-
Notifications
You must be signed in to change notification settings - Fork 59
/
psk-crack.1
99 lines (99 loc) · 3.07 KB
/
psk-crack.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\" Copyright (C) Roy Hills, NTA Monitor Ltd.
.\"
.\" Copying and distribution of this file, with or without modification,
.\" are permitted in any medium without royalty provided the copyright
.\" notice and this notice are preserved.
.\"
.TH PSK-CRACK 1 "February 14, 2005"
.\" Please adjust this date whenever revising the manpage.
.SH NAME
psk-crack \- Crack IKE Aggressive Mode Pre-Shared Keys
.SH SYNOPSIS
.B psk-crack
.RI [ options ] " " < psk-parameters-file >
.PP
.B <psk-parameters-file>
is a file containing the parameters for the pre-shared
key cracking process in the format generated by
.B ike-scan with the
.B --pskcrack (-P)
option. This file can contain one or more entries. For multiple entries,
each one must be on a separate line.
.PP
The program can crack either MD5 or SHA1-based hashes. The type of hash is
automatically determined from the length of the hash (16 bytes for MD5 or
20 bytes for SHA1). Each entry in the
.B <psk-parameters-file>
is handled separately, so it is possible to crack a mixture of MD5 and SHA1
hashes.
.PP
.B psk-crack
can also crack the proprietary hash format used by Nortel Contivity / VPN
Router systems. When cracking Nortel format hashes, you need to specify the
username of the hash that you are cracking with the
.B --norteluser (-u)
option. When cracking Nortel format hashes, you can only crack one hash at
a time.
.PP
By default,
.B psk-crack
will perform dictionary cracking using the default
dictionary. The dictionary can be changed with the
.B --dictionary (-d)
option, or brute-force cracking can be selected with the
.B --bruteforce (-B)
option.
.SH DESCRIPTION
.B psk-crack
attempts to crack IKE Aggressive Mode pre-shared keys that have previously been
gathered using
.B ike-scan
with the
.B --pskcrack
option.
.PP
.B psk-crack
can operate in two different modes:
.IP 1)
Dictionary cracking mode: this is the default mode in which
.B psk-crack
tries each candidate word from the dictionary file in turn until it finds a
match, or all the words in the dictionary have been tried.
.IP 2)
Brute-force cracking mode: in this mode,
.B psk-crack
tries all possible combinations of a specified character set up to a given
length.
.SH OPTIONS
.TP
.B --help or -h
Display this usage message and exit.
.TP
.B --version or -V
Display program version and exit.
.TP
.B --verbose or -v
Display verbose progress messages.
.TP
.B --dictionary=<f> or -d <f>
Set dictionary file to <f>. The default is
/usr/local/share/ike-scan/psk-crack-dictionary.
.TP
.B --norteluser=<u> or -u <u>
Specify the username for Nortel Contivity cracking.
This option is required when cracking pre-shared keys
on Nortel Contivity / VPN Router systems. These
systems use a proprietary method to calculate the hash
that includes the username.
This option is only needed when cracking Nortel format
hashes, and should not be used for standard format
hashes.
.TP
.B --bruteforce=<n> or -B <n>
Select bruteforce cracking up to <n> characters.
.TP
.B --charset=<s> or -c <s>
Set bruteforce character set to <s>
Default is "0123456789abcdefghijklmnopqrstuvwxyz"
.SH AUTHOR
Roy Hills <Roy.Hills@nta-monitor.com>