    +----------------------------------------------------------------------+
    |       ######  ##    ##  ######       #######   ######   ######       |
    |      ##    ## ##    ## ##    ##      ##    ## ##    ## ##    ##      |
    |      ##       ########    ####  #### ##    ## ##    ## ##            |
    |      ##    ## ##    ##  ###          ##    ## ##    ## ##    ##      |
    |       ######  ##    ## ########      #######   ######   ######       |
    +----------------------------------------------------------------------+
    | CrackerHack Version 2 (c) 1992 - No Means No. Released to the public |
    | on November 1st 1992.  CrackerHack is  a custom  increment  password |
    | cracker. Utilities included are: CH, SETCH, TIMECH, SPLITCH & NETCH. |
    | This documentation file describes the CrackerHack Version 2 programs |
    | In full detail along with detailed instructions on how to use them.. |
    +----------------------------------------------------------------------+
    | ---->   Very first increment password cracker ever written..   <---- |
    +----------------------------------------------------------------------+
 
 
Disclaimer:
   I, No Means No, nor any persons involved with the production, construction,
instruction, publication, distribution, implementation or observation of
CrackerHack Version 2.0 assume no responsibility over persons involved with
using, abusing or choosing of CrackerHack Version 2.0, nor do we promote OR
condone it.  It is up to the individual who puts use to Crackerhack Version
2.0.  <grin>
 
 
Overview:
   Crackerhack Version 1.0 was never publically released because of its
incompatibility with some Unix compatibles.  Soon after the completion of CH1
I started on CH2.  Crackerhack was my second Unix C program, the first program
I wrote in Unix C is still not completed because i wanted to complete CH.  I
will be releasing my first program at a later date, as it is much longer than
this.  A version 3 of Crackerhack MIGHT be a possibility, if CH2 has any errors
that I do not yet know about, or if there are some systems that it does not
fully work on, or if I decide to add extra features, then there WILL be a CH3.
So if you happen to run across any problems with it not working on your system,
let me know and I will see if I can fix it.  My mail address will be listed at
the end of this file.
   The documentation you are about to read will be fairly detailed and I will
attempt to make things easy to understand, even if you have never used a
program like this before (I have never used a password cracker other than this
one!).  Here we go.
 
 
Files:
   Included with the archived version of this program is the UFC directory that
contains Ultra Fast Crypt files so you may add UFC when compiling CrackerHack,
this is highly recomended.  You may also use another fast encryption method if
you wish, the makefile describes how to compile the CrackerHack files with or
without fast encryption.  By typing "make" it will display how to make CH2 with
different options.  The following files should be in your directory:
   CH2-DOC   : This documentation file for Crackerhack Version 2.
   CH2-NET   : Complete information on how to set up the NETCH program.
   makefile  : The make file for Crackerhack Version 2.
   addch.h   : The include file for ch.c and timech.c.
   ch.c      : Crackerhack Version 2 source code.
   netch.c   : Network Crackerhack Version 2 source code.
   setch.c   : Setup Crackerhack Version 2 source code.
   splitch.c : Split Crackerhack Version 2 source code.
   timech.c  : Time Crackerhack Version 2 source code.
 
 
Explination:
   To clear some things up, no password cracker can really be called a password
cracker unless it actually CRACKS the encryption.  This program is similar to
other password crackers in the way it compares encryptions, but ONLY in that
respect.  It crypts the "guessed word" and compares the encryption of the
"guessed word" to the encryption of the target password encryption, if they
match, the "guessed word" is the unencrypted password.  However, that is the
ONLY way Crackerhack can be compared to other password crackers.  Other
crackers use dictionary files to use as guesswords.  Crackerhack does NOT use
this method, if it did it would be just like every other cracker out there,
which would mean it would be a waste of time for me to write.  Instead,
Crackerhack could be classified as an INCREMENT CRACKER.  This means it tries
EVERY possible combination within a range, combinations and ranges can be set
with SETCH and is explained in detail in "how to use SETCH".  Increment
cracking works like binary, it "counts".  An example would be if you were to
scan from aaa to zzz, it would do the following: aaa,aab,aac,aad,aae,aaf,...
nml,nmm,nmn,nmo,nmp,nmq,nmr,nms,nmt,nmu,nmv,nmw,nmx,nmy,nmz,nna,nnb,nnc,nnd,...
zzu,zzv,zzw,zzx,zzy,zzz.  You might be thinking "Damn that must take forever!".
Well, first of all Crackerhack is meant to be used to work on ONLY one password
and work on it until either it is cracked or until the full combination/range
has been completed.  Longer cracks take longer time, of course.  And it also
depends on the machine you will be cracking the password on and if you will be
using a fast encryption program with CH2, such as UFC (Ultra Fast Crypt).
 
