From Hak5

Contents 1 What is CrackBot? 2 Commands 3 Login/Logoff 4 Hashes 4.1 Third Section 4.2 Fourth Section 4.3 Obtaining a Hash 5 Cracking 5.1 Memoserv Notices 6 FAQ 7 Extra Help 8 Current Bugs

[edit] What is CrackBot?

CrackBot is an IRC interface for rcrack, originally written in TCL by NeWbY (aka Paul of GSO (GovernmentSecurityOnline)). The bot differs from traditional IRC bots in that it does not use the EggDrop system for IRC connectivity. The original CrackBot code has been discontinued, however Silivrenion has been given the code for use in the Community Rainbow Tables project.

CrackBot is currently used on the following channels:

• #RainbowTables on Hak5IRC

[edit] Commands

Commands use <> to signify a variable, and [] as an optional parameter.

• !login - Makes you eligible to use the bot
• !logoff - Logs you off of the bot, provided you didn't use !crack to complete a cracking request. One does not need to logoff after submitting hashes
• !add <hash> - Adds the hash <hash> to the current cracklist
• !crack [<hash>] - Cracks <hash> if provided with the command !crack, otherwise if used alone, cracks all hashes in the cracklist.
• !show - Once logged in, shows all cracked hashes in the results file
• !hashes - When used before !crack, it displays the hashes that are currently added to the cracklist
• !help - Quick reference to commands
• !whois <ipaddress> - Shows WHOIS information for a given IP address

[edit] Login/Logoff

Logging in and off are synonymous with using an ATM machine. In order to keep rcrack from opening multiple processes, only one user is allowed to process at a time. The remaining people must wait until the bot is available, as noted in the channel, before they may !login and grab their spot. Logging in and off ensures that each hash will be processed as fast as possible, and prevents abuse.

Logging off is not needed after submitting hashes and proceeding with a crack. Your session exists from the time you !login, to the time !crack is finished.. you will automatically be logged out either after finished cracking, or after a timeout of 120 secs if not cracking.

[edit] Hashes

CrackBot accepts LM hashes currently, and cracks according to a 120GB 1-7 LM All charset. Hashes are in the following form:

• Admin:1004:E05B92BABD7B0D3BAAD3B435B51404EE:8B0BB72BB8C57A5531433B2CA933DE88:::

The hash can clearly be separated into different sections, according to the colons in the hash.

<BLINK>WEW</BLINK>

[BLINK]WEW[/BLINK]

[edit] Third Section

This section contains the LM hash of the source password.

[edit] Fourth Section

This section contains the NT hash of the source password.

[edit] Obtaining a Hash

You may use tools such as Cain and Abel, pwdump2, or l0phtcrack to retrieve the necessary hashes. They will not work with CrackBot unless they are in the correct format, as described above.

[edit] Cracking

To begin cracking, one must !login to the bot. Once logged in, you can start entering hashes. CrackBot will not allow you to enter hashes that do not match with standard PWDUMP2 format, as outlined above in Hashes. Please note, cracking may take a long time.

• If you have more than one hash to crack, simply use the command !add <hash>, omitting the <> in the syntax and repeating for every hash you have, then giving the command !crack.
• If you have one hash to crack, you may use the command !crack <hash>, omitting the <> in the syntax, to crack that one hash.

DO NOT crack more than 20 hashes at a time. This will cause the bot to flood you and crash. 20 or so hashes is ok, but for example, 115 hashes is not.

After cracking, CrackBot will notify you via query and memoserv what your results are.

[edit] Memoserv Notices

Memoserv was added in case the cracking user isn't online to receive their hashes. This will send a memo to your nickname. For more information, type /msg Memoserv help in IRC. Memoserv requires you have a registered nickname to receive the memo through.

[edit] FAQ

• Q: If I have a registered nick, and I need to quit IRC but have hashes currently being cracked, will CrackBot automatically send a memo to me?
• A: Yes! If your nick is registered, CrackBot will send you a memo via Memoserv with your cracked passwords.

[edit] Extra Help

If you have any problems, don't hesitate to ask for help from and admin or operator in the IRC channel. Also, you can use !help to figure out commands.

[edit] Current Bugs

• Crashes on Ping Timeouts
• Has stability problems