# .- XHU Pack #1 -. . Introduction . Description of Programs . Closing .- Introduction -.

XHU stands for Xenocide's Hacking Utilities written by me, Xenocide. They mainly deal with hacking, security, and cryptography. You may use the programs anyway you like, but I would like to hear your comments. You can reach me on Static Line (806.747.0802) or by Internet at dan.keisling@windmill.com or at xenocide@big12.metrobbs.com - Xenocide .- Description of Programs -. The archive has these files packaged in them: . . . . . . . . . brute dzip fakelog isprime netware passwd permute primes winsscrk

If you are missing any of these files, please contact me so that I can send you them. brute: Brute is a program to show the user why a brute-force attack is a bad idea in gaining a key. If you do not understand what a brute-force attack is, read the below explanation: For this explanation, I will be using the example of the PKZIP password, since everyone is familiar with the program. Generally, there are three types of attacks used to gain a password (key) : . Cryptanalysis - mathematical attack used to calculate the key. Usually the fastest and best option; although usually the most difficult. . Dictionary Attack (see dzip) - using a set of words to guess the key (usually a password). Usually very slow, but easy to create. . Brute-force Attack - trying every possible combination of a key until the key fits. Usually the slowest, but the only way to solve the equation. In simple terms, suppose K=key and our equation we have to solve is K=2*10 (two times five = ?)

Note that this is an extremely bad example. This is just to give you a basic example of finding a key. Encryption is much more stronger than this. We could probably rule out the attack of a dictionary since we aren't dealing with letters (see dzip). From a cryptanalysis stand point, we would compute 2*5 to find the key. Although encryption usually has another variable stopping us from simple computing the left of the equal sign, this example will suffice. If you use brute-force, we would try every possible combination of K. Since brute-force usually starts at the lowest possible value and goes up, we would start at K=0. Since 0=2*5 isn't true, we would try 1. Then 2, 3, 4, etc until we ended up at 10. Since 10 equal 2 times 5, the program would halt, giving us the solution to K. So far, we have only been working with numbers. Now we will be using letters, in order to conform to a PKZIP password. So, if our PKZIP password is "XHU", how would be go about finding that using brute force? Since brute force usually begins at the lowest possible value and works its way up, we would begin at the letter 'a.' For now, we will say that P is the PKZIP password (in this case, XHU) and P' is the password being tried. So when we find that P'=P we have solved the password. Our first try comes out false, since a=xhu is false. We would then try the letter 'b' and then 'c' and all the way to 'z'. Since none of these work, what now? We have to "loop" around to the characters "aa". Since aa=xhu is false, we would then try "ab" then "ac" all the way to "az". Once this is reached, we have to "loop" around to "ba." We will go all the way to "bz" then "ca" and to "cz". All in all, we will finish the 2 character length with "zz". We will then loop around to "aaa" and try that. Then we will go to "aab" and so forth. Once "aaz" is reached, we loop to "aba" and try "abb" then "abc" until we get to "abz" which loops around to "aca". After we reach "azz" we loop around to "baa". We only get to a fourth character string right after "zzz" is reached. (seems like a long time). In dealing with the three character string, we combination "xhu" sometime in the middle giving us: xhu=xhu in which case is true, halting the understand C, then we can think of: for (p'=a; p'<zzzz; p'++) { if (p'=p) { printf("We found the password"); abort(); } else {} } Remember, password. though, that a PC is extremely fast at finding this It would generally take a matter of a few seconds to find program and returning P'. If you will reach the

you

now

can crack any PKZIPPED

. Passwords are generally more than 5 characters in length . Passwords in PKZIP are case-sensitive ('a' and 'A' are totally different passwords) So far we have been only using lower case letters . Secure passwords contain numbers, punctuation keys, high ASCII, and spaces within them. All of these factors contribute into increasing the time in finding the password immensely. First, run brute with 5 characters as the password. If you think it didn't take that long to show them all, remember that it is just displaying them to the screen. When trying to find the password, it uses this sequence: a) b) c) d) e) Compute password Try computed password with equation Return results of try If false, goto a; if true, goto e Exit with success

More or less. This can more than triple the time to find it all. Granted, finding the password "xhu" isn't long at all, but take into the factors listed above. For passwords with uppercase, we now have to try "aaA" and "gHA." Basically, every combination of upper and lowercase letters in the string. Since we are introducing 26 new characters (A through Z) we also have to introduce all punctuation keys (keys: ~`!@#\$%^&*()_+|\=-}]{[:;"'?/>.<,), spaces (just one character - but it severely increases the time), numbers (0 through 9) and all high ASCII characters (161 characters) all greatly increase the time. Most security programs heavily encourage passwords that are more than 10 characters in length with spaces and alternative case. So, you can say that in a length of 10 characters, you will have the try of: kFi&; :l~� This won't usually be a password, but possible solution to the key. brute force has to check every

If you are using a program that uses brute-force, it is always wise to have the option of specifying what characters to use. Suppose you know that the password is only in lower case letters. Why would we waste all the other time to factor in upper case, spaces, numbers, and high ASCII? A brute-force program should have the option to specify only using lower case letters, or by only specifying numbers and upper case letters. If you STILL don't really know what a brute-force attack is, you should follow up to the newsgroup sci.crypt or by contacting me. dzip: Dzip stands for Dictionary Zip which cracks PKZIPPED passwords. A dictionary file (also called a wordlist) is simply a text file that has one word per line. The program checks that word against the password, and if it is false, it tries the next one. The dictionary

file that dzip looks for is called ZIP_DICT.TXT directory. Here is an example of the program: Suppose our ZIP_DICT.TXT file looked like this: oranges bananas apples zowie

in

the current