what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 92

Files from Solar Designer

scanlogd 2.2.8

Posted Mar 11, 2021

Authored by Solar Designer | Site openwall.com

scanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.

Changes: scanlogd 2.2.7 produced deprecation warnings for _BSD_SOURCE when built on a system with recent glibc. scanlogd 2.2.8 avoids those while still supporting older glibc as well (and indeed non-Linux too, like before).

tags | tool

systems | unix

SHA-256 | 0bec45ecbcc8a9a3599cb38e21dcacf639ca3b33bb6973b20261315d065ea158

Download | Favorite | View

scanlogd 2.2.7

Posted Oct 23, 2013

Authored by Solar Designer | Site openwall.com

scanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.

Changes: An off-by-one bug in a safety check has been corrected. The bug did not affect scanlogd itself, but it may be a security issue in other projects reusing code from scanlogd. The license has been changed to heavily cut-down BSD.

tags | tool

systems | unix

SHA-256 | 556a1c82b3561ea796d2ce8dfd20f578717903fd2c6557ebe27775d8ef8771da

Download | Favorite | View

John The Ripper 1.8.0

Posted May 31, 2013

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Incremental mode's efficiency has been improved, and its length and character set limitations in default builds have been lifted. More speed metrics have been added to the status line. Trivial parallel and distributed processing has been implemented with new --fork and --node options. Bitmaps have been implemented for faster comparison of computed vs. loaded hashes. Cracking of bcrypt on 32-bit x86 with GCC 4.2+ and DES-based tripcodes has been sped up. Reconstruction of ASCII encodings of LM hashes has been implemented to save RAM. The formats interface has been made more GPU-friendly. Many formats have been renamed. The license has been relaxed.

tags | cracker

systems | windows, unix, beos

SHA-256 | 1222738c7829ce3014177ca9bd26c41573426f883c6b22527ee9bde363d84bda

Download | Favorite | View

John The Ripper 1.7.9 Jumbo 7

Posted Sep 22, 2012

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: This is mostly a bugfix release. Besides the many bugfixes (mostly for issues introduced with -jumbo-6), it adds support for cracking of KeePass 2.x and RAdmin 2.x passwords and more varieties of PKZIP archives. It also adds GPU support under recent Mac OS X releases, provides speedups for many of the previously-supported formats, and includes minor new features and documentation updates.

tags | cracker

systems | windows, unix, beos

SHA-256 | f3dbedbacea4d87f5724cc8f99f635729c37d88cbfdcae91a5e310ee3973e8a9

Download | Favorite | View

John The Ripper 1.7.9 Jumbo 6

Posted Jul 2, 2012

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: CUDA and OpenCL support has been added. Support for Mac OS X keychains, KeePass 1.x, Password Safe, ODF and Office 2007/2010 files, Firefox/Thunderbird master passwords, RAR -p, WPA-PSK, VNC and SIP C/Rs, HMAC-SHA-*, RACF, builtin SHA-crypt, DragonFly BSD SHA-2, Django, Drupal 7, WoltLab BB3, new EPiServer, GOST, and LinkedIn raw SHA-1 has been added, with OpenMP, CUDA, and/or OpenCL for many of these. Optimizations have been made and OpenMP/CUDA/OpenCL added for many of the previously-supported (non-)hashes. AMD XOP is now used for MD4/MD5/SHA-1. Many main program features and tiny new programs have been added.

tags | tool, cracker

systems | windows, unix, beos

SHA-256 | 27456073b0c2eda16714f4bf64a9731ba7dd9750bab5ee7ad4ba632ee2a6779c

Download | Favorite | View

pwgen Crackable Passwords

Posted Jan 18, 2012

Authored by Solar Designer

6% of pwgen passwords generated can get cracked in 2 minutes with NTLM hashes. For the MD5-based crypt(3), NTLM's 2 minutes would translate to 2 days.

