A multithreaded DES password cracker that performs dictionary-based brute-force attacks. Given a dictionary of plaintext passwords and a file of DES password hashes, it tries all possible 2-character salt combinations (4096) with every dictionary word to find matches. Work is distributed across threads using dynamic load balancing with a shared mutex-protected index.
- GCC
libmagic(file type detection)libcrypt(DES hashing viacrypt_rn())- POSIX threads (
pthread)
sudo apt install gcc libmagic-dev libcrypt-devmakeTo clean build artifacts:
make clean./desplodocus_mt -i <hash_file> -p <password_file> [options]
| Flag | Description |
|---|---|
-i file |
Hash file (required) — one DES hash per line |
-p file |
Password dictionary file (required) — one password per line |
-o file |
Output file (default: stdout) |
-t # |
Number of threads (default: 1) |
-n |
Be nice (increase process nice value) |
-v |
Enable verbose mode |
-h |
Show help text |
Password dictionary (passwords.txt) — one plaintext password per line:
password
123456
letmein
dragon
Hash file (hashes.txt) — one DES hash per line (without the 2-character salt prefix):
FlsQMRbOqsSxY
rl1/EzGqilVgo
./desplodocus_mt -i hashes.txt -p passwords.txt -t 4Cracked passwords are printed to stdout (or the file specified with -o):
cracked: FlsQMRbOqsSxY : password
cracked: rl1/EzGqilVgo : letmein
*** failed: x9Jf8k2lPqRsT
Per-thread and total statistics are printed to stderr:
thread: 0 1.23 sec cracked: 1 failed: 0 total: 1
thread: 1 1.45 sec cracked: 1 failed: 0 total: 1
thread: 2 0.98 sec cracked: 0 failed: 1 total: 1
thread: 3 0.02 sec cracked: 0 failed: 0 total: 0
total : 4 1.45 sec cracked: 2 failed: 1 total: 3
Alejandro Alvarado — CS 333, Intro to Operating Systems