Implement a program that cracks passwords, per the below.

$ ./crack 50fkUxYHbnXGw


On most systems running Linux these days is a file called /etc/shadow, which contains usernames and passwords. Fortunately, the passwords therein aren’t stored "in the clear" but are instead encrypted using a "one-way hash function." When a user logs into these systems by typing a username and password, the latter is encrypted with the very same hash function, and the result is compared against the username’s entry in /etc/shadow. If the two hashes match, the user is allowed in. If you’ve ever forgotten some password, you might have been told that tech support can’t look up your password but can change it for you. Odds are that’s because tech support can only see, if anything at all, a hash of your password, not your password itself. But they can create a new hash for you.

Even though passwords in /etc/shadow are hashed, the hash function is not always that strong. Quite often are adversaries, upon obtaining that file somehow, able to guess (and check) users' passwords or crack them using brute force (i.e., trying all possible passwords). Below is what /etc/shadow might look like, albeit simplified, wherein each line is formatted as username:hash.



Design and implement a program, crack, that cracks passwords.

  • Implement your program in a file called crack.c in a directory called crack.

  • Your program should accept a single command-line argument: a hashed password.

  • If your program is executed without any command-line arguments or with more than one command-line argument, your program should print an error (of your choice) and exit immediately, with main returning 1 (thereby signifying an error).

  • Otherwise, your program must proceed to crack the given password, ideally as quickly as possible, ultimately printing the password in the clear followed by \n, nothing more, nothing less, with main returning 0.

  • Assume that each password has been hashed with C’s DES-based (not MD5-based) crypt function.

  • Assume that each password is no longer than (gasp) four characters

  • Assume that each password is composed entirely of alphabetical characters (uppercase and/or lowercase).



Your program should behave per the examples below. Assumed that the underlined text is what some user has typed.

$ ./crack
Usage: ./crack hash
$ ./crack 50fkUxYHbnXGw


No check50 for this one! But odds are, if you can crack all ten passwords above, you’re in good shape!


Be sure to read up on crypt, taking particular note of its mention of "salt":

man crypt

Per that man page, you’ll likely want to put

#include <unistd.h>

at the top of your file in order to use crypt. Moreover, you’ll want to link with -lcrypt, as by compiling not with make but with:

clang -ggdb3 -O0 -std=c11 -Wall -Werror -Wshadow crack.c -lcrypt -lcs50 -lm -o crack


None so far! Reload this page periodically to check if any arise!


  • 2016-09-14

    • Fixed underlining of user input.

    • Added tl;dr.

  • 2016-09-09

    • Initial release.