tags | advisory

SHA-256 | 0cce10ca1a5989b09cd638d36869a014336958fad1337b95c08ad71bfe840357

Download | Favorite | View

John The Ripper 1.7.9 Jumbo 5

Posted Dec 19, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for RADIUS shared secrets and for SHA-0 was added. MSSQL (old and 2005), MySQL (SHA-1 based), and Lotus5 hashing were optimized. OpenMP parallelization was added for Lotus5. x86-64 builds now make use of SSE2 intrinsics for more hash and cipher types. More i-suffixed make targets were added (which use an icc-generated assembly file for SSE2 intrinsics), including for 32-bit x86 builds. An MD4 implementation in assembly for x86/SSE2 and MMX was added. An alternate implementation of NTLM hashing was added (--format=nt2). A binary build for Windows was made.

tags | tool, cracker

systems | windows, unix, beos

SHA-256 | 2f3c026f4e83d2c1d44cc5a1adfabd060b743b34f2ff02a6965241ca6bce9c87

Download | Favorite | View

John The Ripper 1.7.9

Posted Nov 27, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: OpenMP parallelization of MD5-crypt and bitslice DES has been added. DES key setup has been reworked. x86-64 assembly code for DES S-boxes has been optimized. Support for DES-based tripcodes has been added. Larger hash table sizes for faster processing of millions of hashes per salt have been added. Detection of Intel AVX and AMD XOP with fallback to an alternate program binary has been added. Fallback to a non-OpenMP build has been added. A benchmark result comparison tool has been added. The bundled common passwords list has been updated. Many minor enhancements and a few bugfixes were made.

tags | tool, cracker

systems | windows, unix, beos

SHA-256 | 0d376320b6cc92b0f1341f4a06a79a989c9848e56da8018108b68c0dd6723e05

Download | Favorite | View

John The Ripper 1.7.8 Jumbo 8

Posted Nov 10, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: OpenMP support has been added for MD5-based crypt(3) and Apache $apr1$ hashes when building with SSE2 intrinsics, as well as for SAP CODVN B and SAP CODVN G. Raw MD4 has been enhanced with optional SSE2 intrinsics. The SSE2 intrinsics code for MD4, MD5, and SHA-1 has been pre-built with Intel's compiler into an assembly file, used with the new i-suffixed make targets. Support for occasional false positives or multiple correct guesses has been added and made use of for WinZip/AES and CRC-32. md5_gen has been renamed to dynamic. Numerous other fixes and enhancements have been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | e81079682b5e39b9aae16bc3a3dfad5ee822067faf1af035d0087f9146c1cc71

Download | Favorite | View

John The Ripper 1.7.8 Jumbo 7

Posted Sep 22, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for cracking of encrypted PKZIP archives, Mac OS X 10.7 salted SHA-512 hashes, and DES-based tripcodes has been added. Optional OpenMP parallelization has been added for salted SHA-1 hashes of Mac OS X 10.4-10.6. DIGEST-MD5 cracker has been revised to be usable without requiring source code customizations. Experimental support for dynamically loaded plugins has been added. ".include" directive support and duplicate rule suppression have been added for john.conf. Support for additional character encodings and related features has been added. Numerous other enhancements have been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | cd2ec7c7e2d178ab67e21097365bc72a0d202ffdcb27b4b6cdfe09b7ca9c2df3

Download | Favorite | View

John The Ripper 1.7.8 Jumbo 5

Posted Aug 4, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for more character encodings via the new "--encoding" option has been added (currently UTF-8, ISO-8859-1, koi8-r, and cp1251). Support for raw SHA-224, SHA-256, SHA-384, and SHA-512 hashes has been added. The Makefile has been revised to work with Solaris native make again.

tags | cracker

systems | windows, unix, beos

SHA-256 | ce780807899faf892b5b13af25d030a89ecf4b4e6e36f06d797b8812493541fd

Download | Favorite | View

John The Ripper 1.7.8 Jumbo 4

Posted Jul 24, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for compile-time plugins has been introduced to make it easy to create non-conflicting source code patches adding new hash and cipher types. Performance at MSCash2 (Domain Cached Credentials of modern Windows systems) has been improved through the use of SSE2. "Generic MD5" code has been enhanced to provide more of the MD5 and SHA-1 based hash types under more build targets. WinZip/AES cracker has been enhanced with optional OpenMP parallelization.

