek Sun, 2 Apr 2006 22:49:00 +0200 + +crack (5.0a-8) unstable; urgency=low + + * Applied patch from Dann Frazier to fix problems on 64-bit + archs (closes: #323421) + * Updated standards-version (no changes required) + * Fixed a few typos in Crack manual (closes: #325682) + + -- Pawel Wiecek Thu, 22 Sep 2005 21:46:56 +0200 + +crack (5.0a-7) unstable; urgency=low + + * Applied a patch from Nicolas Francois + to fix some formatting issues in Crack.8 (closes: #272578) + + -- Pawel Wiecek Sun, 3 Oct 2004 23:49:01 +0200 + +crack (5.0a-6) unstable; urgency=low + + * Added removing of run directory in clean target (closes: #227372) + + -- Pawel Wiecek Mon, 26 Jan 2004 11:24:45 +0100 + +crack (5.0a-5) unstable; urgency=low + + * Applied patch from Thiemo Seufer to fix a tiny error in debian/rules that + effectively prevented Crack from build on mips (closes: #210862) + * Updated standards version (no changes required) + * Changed some relative symlinks to absolute ones (as per policy) + + -- Pawel Wiecek Mon, 13 Oct 2003 16:38:34 +0200 + +crack (5.0a-4) unstable; urgency=low + + * Patch from Javier Fernandez-Sanguino Pena: Debian/rules now creates a + /var/run/Crack directory for the temporary creation of files by the Crack + scripts, symlinks are created from /usr/share/Crack/run to /var/run/Crack + in order to avoid modifying all the scripts, and maybe failing to fix some + (closes: #203658) + * Added a manpage from Javier Fernandez-Sanguino Pena (closes: #194414) + + -- Pawel Wiecek Tue, 2 Sep 2003 17:18:41 +0200 + +crack (5.0a-3) unstable; urgency=low + + * Applied patch from Javier Fernandez-Sanguino Pen~a to fix PATH Crack uses + (closes: #194417) + * Documented the fact that Crack is only available to root and added checks + (closes: #194415) + * Removed the call to dh_undocumented from debian/rules + * Updated Standards-version + + -- Pawel Wiecek Wed, 28 May 2003 13:38:18 +0200 + +crack (5.0a-2) unstable; urgency=low + + * Fixed doc-base errors (closes: #164912) + * Fixed xdawg symlink (closes: #164954) + + -- Pawel Wiecek Fri, 25 Oct 2002 14:03:33 +0200 + +crack (5.0a-1) unstable; urgency=low + + * Initial Release with GREAT help of Javier Fernandez-Sanguino Pen~a + , who actually made most of dirty work (Closes: #82613) + * There are currently a lot of lintian errors but these are *not* the + packages fault. The package uses a special header for dictionary files + (#!xdawg) which gets confused for an interpreter definition. DAWG + wordlist files format is specified in the FAQ (jfs) + * DAWG wordlist are generated *after* installation, on the first run + (in order to prevent this package from increasing in size) (jfs) + * Since sources need to be hacked (as described in the docs) to provide + MD5 or crypt (DES) functionality there are two conflicting packages + created (jfs) + * Created a simple wrapper script that merges passwd database for + clueless people (jfs) + * Created a new script based on Crack only for compilation (Crack.make) + and removed the compilation stuff from Crack since packages will not + include the sources (jfs) + * Applied recommended patch (see FAQ) for libc problems when compiling + Crack (jfs) + * Since debian takes care of distributing the proper binaries in + packages for the given architectures, the script/binstamp has been + modified to always return 'debian' if running on a Debian system (jfs) + * GHS compatibility -- the program configuration uses /usr/share/dict + (instead of /usr/dict) (jfs) + * The package Recommends: wordlist (jfs) + * Fixed a couple of spelling errors and other minor stuff like that (cov) + * Fixed debian/rules so the package actually builds from source (cov) + * Bumped standards-version to 3.5.6 (cov) + * Fixed many lintian errors and warnings, including some quite important + policy violations (cov) + + -- Pawel Wiecek Sun, 13 Oct 2002 21:38:05 +0200 + --- crack-5.0a.orig/debian/crack-common.doc-base.crack +++ crack-5.0a/debian/crack-common.doc-base.crack @@ -0,0 +1,14 @@ +Document: crack +Title: Crack Manual +Author: Alec Muffett +Abstract: This manual describes what crack is + and how it can be used to test for vulnerable passwords. +Section: admin + + +Format: text +Files: /usr/share/doc/crack-common/manual.txt.gz + +Format: HTML +Index: /usr/share/doc/crack-common/manual.html +Files: /usr/share/doc/crack-common/manual.html --- crack-5.0a.orig/debian/Crack-Reporter +++ crack-5.0a/debian/Crack-Reporter @@ -0,0 +1,9 @@ +#!