Class: ViolentRuby::UnixPasswordCracker

Inherits:
Object
  • Object
show all
Defined in:
lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb

Overview

Unix Password Cracker provides a friendly interface to crack unix passwords. Because all hackers totes do this.

Examples:

Basic Usage

config = { file: "/etc/passwd", dictionary: "dictionary.txt" }

upc = ViolentRuby::UnixPasswordCracker.new(config)

upc.crack do |result|
  next unless result[:cracked]
  puts "Cracked #{result[:username]}'s password: #{result[:plaintext_password]}"
end

Author:

  • Kent ‘picat’ Gruber

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ UnixPasswordCracker

Create a new Unix Password Cracker.

Parameters:

  • args (Hash) (defaults to: {})

    The options to create a new Unix Password Cracker.

Options Hash (args):

  • :file (String)

    The path to an /etc/passwd file.

  • :dictionary (String)

    The path to a dictionry of passwords.



34
35
36
37
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 34

def initialize(args = {})
  @file       = args[:file]       if args[:file]
  @dictionary = args[:dictionary] if args[:dictionary]
end

Instance Attribute Details

#dictionaryString

Returns Path to dictionary file.

Returns:

  • (String)

    Path to dictionary file.



23
24
25
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 23

def dictionary
  @dictionary
end

#fileString Also known as: etc

Returns Path to the /etc/passwd file.

Returns:

  • (String)

    Path to the /etc/passwd file.



19
20
21
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 19

def file
  @file
end

Instance Method Details

#check_password(encrypted_password, plaintext_password, strip = true) ⇒ Boolean Also known as: cracked?

Check if a given encrypted password matches a given plaintext word when the same crytographic operation is performed on it.

Examples:

Basic Usage

ViolentRuby::UnixPasswordCracker.new.check_password('HX9LLTdc/jiDE', 'egg')
# true

Advanced Usage

ViolentRuby::UnixPasswordCracker.new.check_password('HXA82SzTqypHA', 'egg ')
# false

ViolentRuby::UnixPasswordCracker.new.check_password('HXA82SzTqypHA', 'egg ', false)
# true

Parameters:

  • encrypted_password (String)

    The encrypted password to check against.

  • plaintext_password (String)

    The plaintext password to check against.

  • strip (Boolean) (defaults to: true)

    Strip trailing spaces and newlines from word ( default: true )

Returns:

  • (Boolean) 


142
143
144
145
146
147
148
149
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 142

def check_password(encrypted_password, plaintext_password, strip = true)
  plaintext_password.strip! if strip # sometimes passwords have trailing spaces
  if plaintext_password.crypt(encrypted_password[0, 2]) == encrypted_password
    true
  else
    false
  end
end

#crack_passwords(args = {}) {|Hash| ... } ⇒ Object Also known as: crack, crack!, get_crackn, release_the_kraken

Crack unix passwords.

Examples:

Basic Usage

ViolentRuby::UnixPasswordCracker.new(file: "passwords.txt", dictionary: "dictionary.txt").crack_passwords do |result|
  next unless result[:cracked]
  puts "Cracked #{result[:username]}'s password: #{result[:plaintext_password]}"
end

Parameters:

  • args (Hash) (defaults to: {})

    The options when crack’n some passwords.

Options Hash (args):

  • :file (String)

    The path to an /etc/passwd file.

  • :dictionary (String)

    The path to a dictionry of passwords.

Yields:

  • (Hash) 


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 99

def crack_passwords(args = {})
  # Use the file and dictionry instance variables or the arguments.
  file = args[:file]       || @file
  dict = args[:dictionary] || @dictionary
  # Parse the given /etc/passwd file and compare with the dictionary.
  parse_etc_file(file: file) do |user, password|
    File.readlines(dict).map(&:strip).each do |word|
      if cracked?(password, word)
        yield format_result(user, password, word)
      else
        yield format_result(user, password)
      end
    end
  end
end

#parse_etc_file(args = {}) ⇒ Hash

Parse a unix /etc/passwd file into a more mangeable form.

Examples:

Basic Usage

upc = ViolentRuby::UnixPasswordCracker.new
upc.parse_etc_file(file: 'passwords.txt')
# {"victim" => "HX9LLTdc/jiDE", "root" => "DFNFxgW7C05fo"}

Super Advanced Usage

ViolentRuby::UnixPasswordCracker.new.parse_etc_file(file: 'passwords.txt') do |user, pass|
  puts user + ' ' + pass
end
# victim HX9LLTdc/jiDE
# root DFNFxgW7C05fo

Parameters:

  • args (Hash) (defaults to: {})

    The options when parsing the file.

Options Hash (args):

  • :file (String)

    The path to an /etc/passwd file.

  • :users (Boolean)

    Specify that only users should be returned ( default: false ).

  • :passwords (Boolean)

    Specify that only passwords should be returned ( default: false ).

Returns:

  • (Hash) 


59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb', line 59

def parse_etc_file(args = {})
  # Readlines from /etc/passwd file.
  lines = File.readlines(args[:file]).collect do |line|
    line unless line.split(':').first.chars.first.include?('#')
  end
  
  # Collect the users and passwords from the lines.
  users     = lines.collect { |x| x.split(':')[0] }.map(&:strip)
  passwords = lines.collect { |x| x.split(':')[1] }.map(&:strip)
  
  # Friendly behavior to return just users or passwords.
  return users     if args[:users]
  return passwords if args[:passwords]
  
  # Zip'm together into a hash.
  users_passwords = Hash[users.zip(passwords)]
  
  # Yield each pair when a block is given, or return all at once.
  if block_given?
    users_passwords.each do |user, password|
      yield user, password
    end
  else
    users_passwords
  end
end