torsdag den 2. juni 2016

Audit user passwords : John the Ripper Max Speed with more cores!


I was asked how to audit users passwords on our HPC cluster...
well... crack the password with John the ripper from http://openwall.com/john/

 Please note : 
More tools can be found on : http://www.darknet.org.uk/

 More about using wordlists : 
http://blog.thireus.com/look-back-on-2012s-famous-password-hash-leaks-wordlist-analysis-and-new-cracking-techniques/

 The Wordlist:
https://wiki.skullsecurity.org/Passwords
http://www.openwall.com/passwords/wordlists/

first I did :  yum install john
and run : john --test

                        As you see here it runs on 1 core....  But I have 4 cores.... No Cuda :-(


After reading abit about the multicore options...
please note!  There is alot of info on : http://openwall.info/wiki/john/parallelization

I did:
1. Grabed latest patched jumbo version that includes lots of goodies:

$ wget http://openwall.com/john/g/john-1.7.9-jumbo-7.tar.bz2
2. Extract

$ tar xvf john-1.7.9-jumbo-7.tar.bz2
3. Change to the /src directory

$ cd john-1.7.9-jumbo-7/src/
4. Edit the Makefile to enable multi-threaded capabilities.

$ nano Makefile
Uncomment these lines as follows:

OMPFLAGS =
# gcc with OpenMP
OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2

5. For this next step, you will want to specify the target system. To see available targets, type
$ make linux-x86-64-native

The options are:
linux-x86-64-native      Linux, x86-64 'native' (all CPU features you've got)
linux-x86-64-gpu         Linux, x86-64 'native', CUDA and OpenCL (experimental)
linux-x86-64-opencl      Linux, x86-64 'native', OpenCL (experimental)
linux-x86-64-cuda        Linux, x86-64 'native', CUDA (experimental)
linux-x86-64-avx         Linux, x86-64 with AVX (2011+ Intel CPUs)
linux-x86-64-xop         Linux, x86-64 with AVX and XOP (2011+ AMD CPUs)
linux-x86-64[i]          Linux, x86-64 with SSE2 (most common)
linux-x86-64-icc         Linux, x86-64 compiled with icc
linux-x86-64-clang       Linux, x86-64 compiled with clang
linux-x86-gpu            Linux, x86 32-bit with SSE2, CUDA and OpenCL (experimental)
linux-x86-opencl         Linux, x86 32-bit with SSE2 and OpenCL (experimental)
linux-x86-cuda           Linux, x86 32-bit with SSE2 and CUDA (experimental)
linux-x86-sse2[i]        Linux, x86 32-bit with SSE2 (most common, 32-bit)
linux-x86-native         Linux, x86 32-bit, with all CPU features you've got (not necessarily best)
linux-x86-mmx            Linux, x86 32-bit with MMX (for old computers)
linux-x86-any            Linux, x86 32-bit (for truly ancient computers)
linux-x86-clang          Linux, x86 32-bit with SSE2, compiled with clang
...and more....

6. When complete, binaries are available under the /run directory.

$ cd ../run
To run a benchmark on your system, type:

$ ./john --test
Cracking MD5 via brute force is now done 24 x faster!

I did run : cd ../run/ ; john test.txt   (test.txt is a md5 username + password)

Loaded 1 password hash (FreeBSD MD5 [128/128 AVX intrinsics 12x])
guesses: 0  time: 0:00:04:57 0.00% (3)  c/s: 633654  trying: mikmpit1 - mikmpl91



Indsendt af kl.