 
Compiling:
   By typing "make" you will get the instructions for the makefile, you can
"make" crackerhack in 3 different ways, each one depends on the fast encryption
method you wish to use.  Note the way it suggests compiling this program on a
NeXT system.  Crackerhack has been tested on MANY Unix compatable systems,
but if you happen to find a system on which it will not compile or run
correctly, please let me know so I can fix it.  My mail address is listed at
the end of this documentation.
 
 
Using SETCH (Setting up Crackerhack):
   The first program you will want to run will be SETCH.  SETCH is what is used
to set up the cracking combination and ranges as well as selecting the password
you wish to crack.  SETCH creates the ".ch-d" data file which every other
Crackerhack utility works with.  After running SETCH you will get the following
menu:
     +---(SETCH program output)-------------------------------------------+
     |(1) Choose your target password from the "/etc/passwd" file.        |
     |(2) Choose your target password from the ".ch-p" file.              |
     |(3) Manually enter an encrypted password string.                    |
     +--------------------------------------------------------------------+
   If you are going to be cracking an account that is on the system you will be
cracking on, you will want to select #1 here.  If you are going to be cracking
a password that is on another system other than the one you will be cracking on
you will need to copy the "/etc/passwd" file from that system, on to the system
you will be cracking on, under the file name of ".ch-p", and select #2.  If you
know the encryption of the password you want to crack, then you can select #3
and it will prompt you to type it in.  Make sure you type it in EXACTLY (all 13
digits), otherwise you will get false results, or no results at all!
   In cases of #1 or #2, it will ask you a pattern to search for, you can
either just press return (to list every account), or enter a pattern for SETCH
to look for within each line of the password file (it uses the unix GREP
command).  Then it will go through each account in the password file and ask
you which account you want to choose as your target.
   NOTE: In cases #1 or #2, and if you select a pattern to search for it will
create the ".ch-t" file, which is a temporary file created when it uses the
GREP command.  This file will be deleted after selecting your target.  If you
have a disk space quota it might give you an error when it attempts to create
this file when SETCH is working with very large password files.
   After you select either of the 3 options and select your target encryption
it will then display the following:
     +---(SETCH program output)-------------------------------------------+
     |Select one of the following COMBINATIONS:                           |
     |(1): 0123456789                                                     |
     |(2): abcdefghijklmnopqrstuvwxyz                                     |
     |(3): 0123456789abcdefghijklmnopqrstuvwxyz                           |
     |(4): ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz           |
     |(5): 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz |
     +--------------------------------------------------------------------+
   This is where you select (obviously) the COMBINATION.  The decision depends
on the method you wish to crack the target with.  Examples:  Will you be
scanning JUST numerics?  Then choose #1.  Will you be doing a FULL aplhanumeric
scan?  If that is the case, choose #5.
     +---(SETCH program output)-------------------------------------------+
     |Now select the cracking RANGE, up to 8 characters.                  |
     |From  :                                                             |
     |To    :                                                             |
     +--------------------------------------------------------------------+
   This is where you select where your cracking increment scan will start at
and end at.  If you selected a combo of #1 for example, you will want the start
and end to be NUMERIC, however there are exceptions.  A valid exception would
be if you were to crack a password starting with "staff000" and ending at
"staff999" and you want it to scan numerics only.  But if you selected from
"test000" to "testaaa" with a numeric combination, it would increment forever.
This is because it would never get to the "aaa" after "test999", instead it
would flip to "tes0000" and continue counting.  Be sure you select your COMBO
and RANGE correctly.
   Once you have completed the "From" and "To" phase of SETCH it will then
create the ".ch-d" Crackerhack data file.  Now you may run any of the other
Crackerhack utilities.
 