tags | cracker

systems | windows, unix, beos

SHA-256 | 518c2fcfa8112128a6a405b56d92faa47831e17f596922af94a647aa949df64e

Download | Favorite | View

John The Ripper 1.7.8 Jumbo 2

Posted Jul 5, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: The jumbo patch has been rebased to 1.7.8. Support for cracking password-protected WinZip archives with AES encryption has been added. Compile-time detection of OpenSSL 0.9.8+ has been added, automatically enabling support for Sybase ASE and hmailserver hashes. The performance on MSCash2 (Domain Cached Credentials of modern Windows systems) has been improved. Other minor performance and portability improvements have been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | 184c58639ed5dc02f978bf7f72fe4130605a51c0183dfe8bc2e77451e2da6c3e

Download | Favorite | View

John The Ripper 1.7.8

Posted Jun 24, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: The bitslice DES S-box expressions and code have been replaced, reducing the gate count by 17% and typically speeding up DES-based crypt(3) cracking by 13%. Support for bcrypt hashes of passwords containing non-ASCII characters has been corrected, and a backwards compatibility feature for broken bcrypt hashes of such passwords has been added. Various other improvements have also been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | 12f4307602b9a8f0d3f82daf28e0f59de21aa82c9dcccd16819b288ec83ab559

Download | Favorite | View

John The Ripper 1.7.7 Jumbo 6

Posted Jun 9, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: Support for cracking OpenSSH's passphrase-protected SSH protocol 2 private keys (with OpenMP parallelization), password-protected PDF files with RC4 encryption, and some password-protected RAR archives has been added. Support for SybaseASE, hmailserver, and MediaWiki "B" type password hashes has been added. There were also many minor enhancements.

tags | cracker

systems | windows, unix, beos

SHA-256 | 634ca7d884c3f181d64289a975091095a702f2c60b4b1f0672c6541c0f5a9249

Download | Favorite | View

John The Ripper 1.7.7 Jumbo 5

Posted Jun 3, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: MD5 and SHA-1 based hashes have been sped up with SSE2 intrinsics. md5_gen has been expanded with more hash types. UTF-8 support has been added ("--utf8"). MPI parallelization support for all cracking modes has been integrated. OpenMP parallelization support has been added to more hash types. New formats have been added: mskrb5 (offline attack on MS Kerberos 5 pre-authentication data), rawMD5unicode (MD5 of UCS-2 encoded plaintext), and salted_sha1 (faster handling of some LDAP {SSHA} hashes). The "unique" program, Markov mode, ETA display, and programming interfaces have been enhanced.

tags | cracker

systems | windows, unix, beos

SHA-256 | 2cbdcbd332cb4eb68445d7bf85b2dfa75d939664d2a3a39447fbe74ed113b6a5

Download | Favorite | View

John The Ripper 1.7.7

Posted Apr 29, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: The jumbo patch has been rebased to 1.7.7. Detection of ambiguous hash encodings has been implemented. Support for larger hash tables has been added for many hash types (most notably, NTLM). The "Apache MD5" "format" has been dropped (implemented in 1.7.7 proper). The --salt-list option has been dropped. Assorted other bugfixes, enhancements, and changes have been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | 0ea29fd7742bc189c46e8e52b5d32d2d9538408e6d54f8917faa308ba7954273

Download | Favorite | View

John The Ripper 1.7.7

Posted Apr 28, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: Intel AVX (Sandy Bridge) and AMD XOP (Bulldozer) support for bitslice DES has been added. Various other changes.

