Saturday, 30 January 2016

Viper - Cracking Unix Passwords Brute Force

Viper is a brute force UNIX-style password cracker for passwords encrypt with crypt. It has been developed from Hale's viper 1.4 Perl program. While there are other more powerful crack programs out, this one is about studying the safety of passwords while hardware speed is increasing drastically. If I remember right, I read that on a PDP-11 the password generation took 30 seconds. Now we can do more then 230.000 generations per second on a single CPU core of a single system, increasing speed by a factor of several million. Still, there is some time to go for a 8-character password on full keyspace, see keyspace.txt

Originally, the ufc-crypt implementation seemed to be the fastest crypt function around, using it made porting the program to different platforms easy. 

Viper runs under Linux, Solaris, HPUX and DOS/Windows.


The original, Hale's on Linux: 16329 CPS 
Hale's on Solaris: 659 CPS 

SystemCPUOSVersionCompilerCPS rate
Desktop PCPentium III 650MhzLinux2.2.13gcc39062
Desktop PCPentium III 650MhzWindowsWin98gcc51282
Desktop PCPentium III 650MhzDOS7.0djgpp51282
SparcStationSUN U-Sparc 400MhzSolaris2.6gcc24691
HP 9000-B180LPA-7300LC 180MhzHPUX10.20gcc6993
HP Laptop1x 1.7 GHz AMD64WindowsWinXPgcc121,212
Cloud Server1x CPU sharedLinux2.6.31gcc150,000


Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire -, incl. bugfixes by David C. Rankin

        -f     File to load password from (required unless using lsf)
        -u     Username to load from file (required unless using lsf)
        -lsf   Load saved file from previous session
        -pf    Save progress to file at update interval
        -rf #        Amount of time in hours to run for (default infinite)
        -c #         Character set from charset.ini to use (default 1)
        -pws #       Minimum password length (starting value, default 1)
        -pwl #       Maximum password length (default 8 - maximum 16)
        -ui #        Console update interval (in minutes - default 10)
        -v           Verbose output

Usage Example   

susie112:/home/me/viper-1.6/src # ./viper -f passwd -u root -ui 1 -v
Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire -, incl. bugfixes by David C. Rankin
Found: user root pw:reUJbHrFWYCQk
Found: Charset 0 in charset.ini
...command line parameters loaded.
Character set is 93 chars long
Starting crack on: Sun Oct  3 23:04:44 2009
Cracking for pass length 1 (93 possibilities)
Cracking for pass length 2 (8649 possibilities)
Cracking for pass length 3 (804357 possibilities)
Cracking for pass length 4 (7.48052e+07 possibilities)
[ Length: | Last:    | CPS:    | Time Spent:      | Time Remaining:  | Done:  ]
[    4    |     kq2r |  150000 | 000d:00h:01m:00s | 000d:00h:07m:18s | 12.03% ]
 The password has been located.
 Username : root
 Password : test
 Started  : Sun Oct  3 23:04:44 2009
 Finished : Sun Oct  3 23:06:30 2009
 Duration : 000d:00h:01m:00s
Viper exiting...

Latest Updates   

Viper Version 1.5 has been updated to use the OpenSSL DES routines for encrypting. The UFC library has been dropped as outdated and even generating segfaults on some systems. There is a performance gain of approx. 25% coming from the OpenSSL libraries. In addition to the libraries, the OpenSSL headers (dev package) need to be installed in order to be able to compile Viper. 
Viper Version 1.6 received bugfixes thanks to David C. Rankin.