A tool for bruteforce guessing pass phrases, password hashes or remote accounts of various services.
phrasen|drescher is a modular and multi processing pass phrase cracking tool.
Key Features
In version 1.1 it comes with two plugins with the purposes to:
- crack pass phrases of RSA or DSA keys
- crack MS SQL 2000/2005 SHA1 hashes
- remote SSHv2 account brute forcing
- HTTP login form account cracking
A simple plugin API allows an easy development of new plugins.
Further features are:
- Modular
- Multi Processing
- Dictionary attack with or without permutations (uppercase, lowercase, l33t, etc.)
- Bruteforce attacks for custom character sets
- Runs on FreeBSD, NetBSD, OpenBSD, MacOS and Linux
Usage
phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; http://www.leidecker.info
Usage: ./pd plugin [options]
Available plugins:
http-raw mssql rsa-dsa ssh
General Options:
h : print this message
v : verbose mode
i from[:to] : incremental mode beginning with word length `from'
and going to `to'
d file : run dictionary based with words from `file'
w number : number of worker threads (default is one)
r rules : specify rewriting rules for the dictionary mode:
A = all characters upper case
F = first character upper case
L = last character upper case
W = first letter of each word to upper case
a = all characters lower case
f = first character lower case
l = last character lower case
w = first letter of each word to lower case
D = prepend digit
d = append digit
e = 1337 characters
x = all rules
Environment Variables::
PD_PLUGINS : the directory containing plugins
PD_CHARMAP : the characters for the incremental mode are
taken from a character list. A customized list
can be specified in the environment variable
Examples
Plugin Handling
The default plugin directory is ./plugins. However you can specify a custom path:
$ export PD_PLUGINS=/my/plugin/directory $ pd phrasen|drescher 1.1.1 - the passphrase cracker Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com Usage: pd plugin [options] Please choose a plugin first or use -h for more help Available plugins: rsa-dsa mssql ssh http-raw Set the plugin directory in the environment variable PD_PLUGINS if required.
Dictionary Mode
You can perform a simple dictionary attack on a RSA private key pass phrase using the corresponding module like this:
$ phrasendrescher rsa-dsa -d dict.txt -K ~/.ssh/id_rsa phrasen|drescher 1.1.1 - the passphrase cracker Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com match: (0) ~/.ssh/id_rsa [test123] finished! bye, bye...
Dictionary Mode With Permutations
If you want to permute your dictionary there are loads of options (see Usage page), e.g:
$ phrasendrescher rsa-dsa -r aF -d dict.txt -K ~/.ssh/id_rsa phrasen|drescher 1.1.1 - the passphrase cracker Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com match: (0) ~/.ssh/id_rsa [test123] finished! bye, bye...
Here the ‘a’ rule converts each word to lower case and the ‘F’ rule uses initial caps for each word.
Brute Force Mode
You can specify a custom character set for a brute force attack. Here we choose quick a small character set, so the attack will actually finish:
$ PD_CHARMAP="tes1234" phrasendrescher rsa-dsa -i 1:7 -K ~/.ssh/id_rsa phrasen|drescher 1.1.1 - the passphrase cracker Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com match: (0) ~/.ssh/id_rsa [test123] finished! bye, bye...
