   Personal Computer Unix Password Cracker, Version 2.00 - Copyright (c) 1990
 ------------------------------------------------------------------------------
                          Written By Doctor Dissector
                        Released On December 16th, 1990
 ------------------------------------------------------------------------------

 DISCLAIMER:
 ===========
    Doctor Dissector will not be held responsible for ANYONE'S use of this
 program, legal or illegal. The author does not encourage use of this program
 for obtaining illegal accounts of the Unix(tm) operating system. This program
 is distributed as is, no warranties are given or implied.

 Description:
 ============
    The Personal Computer Unix Password Cracker (PCUPWC) is a program which
 effectively encrypts passwords from a list of words, comparing them to any
 unix etc/passwd file's encrypted passwords; matching passwords are recorded
 for future use.

 Limitations:
 ============
    PCUPWC can read data from an etc/passwd file. However, for best results,
 any lines in this file which have blank passwords ('::' password) or inactive
 flags (':*:' or ':***:') should be removed before administering cracking
 techiniques.
    If the lines from the etc/passwd file which contain input fields are not
 removed, all words and word combinations will appear to be valid for that
 specific user.
    If the lines from the etc/passwd file which contain asteriks are not
 removed, no words or word combinations will appear to be valid.

 Execution:
 ==========
 Usage: pcupwc /p<file> /v<file> /w<file> [/u] [/1] [/c] [/o] [/r] [/s]

 Mandatory Parameters:
    /p<file> Filename of the etc/passwd file to be cracked. If this parameter
             is not entered, PCUPWC will request for a filename before
             beginning.
    /v<file> Filename of the output file, where all valid username/password
             combinations will be saved. If this parameter is not entered,
             PCUPWC will request for a filename before beginning.
    /w<file> Filename of the wordfile where all password guesses are stored.
             Format of the words inside this wordfile must be one word per
             line, no blank lines are allowed. If this parameter is not
             entered, PCUPWC will request for a filename before beginning.

 Optional Parameters:
    /u       This will tell PCUPWC to compare every word from the wordfile
             against a user before moving to the next. Normally, PCUPWC will
             crack for passwords in the following "format":

             FORMAT #1:
             ----------
                 word #1: test user #1's password
                          test user #2's password...
                 word #2: test user #1's password
                          test user #2's password...
                 word #3: test user #1's password
                          test user #2's password... (etc...)

             This flag will tell PCUPWC to following the following format
             instead, for cracking passwords:

             FORMAT #2:
             ----------
                 user #1's password: test word #1
                                     test word #2
                                     test word #3...
                 user #2's password: test word #1
                                     test word #2
                                     test word #3...
                 user #3's password: test word #1
                                     test word #2
                                     test word #3... (etc...)

             PCUPWC defaults to the first "format". This command overrides
             that format.
    /1       This will tell PCUPWC to test the characters a-z, A-Z, and 0-9
             as passwords before testing words from the wordfile.
    /c       This will tell PCUPWC to test all guesses first in their normal
             case, then all uppercase, then all lowercase. PCUPWC is smart and
             will not repeat word combinations which are the same. For example,
             PCUPWC will test the word 'dood', first as 'dood' (normal), then
             as 'DOOD' (uppercase), but not 'dood' (lowercase) since it was
             already tested.
    /o       This will tell PCUPWC to display verbose output to the console.
             Normally, no information will be echoed to the screen once PCUPWC
             begins cracking; this will tell PCUPWC to print all guesses and
             correct guesses to the console.
    /r       This will tell PCUPWC to test all guesses in reverse after
             guessing them foreward. Like the '/o' flag, PCUPWC will not repeat
             guesses if they are the same backwards and forewards.
    /s       This will tell PCUPWC to print all valid guesses to the console.
             This flag is automatically toggled when verbose output is active.
    /?       Prints a summary of command line parameters and exits.

 Examples:
 =========
    pcupwc /pPASSWD.212 /vVALID.212 /wDICT.TXT /c /o
        The above command will instruct PCUPWC to read encrypted passwords from
        the file PASSWD.212 (etc/passwd format), write any valid username/
        password combinations to the file VALID.212, and read guesses from the
        file DICT.TXT. All guesses will be tested in upper and lowercase.
        Output will be verbose to the console.

    pcupwc /ppwfile.txt /vresults.txt /wwords.txt /r /c /s
        The above command will instruct PCUPWC to read encrypted passwords from
        the file PWFILE.TXT, write valid username/password combinations into
        RESULTS.TXT, and read guesses from WORDS.TXT. All guesses will be
        tested in reverse, upper, and lowercase. Valid username/password
        combinations will also be echoed to the screen.

    pcupwc /1 /o
        The above command will instruct PCUPWC to ask for the names of the
        password file, valid output file, and wordfile upon execution. When
        cracking begins, PCUPWC will test the characters a-z, A-Z, and 0-9
        as passwords and print all output verbose to the console.

    pcupwc /u
        the above command will instruct PCUPWC to ask for the names of the
        password file, valid output file, and wordfile upon execution. When
        cracking begins, PCUPWC will crack following format #2. Nothing
        will be echoed to the console.

