Warez.com: Cute FTP tutorialTitle: Unix Password Cracking 
Author: USA (Ultimate Sanity in Anarchy) 
Author Contact: usa@warez.com 
Date: May 20th, 1999 
(c) 1999 Warez.com Inc. 
This tutorial may be freely distrubuted when left as is. There may be no 
modifications to this in any form or fassion exept by Warez.com or the original 
author. 



Password Cracking 
  Most people do not understand what password cracking is. First of all it is 
  almost impossible to crack some passwords. Most servers root account are 8 
  letters, numbers, etc. That makes it almost impossible for it to be cracked by 
  a fast home pc. Some people even use high ascii charters in their passwords, 
  such as: ć Ć ô and other charters. Password cracking is a vast field. Most 
  OS's use different methods of security and encryption. I only have used 
  password crackers to crack unix passwords myself.
UNIX Password Cracking
  Unix passwords look something like this 
  root:QxBmPgjh0XPI:0:0:root:/root:/bin/bash 
  test:dk8djwIMpsjYdf:100:100:Test Account:/home/test/:/bin/sh 
  This is a flat file format that is very common on any unix system. This is 
  usually called /etc/passwd, but today most people shadow their password files. 
  So when you look at the password file you will see something like 
  root:*:0:0:root:/root:/bin/bash 
  test:*:100:100:Test Account:/home/test/:/bin/sh 
  Which means there is a shadow file (usually /etc/shadow or /etc/oshadow) that 
  contains the passwords. The shadow file is usually set so that only a root 
  user can read it. The shadow file would look something like this. 
  root:QxBmPgjh0XPI:0:0:::: 
  test:dk8djwIMpsjYdf:100:100:::: 
  To crack passwords you need a unshadowed password file or the shadow file for 
  a server and a cracking program. I recommend John The Ripper. This is my 
  personal favorite and in my opinion better than all the rest. 
  This is the steps I usually take in cracking a password file. I think this is 
  one of the better ways of doing it. I seem to do pretty good using these 
  steps. 
  1. Run single mode crack. i.e.: john -single passwd 
  2. Try the common password file that comes with john. i.e.: john 
  -w:password.lst passwd 
  3. Get some big dictionary files and crack with those. 
  4. Now I usually crack with my password lists I generated. I have one that is 
  all 1, 2, and 3 letter combinations, 4 length only letters, 5 length only 
  letters, and 4,5, and 6 length numbers. 
  5. If I still do not have the access I need I set john.ini to minimum of 4 
  charters on incremental mode and run john -i passwd 
  The last step will crack all the passwords, but it is a matter of time. With 
  the fastest home PC's it could take your whole life to crack an eight letter 
  password. That is why I like to try dictionary files, and other methods to try 
  to get what I can before running incremental mode. On a huge password file I 
  managed to crack out about 1/3 of the passwords. Usually in cracking, you 
  either only want the root account or just one account with enough access to do 
  what you want (shell account.) 
  Tools 
  John The Ripper - Unix, Win32 & Dos based password cracker. 
  Dictionary Maker 1.0 - This is the tool I use to make my dictionary files. 
  Dictionary Files FTP -  This is a FTP with a lot of dict files.