/bin/sh +# Wrapper file for Reporter +# written by Javier Fernandez-Sanguino for the Debian GNU/Linux distribution +# +# Licensed under the GNU GPL v2. +# See /usr/share/doc/common-licenses/GPL + +cd /usr/share/Crack +./Reporter $* --- crack-5.0a.orig/debian/crack-common.doc-base.crack-faq +++ crack-5.0a/debian/crack-common.doc-base.crack-faq @@ -0,0 +1,14 @@ +Document: crack-faq +Title: Crack FAQ +Author: Alec Muffett +Abstract: This document includes Frequently Asked Questions + for Crack (the password guessing program). +Section: admin + + +Format: text +Files: /usr/share/doc/crack-common/c50-faq.txt.gz + +Format: HTML +Index: /usr/share/doc/crack-common/c50-faq.html +Files: /usr/share/doc/crack-common/c50-faq.html --- crack-5.0a.orig/debian/crack.dirs +++ crack-5.0a/debian/crack.dirs @@ -0,0 +1,5 @@ +usr/sbin +usr/lib/Crack +usr/share/Crack +etc/Crack +var/lib/Crack/bin --- crack-5.0a.orig/debian/crack-md5.dirs +++ crack-5.0a/debian/crack-md5.dirs @@ -0,0 +1,5 @@ +usr/sbin +usr/lib/Crack +usr/share/Crack +etc/Crack +var/lib/Crack/bin --- crack-5.0a.orig/debian/dirs +++ crack-5.0a/debian/dirs @@ -0,0 +1,4 @@ +usr/sbin +usr/share/Crack +usr/share/Crack/scripts +etc/Crack --- crack-5.0a.orig/debian/README.Debian +++ crack-5.0a/debian/README.Debian @@ -0,0 +1,47 @@ +crack for Debian +---------------- + +Debian passwd files are usually *NOT* merged so you *cannot* run +# Crack /etc/passwd + +However, the Crack wrapper script has been modified to consider +this case and run the merge scripts by itself and then run Crack +on the merged file. + +If you are using MD5 passwords you need to install the 'crack-md5' +package (not 'crack'), please read the documentation +(/usr/share/doc/crack-common/manual.txt) + +BTW, if you have a mixed crypt/md5 environment Crack will probably not work +100% fine. Period. You can install first the 'crack' package, run +Crack (it will probably have problems with the Md5 passwords). Once +it's finished (if ever) you should install 'crack-md5' and run it again. +The package maintainer could probably provide a better way to handle +this situation in the future but for now it's the only thing you can do +(save, perhaps, fixing the code so Crack works with *both* MD5 and DES). + +Crack needs root priviledges to run. It will not work from ordinary user +account. This is due to access permissions to /usr/share/Crack. Anyway -- you +wouldn't want your users to run Crack on your machine, would you? + +There probably are errors due to the way it generates the binary-stamps +(since it uses uname to know which binaries it has compiled). I've +made changes to the script/binstamps so it always return 'debian' +when running on a Debian system. + +Also, binaries are under /usr/lib/Crack (with a symlink under +/usr/share/Crack/run/bin/debian to keep Crack happy) to follow the FHS + + +TODO: + +- write manpage +- fix lintian warnings (errors regarding xdawg are not errors, please + see the changelog) +- add an init.d script so you can stop all password cracking processes + (and rerun them if there is anyone pending on bootup). This will also help + on upgrades (if any) since these processes should be stopped/restarted in + this cases. + + -- Javier Fernandez-Sanguino Pen~a , Wed, 4 Sep 2002 14:28:19 +0200, + Pawel Wiecek , Sun, 13 Oct 2002 21:05:38 +0200 --- crack-5.0a.orig/debian/copyright +++ crack-5.0a/debian/copyright @@ -0,0 +1,156 @@ +This package was debianized by Javier Fernandez-Sanguino Peņa + on Wed, 4 Sep 2002 14:28:19 +0200. + +It was downloaded from http://www.users.dircon.co.uk/~crypto/download/ + +Upstream Author: Alec Muffett + +Copyright: + +****************************************************************** + +Throughout