P A S S W O R D E N G I N E (for IBM PC's) by Uncle Armpit +++++++++++++++++++++++++++++++++++++++++++++ The device driver code listed below provides a data stream of passwords. The device driver approach was used to speed up the process of cracking passwords on an incremental basis. The usual approach was to generate the passwords to a file, then reading the file, etc..the device driver approach circumvents these file storage problems, and others, such as having enough free disk space and delays from disk i/o. This driver operates completely in memory (approx. 0.5Kb) How practical is this? ---------------------- This program would be very useful if you think you may know what strategy the user/admin uses for picking out their passwords. Without eliciting some sort of a strategy, forget it-- unless your desperate enough!! A "strategy" could consist of any of these possible advantages-- 1) default passwords (ie: SIN, student #, birth date, phone number...) 2) the mutation of a lUSERs' known password from another system 3) viewing the mark typing in most of their password with a couple of unseen characters 4) etc... --------------------------- With the sample device driver provided, passwords starting at 'aaaaaaa' and ending with 'zzzzzzz' will be generated. The length of the password string can be modified by changing the length of the password string itself (that is, the variable "number"). The range of characters in the passwords can also be changed by modifying the following two lines: ;hackdrv.sys ;. ;. ; for ending character-- cmp byte ptr [number+si],'z'+1 ;+1 past ending char. in range ...and for starting character cmp byte ptr [number+si],'a' ;starting char. in range ; ;---------------------- for instance, if you wished to generate numbers from "0000000" to "9999999" -change the ending character to: cmp byte ptr [number+si],'9'+1 -starting character to: cmp byte ptr [number+si],'0' and "number" variable from 'aaaaaa' to '0000000' and then recompile.. ----- ..or in the third case, if u had observed a lUSER type in most of their password, you may want to rewrite the code to limit the search. IE: limit the keys to a certain quadrant of the keyboard. Modify the code starting at "reiterate:" and ending at "inc_num endp" for this. ================================================================= /'nuff of this!/ How do I get things working? ----------------------------------------------- Compile the device driver "hackdrv.sys", and the second program, "modpwd.asm". Then specify the device driver inside config.sys (ie: "c:\hackdrv.sys"). The code below was compiled with the a86 compiler, v3.03. Some modifications might be needed to work with other compilers. To use it in prgs like crackerjack, type in the following on the command line: c:\>jack -pwfile: -word:hackpwd ------ If you had stopped a cracker program (eg: crackerjack) and want to pick up from where you left off, run the program "modpwd.com". This program can change HACKDRVs password through- a) a command line argument (ie: "modpwd aabbbbe") b) executing the program with no parameters (this method also displays the current password in memory) Happy Hacking, Uncle Armpit