REPORT ZUSR40 NO STANDARD PAGE HEADING.
**************************************************************
*Hacking methods like "word attack" or "dictionary method" 
*achieve a surprisingly high password cracking percentage on 
*SAP systems. Despite Sap's extensive protection system 
*(irreversible password, password aging, minimum length,  
*has to be different from the last 5 passwords, can not contain 
*the first three characters of the username ...) there is no
*good protection against week (guessable) passwords.
*
*This program takes  one of the most popular UNIX hacking 
*dictionary (CRACK , available on the web) as an input, and 
*after filtering and varying  the words based upon the SAP 
*password rules, it uploads them to USR40 (illegal passwords).
*This will perent the users from using week passwords. 
*Schedule this program to run in batch, because it runs for a 
*couple of hours.
**************************************************************

TABLES: USR02, USR40.
DATA: I TYPE I, MIN_LENGTH TYPE I.
DATA: NUMBERS(11) VALUE ' 0123456789'.

DATA: BEGIN OF DATA_TAB OCCURS 5000,
    LINE(12),
END OF DATA_TAB.
data: begin of variation_tab occurs 5000,
    LINE(12),
end of variation_tab.

DATA: BEGIN OF PARAMETER OCCURS 500,
    STATUS LIKE SY-INDEX,
    NAME(60),
    CURRENT(60),
    DEFAULT(60),
END OF PARAMETER.

* Find out the value of login/min_password_lng
CALL 'C_SAPGALLPARAM' ID 'PAR_SUB' FIELD PARAMETER-*SYS*.
LOOP AT PARAMETER.
  IF PARAMETER-NAME = 'login/min_password_lng'.
    MIN_LENGTH = PARAMETER-CURRENT.
    EXIT.
  ENDIF.
ENDLOOP.

* Upload from the frontend workstation
*call function 'WS_UPLOAD'
*exporting
*filename = 'c:\temp\dict.txt'
*tables
*data_tab = data_tab.

* Upload from the application server
OPEN DATASET '/tmp/dict.txt' IN TEXT MODE FOR INPUT.
DO.
  READ DATASET '/tmp/dict.txt' INTO DATA_TAB.
  IF SY-SUBRC <> 0.EXIT.ENDIF.
  APPEND DATA_TAB.
ENDDO.

* Remove the short and long words
MIN_LENGTH = MIN_LENGTH - 1.
LOOP AT DATA_TAB.
  I = STRLEN( DATA_TAB ).
* Does not make sence to use longer words then 8 (USR40-BCODE = 8) or
* shorter than login/min_password_lng - 1.
  IF I > 8 OR I < MIN_LENGTH.
    DELETE DATA_TAB.
  ELSE.
    TRANSLATE DATA_TAB TO UPPER CASE.
    MODIFY DATA_TAB.
  ENDIF.
ENDLOOP.

* Add a taliling number (f.e. PENCIL -> PENCIL0, PENCIL1, PENCIL2 ...)
LOOP AT DATA_TAB.
  DO 10 TIMES.
    variation_tab = data_tab.
    variation_tab+11(1) = numbers+sy-index(1).
    condense variation_tab no-gaps.
    append variation_tab.
  ENDDO.
ENDLOOP.

************************************************************************
* Insert your own code here to add further variations:
* words backwards, number substitutions such as 3 for E, 1 for I or L,
* 5 or 2 for S, 7 for L ...
************************************************************************

* Merge the results and drop the stuff that is still too short.
LOOP AT DATA_TAB.
  I = STRLEN( DATA_TAB ).
  IF I > MIN_LENGTH.
    variation_tab = data_tab.
    append variation_tab.
  ENDIF.
ENDLOOP.
CLEAR DATA_TAB. REFRESH DATA_TAB.

* Who knows, what kind of crappy data we have in the dictionary file
SORT VARIATION_TAB BY LINE.
DELETE ADJACENT DUPLICATES FROM VARIATION_TAB.

* Fill up USR40
INSERT USR40 FROM TABLE VARIATION_TAB ACCEPTING DUPLICATE KEYS.