tags | cracker

systems | windows, unix, beos

SHA-256 | b821bac5059a3cdc8beb9a715691a9a412db4947345adb7f88eda2fa93293030

Download | Favorite | View

FreeBSD-SA-05:02.sendfile Exploit

Posted Apr 1, 2011

Authored by Solar Designer

FreeBSD sendfile exploit that dumps password hashes to stdout.

tags | exploit

systems | freebsd

advisories | CVE-2005-0708

SHA-256 | f71653ab6e8d1fce31b24940aeaf94c9eb51feb74b98eb76e0d2d78d4969c5ee

Download | Favorite | View

John The Ripper 1.7.6 Jumbo 12

Posted Feb 16, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: The "generic MD5" self-test bug with "-sse2" and "-mmx" builds (introduced in -jumbo-10) has been corrected. MSCash and MSCash2 OpenMP parallelization has been enhanced to adjust the number of key slots according to the number of threads.

tags | cracker

systems | windows, unix, beos

SHA-256 | 2bbc034089dceb05f7284a0f997225b240d96b085ef8b399eb2d4b6aefb348d9

Download | Favorite | View

John The Ripper 1.7.6 Jumbo 11

Posted Feb 8, 2011

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: An x86-64-specific NTLM hash comparison bug has been fixed. Self-tests have been enhanced to detect such bugs in the future. Support for cracking of MSCash2 (Domain Cached Credentials of modern Windows systems) with optional OpenMP parallelization has been added. Similar OpenMP parallelization for the original MSCash has been added. OpenMP-enabled RPM packages for x86-64 Fedora 13 and 14 have been built.

tags | cracker

systems | windows, unix, beos

SHA-256 | 4b8b8f3ddb904ec93ed94335cbe1267ec509403e9c22467167e18259f7d7202a

Download | Favorite | View

John The Ripper 1.7.6

Posted Jun 16, 2010

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: crypt(3) support has been added e.g. for SHA-crypt and SunMD5, with OpenMP parallelization on Linux and Solaris. John\'s Blowfish code has also been parallelized with OpenMP. A more suitable version of x86 assembly Blowfish code is now chosen on Core i7. More optimal DES S-boxes for PowerPC/AltiVec have been integrated. The bitslice DES code has been reworked to allow for the use of arbitrary SIMD intrinsics and mixed-type vectors (e.g., 192-bit with SSE2+MMX). The loader will now detect hashes on a line on their own. The handling of tty settings with "--stdin" and Ctrl-C has been improved.

tags | cracker

systems | windows, unix, beos

SHA-256 | 77e44d068d317648c41d3ac61b8ea1df18d5c7401083e7a4f6681816900c1a73

Download | Favorite | View

John The Ripper 1.7.5

Posted Feb 26, 2010

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: Support for the use of --format along with --show or --make-charset has been added. The choice of .rec and .log filenames has been made more intuitive. A new numeric variable has been added to the rules engine. Various other fixes and additions have been made.

tags | cracker

systems | windows, unix, beos

SHA-256 | db897484183389e5e4b83a6bfcd238179e1e2bfce0787f85c9be19d87090deda

Download | Favorite | View

Openwall Linux Kernel Patch 2.4.37.9

Posted Feb 20, 2010

Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: The patch has been updated to Linux 2.4.37.9. A post-2.4.37.9 upstream fix for FAT filesystems has been added. The FAQ has been updated.

tags | overflow, kernel

systems | linux

SHA-256 | cc066acc2ba98c60487220c98c8c2dd4f652f4416abb44caf310273947bc9d56

Download | Favorite | View

john-1.7.4.2.tar.gz

Posted Feb 4, 2010

Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: Major performance improvements for processing of very large password files or sets of files have been implemented. Some previously missed common Web site passwords found on public lists of "top N passwords" have been added to the bundled common passwords list. Some bugs introduced in 1.7.4 have been fixed.

tags | cracker

systems | windows, unix, beos

SHA-256 | 6a35f51ed1711142090639f47dc51041744e59c20bd368871ebb40f21a062e9b

Download | Favorite | View