 Example Of Guesses:
 ===================
    PCUPWC can test words as normal, uppercase, lowercase, and reversed. The
 following table displays the guesses for the words 'Guess', 'password',
 'PW', and 'MOM'. The x'd out areas are fields which are never accessed by
 each particular flag. The blank spaces are fields which would be repetitive
 to PCUPWC and therefore are not tested.

 +---------------------------------------------------------------------------+
 | Flags   |  Normal  |  Upcase  | Lowcase  | Reverse  | Ureverse | Lreverse |
 +---------------------------------------------------------------------------+
 |    [/c] | Guess    | GUESS    | guess    |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
 |         | password | PASSWORD |          |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
 |         | PW       |          | pw       |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
 |         | MOM      |          | mom      |XXXXXXXXXX|XXXXXXXXXX|XXXXXXXXXX|
 +---------+----------+----------+----------+----------+----------+----------+
 |    [/r] | Guess    |XXXXXXXXXX|XXXXXXXXXX| sseuG    |XXXXXXXXXX|XXXXXXXXXX|
 |         | password |XXXXXXXXXX|XXXXXXXXXX| drowssap |XXXXXXXXXX|XXXXXXXXXX|
 |         | PW       |XXXXXXXXXX|XXXXXXXXXX| WP       |XXXXXXXXXX|XXXXXXXXXX|
 |         | MOM      |XXXXXXXXXX|XXXXXXXXXX|          |XXXXXXXXXX|XXXXXXXXXX|
 +---------+----------+----------+----------+----------+----------+----------+
 | [/r /c] | Guess    | GUESS    | guess    | sseuG    | SSEUG    | sseug    |
 |         | password | PASSWORD |          | drowssap | DROWSSAP |          |
 |         | PW       |          | pw       | WP       |          | wp       |
 |         | MOM      |          | mom      |          |          |          |
 +---------------------------------------------------------------------------+

 Notes:
 ======
    When aborting a crack session, be sure to exit with a CONTROL-Q; if any
 other break key (CONTROL-ALT-DEL, CONTROL-C, CONTROL-BREAK, Cold Boot) is
 used to interrupt PCUPWC, some valid passwords may not be written to disk
 properly. CONTROL-Q properly end-writes and closes the valid output file
 elimiating any chance of data loss.
    When using the default format for cracking, whenever a valid password is
 found for a given user, PCUPWC will skip that user for the remainder of the
 crack; this saves time! When verbose output is active and PCUPWC skips a user,
 an 'o' will be echoed to the screen instead of the usual '.'.
    When using the '/u' format for cracking, whenever a valid password is
 found for a user, PCUPWC will move on to the next user; this saves time!
    The default format has the capability to have a faster throughput compared
 to the second format; the reason is simple, examine the following example.

    Format #1, Hypothetical Situation: 10 words, 10 users.

    Word #1,  Users Tested: 1,2,3,4,5,6,7,8,9,10
    Word #2,  Users Tested: 1,2,3,4,5,6,7,8,9,10
    Word #3,  Users Tested: 1,2,3,4,5,6,7,8,9,10  (Valid For User #3)
    Word #4,  Users Tested: 1,2,4,5,6,7,8,9,10
    Word #5,  Users Tested: 1,2,4,5,6,7,8,9,10
    Word #6,  Users Tested: 1,2,4,5,6,7,8,9,10    (Valid For User #9)
    Word #7,  Users Tested: 1,2,4,5,6,7,8,10      (Valid For User #5)
    Word #8,  Users Tested: 1,2,4,6,7,8,10
    Word #9,  Users Tested: 1,2,4,6,7,8,10
    Word #10, Users Tested: 1,2,4,6,7,8,10

    As you can see, the crack started with 10 users, and in the end, only
 7 users are being cracked because the other three have already been cracked,
 and PCUPWC will skip them; as a result, at the end of long cracks, PCUPWC
 will appear to run much faster as it skips already cracked users.

 ------------------------------------------------------------------------------
   Special thanks to Razor and Minuteman for helping me out on encryption and
            other technical procedures while programming this cracker.
   Some more special thanx go out to PLAGUE and a user who wishes not to be
            named at this time for help with the fast DES encryption routines.
 -(c)1990------------------------------------------------------------------eof-
