Commit 511cbffa authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.2.2

parents
File added
File added
File added
Nico Leidecker <nico@leidecker.info>
\ No newline at end of file
Copyright (c) 2008, Nico Leidecker
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the organization nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
[2009-03-30] Changes with phrasen|drescher 1.2.2
* added the --with-fixed-plugin-dir configuration flag for using a fixed
plugin directory
* added the libcrypto to the LDFLAGS for Linux in configure.ac
* bug fixed in source.c: auto-chosing a source would only work for the
first process
* the 1337 rewriting rule has been modified so that all combination of 1337
characters are used
ssh.c:
* more verbosive error messages
* added support for multiple target hosts, usernames from a file and
testing for empty passwords or passwords equal to usernames
* version increased to 1.1
rsa-dsa.c:
* renamed to pkey.c
http-raw.c:
* the message command line argument was ignored
* more verbosive output
* fixed a bug in the content-length calculation with double'%'
* version increased to 1.1
enc-file.c:
* added version 1.0
[2008-06-23] Changes with phrasen|drescher 1.1.1
* improvement of the plugin API
* ssh and http-raw plugin added to package
* plugin Makefile written and embedded into the main building process;
plugins can be compiled with the --with-plugins configuration option
* incremental mode (from 1 to 8) is now default if neither -i nor -d used
[2008-04-08] Changes with phrasen|drescher 1.1.0
* plugin and multi-processing support implemented
* rsa-dsa and mssql plugin added to package
[2007-07-19] Inital release phrasen|drescher 1.0
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006 Free Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `config.site' that gives default
values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
This diff is collapsed.
EXTRA_DIST = man/pd.1
SUBDIRS = src
man_MANS = man/pd.1
This diff is collapsed.
phrasen|drescher - the passphrase cracker
--------------------------------------------------------------------------------
1. About The Tool
2. Installation
3. The Plugins
4. Run It!
4.1 Getting Started
4.2 Cracking Modes
5. Writing Plugins
6. Troubleshooting
7. A Word About The Versioning
8. Licensing
1. About The Tool
phrasen|drescher (or short p|d) is a modular and multi processing pass
phrase cracking tool. It comes with a number of plugins and a simple plugin
API allows easy development of new plugins. The main features of p|d are:
* Modular with the use of plugins
* Multi processing
* Dictionary attack with or without permutations (uppercase, lowercase,
l33t, etc.)
* Incremental brute force attack with custom character maps
* Runs on FreeBSD, NetBSD, OpenBSD, MacOS and Linux
2. Installation
./configure --with-plugins
make
make install
Some plugins require additional libraries. Please read src/plugins/README
for more details.
3. The Plugins
p|d cracks key passphrases, password hashes, accounts of remote web
applications or whatever a plugin was designed for. The actually cracking
process is provided by plugins. In this release, there are four modules
included in the package:
* rsa-dsa: cracks RSA and DSA key passphrases
* mssql: cracks MS SQL 2000/2005 password hashes
* ssh: performs account cracking attacks against an SSH 2 service
(supports password, keyboard-interactive and publickey)
* http-raw: a module for simple HTTP form based account brute-forcing
For further information see src/plugins/README.
4. Run It!
4.1 Getting Started
Once you compiled and installed p|d, you should give it a try and run it.
The first choice you'll have to make when using p|d is what plugin to use.
p|d plugins are stored in the system library directory which may differ
from whatever system you're running it on. If you're unsure which directory
that is, you can run p|d with the -h flag and it will tell you which the
current plugin directory is:
$ pd -h
You can to specify the explicit path in the environment variable
`PD_PLUGINS':
$ export PD_PLUGINS=/my/plugin/directory
$ pd -h
Every plugin will have additional command line options besides the few
default p|d command line options. Once you chose a plugin, you can get
further plugin specific information and command line flags:
$ pd rsa-dsa
4.2 Cracking Modes
p|d offers two cracking modes. The Incremental Mode (which is used by
default) does pure brute-forcing of pass phrases while in Dictionary Mode,
phrases are taken from a word list:
Incremental Mode:
This mode expects an argument flag -i that specifies the explicit length
or a range of words to generate. Generating 8 characters long words, for
instance, can be done this way:
$ pd rsa-dsa -i 8 -K private-key
And to specify a range. E.g. from 8 characters to 12:
$ pd rsa-dsa -i 8:12 -K private-key
By default, p|d uses all human readable characters to generate the
phrases and passwords. However, you can specify your own character map
in an environment variable `PD_CHARMAP'. For example, in order
to only use lower case characters:
$ export PD_CHARMAP="abcdefghijklmnopqrstuvwxyz"
$ pd rsa-dsa -i 6:8 -K private-key
The character map also implies the order of the characters to be used
in phrases. So, if you want to do the increment in reverse order,
simply do:
$ export PD_CHARMAP="zyxwvutsrqponmlkjihgfedcba"
$ pd rsa-dsa -i 6:8 -K private-key
This is generally a good idea, if you know what form of a password you
can expect, because of the nature of the password to crack or maybe even
because of password policies (E.g. "password has to begin with a
character").