the entire history of the Crack software, the author has +been employed (apart from occasional periods of unemployment) by a +selection of academic institutions and companies, none of whom have +ever dedicated any resources to the development of the software, nor +have endorsed the development of the software in any other way. + +None of these institutions and companies bear any responsibility +whatsoever for the software, including (but not restricted to) +responsibility for its existence, structure, content, function or use +by any person anywhere. + +****************************************************************** + +The author would like to take this opportunity to thank those freeware +authors who have made indirect but positive contributions to the +development of Crack, notably: + +* Michael Glad (UFC) and Eric Young (libdes/SSLeay) for developments +in the field of high-speed cryptographic implementation which have +provided core functionality for Crack since 1991, + +* The Free Software Foundation for EMACS, GCC, and a variety of other +essential software development tools, + +* Larry Wall for Perl (of which I cannot speak highly enough), and... + +* Linus Torvalds and all other contributors to the Linux project, +which has provided the operating system upon which Crack has been +developed for the last few years. + +The author would also like to thank Paul Leyland for the suggestion of +several ideas key to the new release of the software, notably DAWG +dictionary compression and dictionary handling techniques. + +****************************************************************** + +(* +This document is freely plagiarised from the 'Artistic Licence', +distributed as part of the Perl v4.0 kit by Larry Wall, which is +available from most major archive sites +*) + +This documents purpose is to state the conditions under which this +Package (See definition below) viz: The "Crack" Password Cracker, which +is copyright Alec David Edward Muffett, may be copied, such that the +Copyright Holder maintains some semblance of artistic control over the +development of the package, while giving the users of the package the +right to use and distribute the Package in a more-or-less customary +fashion, plus the right to make reasonable modifications. + +****************************************************************** + +Definitions: + +"Package" refers to the collection of files distributed by the Copyright +Holder, and derivatives of that collection of files created through +textual modification, or segments thereof. + +"Standard Version" refers to such a Package if it has not been modified, +or has been modified in accordance with the wishes of the Copyright +Holder. + +"Copyright Holder" is whoever is named in the copyright or copyrights +for the package. + +"You" is you, if you're thinking about copying or distributing this +Package. + +"Reasonable copying fee" is whatever you can justify on the basis of +media cost, duplication charges, time of people involved, and so on. +(You will not be required to justify it to the Copyright Holder, but +only to the computing community at large as a market that must bear the +fee.) + +"Freely Available" means that no fee is charged for the item itself, +though there may be fees involved in handling the item. It also means +that recipients of the item may redistribute it under the same +conditions they received it. + + +1. You may make and give away verbatim copies of the source form of the +Standard Version of this Package without restriction, provided that you +duplicate all of the original copyright notices and associated +disclaimers. + +2. You may apply bug fixes, portability fixes and other modifications +derived from the Public Domain or from the Copyright Holder. A Package +modified in such a way shall still be considered the Standard Version. + +3. You may otherwise modify your copy of this Package in any way, +provided that you insert a prominent notice in each changed file stating +how and when AND WHY you changed that file, and provided that