 
Using TIMECH (Time estimation of your crack):
   What this program does is tell you the estimated ammount of time it will
take to complete the full cracking scan on the current machine TIMECH is being
run on.  First it will load the ".ch-d" data file.  Then it counts the number
of CPS (Crypts Per Second, how fast your program is cracking).  It then counts
the number of 'cracks' it will take to crack your COMBO/RANGE selection.  Then
it tells you about how long it will take to complete the full scan in the
format of YY/MM/HH/MM/SS (if it doesnt crack it first!).  It's that easy to
use, and it is very useful too!
   NOTE: Because systems/compilers vary on the maximum storage for the DOUBLE
VARIABLE in C, smaller systems will come up with false results when counting
very large cracking ranges.  But then again, you wouldnt want to run such large
cracks on such small, obviously slow systems anyway, so i don't think this will
be too much of a problem.
 
 
Using CH (Crackerhack Version 2.0):
   Crackerhack!  Run this program, it uses your specifications in the ".ch-d"
file and runs the crack on it, all output will go to the ".ch-l" log file.  The
only way it can prematurely abort is if the ".ch-d" file does not exist.  In
that case it will immediatly tell you and abort, otherwise it will create or
append to the ".ch-l" crackerhack log file the crack it is about to work on and
then start working on that crack.  It will stop and write the crack completion
information to the ".ch-l" crackerhack log file if either of 3 things happen:
1) it cracks the password. 2) it completes the cracking scan. 3) it is aborted.
   It is best to run Crackerhack in the background, because some cracks take
quite a long time.  A nohup (no hangup) is suggested as well.  This will make
sure the program does not abort if the user hangs up or loses connection to the
system.  An example on a unix system would be to do this: "nohup ch &".  The &
signifies that the program will be run in the background as a job.
   ACCESS NOTE: If you have superuser access, or if the system you are on
allows users to set priority, Crackerhack will automatically set the priority
of the program to absolute highest (-20).  This will eat up process and CPU,
but it is worth it because you will get much faster CPS. If you do not have
such access to set the priority to a job, then it will not be set and will run
normally.
   ABORTING NOTE: If Crackerhack is aborted it will write to the log file the
last encryption done.  This will basically let you know where it left off when
it was aborted so you can continue the crack from there.  However, Crackerhack
is UNABLE to detect the system shutdown, this might cause problems if you are
running it on a system that has an upcoming shutdown!  It is best to time it to
make sure it wont get killed with the shutdown.  If anyone knows how to detect
a shutdown, let me know, I havn't figured it out.  Also, it can not detect
"sure kills" (kill -9) because they can not be caught.  So if you are going to
kill it, send a -QUIT, -TERM, or -INT so you know where it left off.
 
 
Using SPLITCH (Split Crackerhack into multiple jobs):
   This program does exactly what its called, it SPLITS crackerhack into
multiple jobs to be run on the same system, this is useful for such systems as
Crays where you can run multiple jobs and still get the same results for each
job as you would from one single job.  This greatly increases the CPS (Crypts
per second).  The program sets the limit to up to 10 SPLITS, if you wish to run
more than 10, you will have to change the source code to "#define SPLITMAX <#>"
where <#> equals the maximum number of splits you wish it to allow.  You will
then have to recompile the program if you change it.  To use SPLITCH, you
simply specify the # of splits you wish to split your crack into (set by SETCH)
after the program name.  If you wish to split it into, say 7 jobs, you would
type up "splitch 7".  Everything afterwards is automatically done by SPLITCH.
What it does is it counts the cracks in your scan combo/range and then splits
it up and runs the crackerhack jobs for you with "nohup ch &", if you do not
wish to use that format, you will have you go into the source code once again
and change "#define BEFORECH" and "#define AFTERCH".  This program is indeed
useful and serves its purpose, but an even MUCH more powerful program is needed
for another purposes, and that program is NETCH.
 
