home *** CD-ROM | disk | FTP | other *** search
-
- Gammaprog is a bruteforce password cracker for web based e-mail
- address. (Currently only hotmail.com and usa.net address are
- supported.) The program is written in Java, so it should in theory run on
- any computer equiped with a Java virtual machine. It's not an
- applet however, it won't run from a web browser. If you don't have a
- Java virtual machine, you can get one at
- http://www.javasoft.com/products/index.html .
- Get JDK or JRE. JRE is much smaller and if you have no java coding
- experience it is all you`ll probably need.
-
- New with version 1.11
-
- - Add a vpop mode (verbose pop). It displays the passwords tried while
- using hotmail pop3. Usefull to test speed and debuging.
-
- - I fixed the EOF bug.
-
- New with version 1.1
-
- - You can now crack password using hotmail pop3 rather than through the
- cgi. It is MUCH faster. The password tried are no longer displayed on the
- screen cause they pass to quickly to be of any use. (I tried 1000
- passwords in 23 sec this morning using 50 sockets on a 33,6 modem.
- Maybe it`s possible to do even better, I didn`t experiment a lot. )
-
- - The cgi cracking mode using some form of non blocking socket. With
- version 1.0 sockets were often stock in established mode for no
- apparent reason. Now if a socket doesn't terminated in 30 sec. it
- will be closed and started over.
-
- - There`s no longer an error count at the end when the password isn't
- found. I tried to recover the error during the program execution.
- The old error count was totally inacurate anyway.
-
-
- Installation and usage
-
- Assuming you have JDK and gammaprog source code, compile it with
- javac gammaprog.java
-
- And run it with
- java gammaprog <address> <word list> <mode> [number of socket]
-
- You can also use the precompiled classes and skip the compiling phase.
- The classes were compiled with JDK1.1.5-v7 under Linux on a i586.
- They should run on other system thought, in theory.
-
- If you use JRE, try
- jre gammaprog <address> <word list> <mode> [number of socket]
- or
- jre -cp . gammaprog <address> <word list> <mode> [number of socket]
-
- I don't use JRE, so refer to JRE readme for more details.
-
- - address is of course the e-mail address you want to crack.
- - word list is the dictionary you want to use. A short one comes with
- gammaprog (common-passwords.lst).
- - mode is pop or cgi( or vpop. See below). Pop is a lot faster but you can
- only use it for hotmail address.
- - number of socket is optional. It is use to set the number of socket
- you want to run in parallel. Each socket is a connection to the web
- server by the way. The default value is 4. Adjust this value to fit the
- speed of your modem. In pop mode, you can run much more socket because
- each use a really small amount of bandwidth. I don't know the best value
- actually, so experiment. ( In cgi mode gammaprog displays a list of
- all password it tries, so you can judge its speed and adjust in consequence.
- In pop mode the password were displayed too quickly to allow you to judge
- anything, so to were removed. Displaying them to the monitor could even
- slow the program if you have a fast connection. If for some reason you
- still want them to appear, use the vpop mode.)
-
- The junk listed after each password tried when running the program in cgi
- mode is what gammaprog read from the address site. It use it to determine
- whether the password was good or not. Simple changes in this could fool
- the program and it would no longer works. Since this is likely to
- eventually happen, it might not be a bad idea to check on an account you
- know the password if gammaprog still works.
-
- If you have technical suggestions or feedback feel free to e-mail me.
- Almost everything else will probably be deleted.
-
- An Eyewitness
- 98/08/02
- aneyewitness@geocities.com
-
-
-
-
-
-
-