you do at +least ONE of the following: + +a) place your modifications in the Public Domain or otherwise make them +Freely Available, such as by posting said modifications to Usenet or an +equivalent medium, or placing the modifications on a major archive site +such as uunet.uu.net, or by allowing the Copyright Holder to include +your modifications in the Standard Version of the Package. + +b) use the modified Package only within your corporation or +organization. + +c) rename any non-standard executables so the names do not conflict with +standard executables, which must also be provided, and provide separate +documentation for each non-standard executable that clearly documents +how it differs from the Standard Version. + +d) make other distribution arrangements with the Copyright Holder. + +4. You may distribute the programs of this Package in object code or +executable form, provided that you do at least ONE of the following: + +a) distribute a Standard Version of the executables and library files, +together with instructions (in the manual page or equivalent) on where +to get the Standard Version. + +b) accompany the distribution with the machine-readable source of the +Package with your modifications. + +c) accompany any non-standard executables with their corresponding +Standard Version executables, giving the non-standard executables +non-standard names, and clearly documenting the differences in manual +pages (or equivalent), together with instructions on where to get the +Standard Version. + +d) make other distribution arrangements with the Copyright Holder. + +5. You may charge a reasonable copying fee for any distribution of this +Package. You may charge any fee you choose for support of this Package. +YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may +distribute this Package in aggregate with other (possibly commercial) +programs as part of a larger (possibly commercial) software distribution +provided that YOU DO NOT ADVERTISE this package as a product of your +own. + +6. The name of the Copyright Holder may not be used to endorse or +promote products derived from this software without specific prior +written permission. + +7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + The End --- crack-5.0a.orig/debian/postrm +++ crack-5.0a/debian/postrm @@ -0,0 +1,26 @@ +#! /bin/sh +# postrm script for crack +# +set -e + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + + ;; + purge) +# If the user has run crack there is stuff in here + [ -d /var/lib/Crack ] && rm -rf /var/lib/Crack + [ -d /usr/share/Crack ] && rm -rf /usr/share/Crack + [ -d /etc/Crack ] && rm -rf /etc/Crack + ;; + + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac +#DEBHELPER# + +exit 0 --- crack-5.0a.orig/debian/Crack +++ crack-5.0a/debian/Crack @@ -0,0 +1,47 @@ +#!/bin/bash +# Wrapper file for Crack +# written by Javier Fernandez-Sanguino for the Debian GNU/Linux distribution +# Heavily rewritten by Pawel Wiecek +# +# Licensed under the GNU GPL v2. +# See /usr/share/doc/common-licenses/GPL + +# This is needed due to relative calls to 'dawg' and co. +PATH=/usr/lib/Crack:$PATH +export PATH + +if [ "`id -u`" != "0" ] +then + echo "Crack requires root priviledges to run." + exit 1 +fi + +CRACKDIR=/usr/share/Crack + +# Prepare parameters list expanding any filenames to their canonical names +unset PARAMS +declare -a PARAMS +n=1 + +while [ "${!n}" != "" ] +do + if [ -f "${!n}" ] + then + PARAMS[$n]="`readlink -f "${!n}"`" + if [ "${PARAMS[$n]}" = "/etc/passwd" -a -f /etc/shadow ] + then + # Need to merge passwd with shadow... + MERGED=`tempfile -d $CRACKDIR/run` + >$MERGED + chmod 600 $MERGED + sh $CRACKDIR/scripts/shadmrg.sv >$MERGED + PARAMS[$n]=$MERGED + fi + else + PARAMS[$n]="${!n}" + fi + ((n++)) +done + +cd $CRACKDIR +./Crack "${PARAMS[@]}" --- crack-5.0a.orig/conf/dictgrps.conf +++ crack-5.0a/conf/dictgrps.conf @@ -16,7 +16,7 @@ # Dict '2' is created from $CRACK_HOME/dict/2/* # Dict '3' is created from $CRACK_HOME/dict/3/* -1:/usr/dict/*words* dict/1/* +1:/usr/share/dict/*words* dict/1/* 2:dict/2/* 3:dict/3/*