/*
 * THC/2003
 *
 * Simple ssh-private key cracker. Tries to brute force (dictionary
 * attack) almost any ssh private key file format.
 *
 * This is just a quick tool from THC. Using OpenSSL is not really
 * fast...
 *
 * COMPILE:
 *     gcc -Wall -O2 -o thc-ssh-crack thc-ssh-crack.c -lssl
 *
 * RUN:
 * John is a good password generator. We use it for thc-ssh-crack:
 * 
 * $ john -stdout -incremental | nice -19 thc-ssh-crack id_dsa
 *
 * Normal dictionary (without john's permutation engine):
 *
 * $ nice -19 thc-ssh-crack id_dsa <dictionary.txt
 *
 * Enjoy,
 *
 * http://www.thc.org
 */
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <string.h>

int
main(int argc, char *argv[])
{
  FILE *fp = fopen(argv[1], "r");
  EVP_PKEY *pk;
  char *ptr;
  char pwd[1024];

  SSL_library_init();
  pwd[0] = '\0';
  while (1)
  {
    if (!fgets(pwd, sizeof pwd, stdin))
    {
      printf("Password not found.\n");
      exit(0);
    }
    ptr = strchr(pwd, '\n');
    if (ptr)
      *ptr = '\0';
    pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)pwd);
    if (pk)
    {
      printf("THC THC THC THC THC THC THC THC THC\n");
      printf("----> pwd is '%s' <-----\n", pwd);
      printf("THC THC THC THC THC THC THC THC THC\n");
      exit(0);
    }
  }

  return 0;
}