--- /dev/null
+/*
+ * THC/2003
+ *
+ * Simple ssh-private key cracker. Tries to brute force (dictionary
+ * attack) almost any ssh private key file format.
+ *
+ * This is just a quick tool from THC. Using OpenSSL is not really
+ * fast...
+ *
+ * COMPILE:
+ * gcc -Wall -O2 -o thc-ssh-crack thc-ssh-crack.c -lssl
+ *
+ * RUN:
+ * John is a good password generator. We use it for thc-ssh-crack:
+ *
+ * $ john -stdout -incremental | nice -19 thc-ssh-crack id_dsa
+ *
+ * Normal dictionary (without john's permutation engine):
+ *
+ * $ nice -19 thc-ssh-crack id_dsa <dictionary.txt
+ *
+ * Enjoy,
+ *
+ * http://www.thc.org
+ */
+#include <stdio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <string.h>
+
+int
+main(int argc, char *argv[])
+{
+ FILE *fp = fopen(argv[1], "r");
+ EVP_PKEY *pk;
+ char *ptr;
+ char pwd[1024];
+
+ SSL_library_init();
+ pwd[0] = '\0';
+ while (1)
+ {
+ if (!fgets(pwd, sizeof pwd, stdin))
+ {
+ printf("Password not found.\n");
+ exit(0);
+ }
+ ptr = strchr(pwd, '\n');
+ if (ptr)
+ *ptr = '\0';
+ pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)pwd);
+ if (pk)
+ {
+ printf("THC THC THC THC THC THC THC THC THC\n");
+ printf("----> pwd is '%s' <-----\n", pwd);
+ printf("THC THC THC THC THC THC THC THC THC\n");
+ exit(0);
+ }
+ }
+
+ return 0;
+}
+
+