October 6th, 2004, 01:27 AM
How To Make a Password Cracking Cluster
How to Build a Password Auditing Cluster
This is a really easy project that can be a lot of fun. All you will need to make this work is a cd burner, a router, some ethernet cables and some old PCs you have lying around. You can very easily turn them into a home-made password cracking super-computer.
For convenience purposes, we will be using a bootable linux cd instead of actually installing linux. This is very handy because you don’t have to wipe out the current configuration of the machines you will be using in the cluster. The live linux cd I chose is called ClusterKnoppix. This was because it runs the KDE window manager and makes mounting cds and hard drives very easy. Another live linux cluster cd I really liked was called CHAOS . The .iso file for CHAOS is only 6 megs and the whole operating system can fit on one of those business card sized cdrs. “The super computer for your wallet” they call it.
Step One: Creating the cluster
Download the ClusterKnoppix .iso file from this link. Here’s were the cd burner comes into play…you have to burn one cd for each machine in the cluster. I used four in my experiment but if you have access to a classroom of computers, you are in for a lot of cd burning.
When ClusterKnoppix boots up, it will try and get its network configuration via DHCP. To make life easier on yourself, have a DHCP server running. This is why I used a broadband router with DHCP enabled to connect my machines instead of a switch. If you use a hub or switch and don’t have a DHCP server, configure static IP addresses for all the nodes.
If everything went well, you now have a functioning OpenMosix cluster. OpenMosix is the clustering software that comes loaded on ClusterKnoppix that makes all of this possible. In order to see the status of your cluster, click on the openmosixViewer icon on the bar at the bottom of the screen. This should be displaying all of the nodes in your cluster. It also shows the speed/power of each node with a number next its address. This number is going to determine how much of the processing load will be placed on each of the computers.
Step Two: The password cracker/auditor
Everybody knows that JtR (John the Ripper) is the best password cracker ever written. Unfortunately it is a huge pain to distribute on a cluster. After fighting with it for a few days, I looked for other options and found a project called Cisilia. Cisilia is a password cracker that is meant to be used on OpenMosix clusters. Here is the easiest way to install and use it while doing the fewest reboots as possible:
1. Boot up your windows box that contains the passwords you want to audit.
2. First download Pwdump2 from here (an application used to dump Windows 2000/XP SAM file)
3. at the command line, type “pwdump2 > c:\passwd“. This will create a copy of your password file called passwd on the root of your c:\ drive.
4. Next download the cisilia .tar.gz file from here . Put the .tar.gz file on the root of your c:\ drive.
5. Put in your ClusterKnoppix cd and boot this machine into your cluster.
6. On the desktop of KDE, you will see an icon for your hardrive. Double click it to mount it.
7. Copy the passwd file and cisilia file onto your desktop.
8. Double click the cisilia file and extract it to a folder on your desktop.
9. Open that new folder and right click in the window on some white space. Then choose “open a terminal here”
10. type “ ./configure”
11. after that process is finished, type “make” which will create the executable files in the /src directory of the cisilia folder.
12. copy the passwd file into the /src directory of the cisilia folder.
13. Now here is the syntax for the cisilia command: [#/ cisilia –l “file to log results” –n <number of cisilia instances to run> ./passwd
The number of cisilia instances to run can vary. On my 4 node cluster, I ran 6 instances. The faster two machines were meant to take 2 instances each and the slower computers could take one instance each. So I ran this command= cisilia –l ./finished.txt –n 6 ./passwd
This started cisilia cracking the passwd file with 6 different processes. As soon as the other machines in the cluster saw that one of the nodes was running 6 processor intensive programs, they each started to take instances to lower the burden on that one single machine. It worked just like I wanted because 2 of the P4 machines each claimed 2 instances and the P3 machines new to only take one for each of them. This distributed the 6 processes in the most efficient way. You can see that it is working with the openmosixviewer program because all the nodes will now be under heavy load and you only ran the program from one computer. If you click on the process migration button in the openmosixviewer you can see your processes running on the other computers. It is VERY cool to watch and feel the massive processing power.
After only three minutes I had brute forced a moderately complex 6 digit password.
If anyone tries this, post your result here. I would love to hear from someone who can run this on a big cluster, like a computer classroom for instance.
Password Cracking Cluster
Last edited by NeuTron; May 14th, 2007 at 08:32 PM.
October 6th, 2004, 03:05 AM
im definitly going to have to do this with my xbox...
one question though....i heard from my friend that clusters are INtel only....is this true or can you have AMD clusters....or a mix of both
work it harder, make it better, do it faster, makes us stronger
October 6th, 2004, 03:06 AM
This sound like a real hoot! I have 3 boxes within arm's reach and my wife's and son's are available via the wireless router, So there's 5. Guess I better get to buring CD's this coming weekend so I can give it a whirl. Thanks for the info.
Connection refused, try again later.
October 6th, 2004, 03:37 AM
This method is much easier than using Jon the Ripper, good tutorial.
October 6th, 2004, 03:59 AM
hexadecimal - I know that openMosix will run on AMD. I am not sure if you can have a mix of intel and amd but Id bet it would work.
Just as a side note, you can also use this cluster to run Blender for rendering 3d animations. Or, with the CHAOS distro, you can make a cluster that works on the SETI@home project. Its built into the CHAOS distribution so that you can start it with a single command. Maybe Ill write something about those clusters some other time.
October 6th, 2004, 11:25 AM
5 dual Xeon Dell PowerEdge 2650s 2 GIG of RAM each
All passwords (6 - 8 alpha numeric chars) seven accounts in total, cracked in eleven seconds. Wow.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
October 6th, 2004, 05:06 PM
10 Xeons and 10 Gigs of RAM...11 seconds...holy crap. My hat is off to you, sir. Where you using cisilia and ClusterKnoppix?
October 6th, 2004, 07:23 PM
Very cool, Neutron.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
October 6th, 2004, 08:25 PM
I have a few free classes at school where I have access to the computer labs.
I'm going to test it tomorrow with like two...to make sure i can do it right. If it all works out, I'm gonna try it next week with a ton.
Geek isn't just a four-letter word; it's a six-figure income.
October 7th, 2004, 12:00 AM
Awsome! I have got access to 45 machines on the lab... This could be fun...
You call that a firewall !