Introducing GoCrack: A Managed Password Cracking Tool
FireEye's Innovation and Custom Engineering (ICE) team released a
tool today called GoCrack that allows red
teams to efficiently manage password cracking tasks across multiple
GPU servers by providing an easy-to-use, web-based real-time UI
(Figure 1 shows the dashboard) to create, view, and manage tasks.
Simply deploy a GoCrack server along with a worker on every GPU/CPU
capable machine and the system will automatically distribute tasks
across those GPU/CPU machines.
Figure 1: Dashboard
As readers of this blog probably know, password cracking tools are
an effective way for security professionals to test password
effectiveness, develop improved methods to securely store passwords,
and audit current password requirements. Some use cases for a password
cracking tool can include cracking passwords on exfil archives,
auditing password requirements in internal tools, and
offensive/defensive operations. We’re releasing GoCrack to provide
another tool for distributed teams to have in their arsenal for
managing password cracking and recovery tasks.
Keeping in mind the sensitivity of passwords, GoCrack includes an
entitlement-based system that prevents users from accessing task data
unless they are the original creator or they grant additional users to
the task. Modifications to a task, viewing of cracked passwords,
downloading a task file, and other sensitive actions are logged and
available for auditing by administrators. Engine files (files used by
the cracking engine) such as Dictionaries, Mangling Rules, etc. can be
uploaded as “Shared”, which allows other users to use them in task yet
do not grant them the ability to download or edit. This allows for
sensitive dictionaries to be used without enabling their contents to
be viewed.
Figure 2 shows a task list, Figure 3 shows the “Realtime Status” tab
for a task, and Figure 4 shows the “Cracked Passwords” tab.
Figure 2: Task Listing
Figure 3: Task Status
Figure 4: Cracked Passwords Tab
GoCrack is shipping with support for hashcat v3.6+, requires no
external database server (via a flat file), and includes support for
both LDAP and database backed authentication. In the future, we plan
on adding support for MySQL and Postgres database engines for larger
deployments, ability to manage and edit files in the UI, automatic
task expiration, and greater configuration of the hashcat engine.
We’re shipping with Dockerfile’s to help jumpstart users with GoCrack.
The server component can run on any Linux server with Docker
installed. Users with NVIDIA GPUs can use NVIDIA Docker to
run the worker in a container with full access to the GPUs.
GoCrack is available immediately for download along with its source
code on the project's
GitHub page. If you have any feature requests, questions, or bug
reports, please file an issue in GitHub.
ICE is a small, highly trained, team of engineers that incubate and
deliver capabilities that matter to our products, our clients and our
customers. ICE is always looking for exceptional candidates interested
in solving challenging problems quickly. If you’re interested, check
out FireEye careers.
Gloss