Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
/*
* 2012 -- updated to make use of an 8-core machine by Brian L. Troutwine
*
* THC/2003
*
* Simple ssh-private key cracker. Tries to brute force (dictionary
* attack) almost any ssh private key file format.
*
* This is just a quick tool from THC. Using OpenSSL is not really
* fast...
*
* COMPILE:
* gcc -Wall -O2 -o thc-ssh-crack thc-ssh-crack.c -lssl
*
* RUN:
* John is a good password generator. We use it for thc-ssh-crack:
*
* $ john -stdout -incremental | nice -19 thc-ssh-crack id_dsa
*
* Normal dictionary (without john's permutation engine):
*
* $ nice -19 thc-ssh-crack id_dsa <dictionary.txt
*
* Enjoy,
*
* http://www.thc.org
*/
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
FILE *fp = fopen(argv[1], "r");
EVP_PKEY *pk;
char *ptr;
char pwd[1024];
int status;
int tot_child = 0;
SSL_library_init();
pwd[0] = '\0';
while (1) {
if (!fgets(pwd, sizeof pwd, stdin))
exit(0);
ptr = strchr(pwd, '\n');
if (ptr)
*ptr = '\0';
switch(fork()) {
case -1: {
perror("fork");
exit(1);
}
case 0: { // child
pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)pwd);
if (pk) {
printf("THC THC THC THC THC THC THC THC THC\n");
printf("----> pwd is '%s' <-----\n", pwd);
printf("THC THC THC THC THC THC THC THC THC\n");
exit(0);
}
exit(1);
}
default: { // parent
tot_child++;
if (tot_child >= 7) {
waitpid(0, &status, WNOHANG);
tot_child--;
}
}
}
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.