descracker command permits to perform dictionary attacks ( brute force ) against legacy DES based Unix password hashes. It uses CUDA as acceleration layer. I wrote this program more than 10 years ago, recently I recovered it from a forgotten backup file. I decided to release it with some modernisations ( CUDA and C++ versions ).
Tested on:
- Ubuntu 22.04.4 LTS
- nvcc / CUDA 12.4
- CUDA 12.4
- compile the program as follow :
make clean all
- install it:
sudo make install
-
User must provide a text file with the dictionary to use for the brute force attack. The dictionary contains a single word for line, lines are '\n' terminated.
-
Use program's help option to have information about required parameters:
$ ./descracker -h
./descracker [-H<hash>] [-d dict_file] [ -t group | -T group ] | [-h]
-H <hash> hash to crack
-d <dict_file> dictionary file
-t <1|2|3> enable cascading transformation groups
-T <1|2|3> enable specific transformation group
-b <units> cuda block size (optional)
-h print this synopsis
- This program, besides direct use of dictionary words, can employ some basic transformation on the same words.
- To activate the transformations use -t flag. Groups 2 and 3 call the previous ones (i.e. if you specify 3 , also group 2 and 1 will be executed);
- To use only a specific group use -T (i.e. -T 1 will execute only group 1);
- The flag -H (capital 'h') specifies the hash to crack;
- The flag -d specifies the dictionary file;
- Group1:
initial capital letter
single digit, init / end + capital letter
2 digits init/end + capital letter
special character init/end
some 'camel' case
capital incremental
others
- Group2:
reverse
specular
repeated
leet
others
- Group3:
toggle case
duplicated initial
duplicated characters
others
- This program can be optimised in future (i.e. removing intermediate base64 representation of the hash);
- On my pc, full attack ( dictionary with 18M+ words , all groups) requires 20 minutes.
- The following starts a plain dictionary attack:
descracker -H v.I4KLGWHOIsY -d ./seclist.lower.txt
- The following starts a dictionary attack, then uses all the transformations available to get the password:
descracker -H v.I4KLGWHOIsY -d ./seclist.lower.txt -b 256 -t3
- DES implementation was ripped off from OPENSSL.