 
Using NETCH (Split Crackerhack and NETWORK the multiple jobs):
   This program does as stated in SPLITCH, except the splitted jobs will NOT
be run on the machine you are currently running it on, but instead the splitted
jobs will be run on any machine you specify (that you have access to of
course).  You will need to compile a list of systems you are on (that you have
RSH access to) in a file named ".ch-n", which is the Crackerhack network
information file.  The format for this file is thoroughly explained in the
CH2-NET file.
   If your system does not support the "rsh" command, you will have to check to
see which command it uses instead, it might be "rshl" or something similar, if
it is different than "rsh" you can specify the command when you run NETCH.  For
example if it uses rshl, you will need to run netch like this: "netch rshl".
When this program is run, it will first access the ".ch-n" file and collect the
information within.  If there are any errors in the format, it will display the
error and abort.  If it is fine it will then access the ".ch-d" data file (set
with SETCH) and split your crack according to the specified networks in ".ch-n"
and attempt to access each system and run the splits.  If there are any errors
with accessing the system, it will let you know then attempt to access the next
system - it will not abort.  It is a good idea to first run a test net-crack to
make sure all systems are working correctly before running your real crack, be
sure if you run a test net-crack to go and kill the cracks on each system
before you run the actual crack.  If you don't, it will surely slow down the
CPS time you get on your actual crack.  Of course, there is an alternative, and
that is to run a very short NETCH splitted crack to not only test to make sure
your network is working correctly, but it will also allow it to be finished
very quickly so you don't have to go to each system and abort them before
running your actual net-crack.
   In the program, the maximum networks allowed are 100... This can be changed
by editing the line "#define SPLITMAX <#>" where <#> is of course, as explained
above in SPLITCH, the maximum number of splits allowed.  In this case it is the
maximum number of network systems/splits allowed.  Each split will go to one
machine on the network that you specify in the ".ch-n" file.  This program is
very powerful if used correctly.  So use it correctly. <grin>
 
 
Files used/created:
   Note that all the files start with a ".", which means they will be hidden
to a normal user on a standard unix system.
   [FILE]  (CREATED_BY) (USED_BY) What it is:
   .ch-d : (SETCH     ) (all    ) Crackerhack Crack data file.
   .ch-l : (CH        ) (user   ) Crackerhack Log file.
   .ch-n : (user      ) (NETCH  ) Crackerhack Network information file.
   .ch-p : (user      ) (SETCH  ) Alternate Passwd file, "etc/passwd" format.
   .ch-t : (SETCH     ) (SETCH  ) Temporary file when choosing target in SETCH.
 
 
Credits:
   Thats it!  I had no credits for Crackerhack Version 1 because I did all the
testing myself before 'releasing' it to certain people to have tested.  When I
gave it out to people to test they notified me of certain problems on different
systems so I could correct them for the public release of Crackerhack (CH2).
So I'd like to thank those people who helped me get this programs compatibility
to where it is now and/or just using it alot and giving me feedback on it.
Those people are: Nat X, Sarlo, Lazar, Lithium Bandit and Nihil.  I would also
like to acknowledge Infomaster who not only gave the idea for NETCH but was
extremely helpful with testing it!  These people are great guys and should be
recognized for it!
 
 
Thats it!:
   Welp!  Thats it!  Docs are complete!  I hope you received enlightenment on
increment cracking and learned how to use CH.  I hope it is put to good use!
I didn't spend all this time programming it for it just to be "collected".
Don't forget if you find any bugs, or compiling problems, or if you have any
comments, complaints, suggestions, questions, or if you just want to annoy me
or just need someone to talk to, then you can leave me mail at the following
internet mail address: "nmn@mindvox.phantom.com".
 
                                                     No Means No
                                               nmn@mindvox.phantom.com