Dictionary Mode:
Using this mode is straight forward:
$ pd rsa-dsa -d wordlist -K private-key
For Dictionary Mode, there is a rewriting option. Words, taken from a
file, can be rewritten after certain rules. E.g. converted to upper or
lower case, append or prepend a number. All this is done with the `-r'
flag. This is a list of possible rules:
A = all characters upper case
F = first character upper case
L = last character upper case
W = first letter of each word to upper case
a = all characters lower case
f = first character lower case
l = last character lower case
w = first letter of each word to lower case
D = prepend digit
d = append digit
e = 1337 characters
x = all rules
In order to rewrite all characters in a word to upper case and to
append a digit (0 to 9) at the end:
$ pd rsa-dsa -d wordlist -r Ad -K private-key
Sometimes, dictionary words and their rewritten equivalent are identical.
p|d will discard the rewritten word in this case.
5. Writing Plugins
There's a detailed plugin writing guide online at
http://www.leidecker.info/projects/phrasendrescher/pd_plugins.shtml
6. Troubleshooting
If you encounter any bugs, not listed in this section, please refer to
nico@leidecker.info.
7. A Word About The Versioning
The pd version number is segmented into three parts seperated by dots
(e.g: A.B.C). The major version number (A) is followed by the version of
the core pd code (B) and finally by the version of the plugin set (C).
The difference between version A.B.1 and version A.B.2 therefore is only
a change in one or more of the plugins while A.1.C and A.2.C indicates
that there have been changes made to the core infrastructure.
8. Licensing
phrasen|dresher is licensed under the 3-clause BSD license:
Copyright (c) 2008, Nico Leidecker
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the organization nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
phrasen|drescher 1.2.2 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; nico@leidecker.info
http://www.leidecker.info
This diff is collapsed.
#! /bin/sh
# Wrapper for compilers which do not understand `-c -o'.
scriptversion=2005-05-14.22
# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand `-c -o'.
Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file `INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
esac
ofile=
cfile=
eat=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as `compile cc -o foo foo.c'.
# So we strip `-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no `-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# `.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
# Create the lock directory.
# Note: use `[/.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
AC_PREREQ(2.50)
AC_INIT(phrasendrescher, 1.2.2, nico@leidecker.info)
AC_CANONICAL_TARGET
AC_CONFIG_SRCDIR([src/phrasendrescher.c])
AM_INIT_AUTOMAKE
AC_PROG_CC
AM_PROG_CC_C_O
#AC_PROG_LIBTOOL
LT_INIT([shared,dlopen])
AC_SUBST([LIBTOOL_DEPS])
AC_HEADER_STDC
SYSTEM_OS=unknown
case $target in
*-linux*)
SYSTEM_OS=LINUX
PHRASENDRESCHER_CFLAGS="-ldl -DLINUX"
PHRASENDRESCHER_LDFLAGS="-ldl"
PLUGIN_LDFLAGS="-shared -lssl -lssh2 -lcrypto -lgpgme"
PLUGIN_CFLAGS="-DLINUX -fPIC";;
*-darwin*)
SYSTEM_OS=MACOS
PHRASENDRESCHER_CFLAGS="-ldl -DMACOS"
PLUGIN_LDFLAGS="-dynamiclib -fno-common -lcrypto -lssl -lssh2 -lgpgme"
PLUGIN_CFLAGS="-DMACOS";;
*-freebsd*)
SYSTEM_OS=FREEBSD
PHRASENDRESCHER_CFLAGS="-ldl -DFREEBSD"
PLUGIN_LDFLAGS="-shared -lssl -lssh2 -lgpgme"
PLUGIN_CFLAGS="-DFREEBSD -fPIC";;
*-netbsd*)
SYSTEM_OS=NETBSD
PHRASENDRESCHER_CFLAGS="-ldl -DNETBSD"
PLUGIN_LDFLAGS="-shared -lssl -lssh2 -lgpgme"
PLUGIN_CFLAGS="-DNETBSD -fPIC";;
*-openbsd*)
SYSTEM_OS=OPENBSD
PHRASENDRESCHER_CFLAGS="-ldl -DOPENBSD"
PLUGIN_LDFLAGS="-shared -lssl -lssh2 -lgpgme"
PLUGIN_CFLAGS="-DOPENBSD -fPIC";;
esac
AC_ARG_WITH(fixed-plugin-dir, [--with-fixed-plugin-dir=DIR], AC_DEFINE_UNQUOTED(FIXED_PLUGIN_DIR,"${withval}"))
AC_ARG_WITH(plugins, [--with-plugins compile plugins], build_plugins="true")
if test "$build_plugins" = "true"
then
AC_CHECK_LIB(ssh2, libssh2_userauth_list, [], [
AC_MSG_ERROR(["Error! You need to have libssh2 or use --with-libssh2"])
])