Research and Development

A tool for bruteforce guessing pass phrases, password hashes or remote accounts of various services.

phrasen|drescher is a modular and multi processing pass phrase cracking tool.

Key Features

In version 1.1 it comes with two plugins with the purposes to:

  • crack pass phrases of RSA or DSA keys
  • crack MS SQL 2000/2005 SHA1 hashes
  • remote SSHv2 account brute forcing
  • HTTP login form account cracking

A simple plugin API allows an easy development of new plugins.

Further features are:

  • Modular
  • Multi Processing
  • Dictionary attack with or without permutations (uppercase, lowercase, l33t, etc.)
  • Bruteforce attacks for custom character sets
  • Runs on FreeBSD, NetBSD, OpenBSD, MacOS and Linux

Usage

phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; http://www.leidecker.info

Usage: ./pd plugin [options]

 Available plugins:
   http-raw  mssql  rsa-dsa  ssh

 General Options:
   h           : print this message
   v           : verbose mode
   i from[:to] : incremental mode beginning with word length `from'
                 and going to `to'
   d file      : run dictionary based with words from `file'
   w number    : number of worker threads (default is one)
   r rules     : specify rewriting rules for the dictionary mode:
                   A = all characters upper case
                   F = first character upper case
                   L = last character upper case
                   W = first letter of each word to upper case
                   a = all characters lower case
                   f = first character lower case
                   l = last character lower case
                   w = first letter of each word to lower case
                   D = prepend digit
                   d = append digit
                   e = 1337 characters
                   x = all rules

 Environment Variables::
   PD_PLUGINS : the directory containing plugins
   PD_CHARMAP : the characters for the incremental mode are
                taken from a character list. A customized list
                can be specified in the environment variable

Examples

Plugin Handling

The default plugin directory is ./plugins. However you can specify a custom path:

$ export PD_PLUGINS=/my/plugin/directory
$ pd
phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com

Usage: pd plugin [options]
Please choose a plugin first or use -h for more help
Available plugins:
 rsa-dsa  mssql  ssh  http-raw

Set the plugin directory in the environment variable
PD_PLUGINS if required.

Dictionary Mode

You can perform a simple dictionary attack on a RSA private key pass phrase using the corresponding module like this:

$ phrasendrescher rsa-dsa -d dict.txt -K ~/.ssh/id_rsa
phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com

match: (0) ~/.ssh/id_rsa [test123]
finished!
bye, bye...

Dictionary Mode With Permutations

If you want to permute your dictionary there are loads of options (see Usage page), e.g:

$ phrasendrescher rsa-dsa -r aF -d dict.txt -K ~/.ssh/id_rsa
phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com

match: (0) ~/.ssh/id_rsa [test123]
finished!
bye, bye...

Here the ‘a’ rule converts each word to lower case and the ‘F’ rule uses initial caps for each word.

Brute Force Mode

You can specify a custom character set for a brute force attack. Here we choose quick a small character set, so the attack will actually finish:

$ PD_CHARMAP="tes1234" phrasendrescher rsa-dsa -i 1:7 -K ~/.ssh/id_rsa
phrasen|drescher 1.1.1 - the passphrase cracker
Copyright (C) 2008 Nico Leidecker; nfl@portcullis-security.com

match: (0) ~/.ssh/id_rsa [test123]
finished!
bye, bye...
Phrasendrescher-1.1.1 Tar
305.1 KiB
MD5 hash: 633145dfef99002110ff13483555f812
Details

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)