October 26, 2004

Project RainbowCrack

Posted by xntrik at 08:48 AM | TrackBack

October 23, 2004

Wired News: When War Games Meet Video Games

Posted by xntrik at 09:42 AM | TrackBack

October 14, 2004

Australia Vulnerable to Korean Hacking Army

Posted by xntrik at 09:09 PM | TrackBack

October 05, 2004

Redhat Bonding Configuration

Posted by xntrik at 12:54 PM | TrackBack

October 01, 2004

Fixing Obsidians Network Problem

Came in on monday the 27th to find that a lot of the cluster seemed to be messed up.

The workstations couldn't ping the frontend-0, frontend-0 didn't appear to have it's routing or network addresses working appropriately.

Fix:

  • halt all the machines
    From frontend-0: "cluster-fork halt -t now"
  • fix the frontend-0 network
    From frontend-0: modified the /etc/sysconfig/network-scripts/ifcfg-eth1
    replacing the DHCPD option with a static IP option
    New network settings:
    IP: 172.16.2.240
    Netmask: 255.255.0.0
    This also automatically fixed the "route"ing tables, now any 172.16.x.x traffic was going through eth1
  • reboot the comp-pvfs nodes
  • to aid in daniel's quest, i then turned dhcpd off - which was giving him dramas. (After resetting frontend-0 DHCPD will be started again

*nb: the dhcpd.conf on frontend-0 doesn't actually give out IP's - only to nodes that were assimilated via "insert-ethers" - which meant that machines requesting IP's from frontend-0 were hanging.

Even though i considered modifying the frontend-0's dhcpd.conf to allow it to give out IP's - because the file is automatically updated via "insert-ethers" - i thought it better not to touch it.

Posted by xntrik at 03:50 PM | TrackBack

Creating non-pronouncable passwords with APG

Number of passwords: 80
Length of passwords: 7-14 (8 groups of passwords)
Therefore, there are 10 passwords of each length.

To create the passwords:

./apg -a 1 -n 10 -m 7 -x 7 > apg07.txt
./apg -a 1 -n 10 -m 8 -x 8 > apg08.txt
./apg -a 1 -n 10 -m 9 -x 9 > apg09.txt
./apg -a 1 -n 10 -m 10 -x 10 > apg10.txt
./apg -a 1 -n 10 -m 11 -x 11 > apg11.txt
./apg -a 1 -n 10 -m 12 -x 12 > apg12.txt
./apg -a 1 -n 10 -m 13 -x 13 > apg13.txt
./apg -a 1 -n 10 -m 14 -x 14 > apg14.txt

Then:

cat apg0*.txt > apg-nonpron-passlist.txt

A bashfile was used to automate this task - see netsec01:/home/xian/apg-2.2.3/gen-nonpron-passlist.sh

Posted by xntrik at 03:45 PM | TrackBack

Creating pronouncable password with APG

Number of passwords: 80
Length of passwords: 7-14 (8 groups of passwords)
Therefore, there are 10 passwords of each length.

To create the passwords:

./apg -n 10 -m 7 -x 7 > apg07.txt
./apg -n 10 -m 8 -x 8 > apg08.txt
./apg -n 10 -m 9 -x 9 > apg09.txt
./apg -n 10 -m 10 -x 10 > apg10.txt
./apg -n 10 -m 11-x 11 > apg11.txt
./apg -n 10 -m 12 -x 12 > apg12.txt
./apg -n 10 -m 13 -x 13 > apg13.txt
./apg -n 10 -m 14 -x 14 > apg14.txt

Then:

cat apg0*.txt > apg-pron-passlist.txt

A bashfile was used to automate this task - see netsec01:/home/xian/apg-2.2.3/gen-pron-passlist.sh

Posted by xntrik at 03:40 PM | TrackBack

Configuring PVFS on Obsidian

following instructions from the appendix in http://www.scalablesys.com/training/1-4-RocksAdmin.swf

  1. ensure /pvfs-meta exists

  2. on frontend run "mkmgrconf"

    The inputs i used:
    /pvfs-meta
    root
    root
    777
    frontend-0
    3000
    comp-pvfs-0-0, comp-pvfs-0-1, comp-pvfs-0-2, comp-pvfs-0-3, comp-pvfs-0-4
    7000

  3. on the frontend run "/etc/init.d/mgr restart"

    This spat out errors:

    Stopping PVFS daemon: FAILED
    Starting PVFS daemon: Coult not setup device /dev/pvfsd
    (pvfsd.c, 684): Did you remember to load the pvfs module?
    (pvfsd.c, 453): pvfsd: setup_pvfsdev() failed

    I then ran "/sbin/lsmod" and there was no pvfs module so i attempted "/sbin/insmod pvfs"

    This spat out the same errors as before

    BUT - performing a "ps aux |grep mgr" revealed that a /usr/sbin/mgr process was indeed running

  4. According to https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/2004-January/004195.html it looks like there are issues with the PVFS kernel module and the Opterons running rocks 3.1<

Posted by xntrik at 03:36 PM | TrackBack

An attempt at using Sun's Grid Engine (SGE) for job submission

This was a test to see if i could get john-1.6.37-mpiwlcmf2 to execute via the Sun Grid Engine (SGE) job management system.

...

I played with the various methods of submitting a job, but had no luck. I believe that the default queues and pools are not configured correctly in our installation of rocks, meaning that when jobs are submitted, they will wait indefinately until an available slot or spot becomes available - meaning that submitted jobs will just hang.

Posted by xntrik at 03:31 PM | TrackBack

Running jtr-1.6.37-mpiwlcmf2 on LM passwords with a large wordlist

Instead of using the default password.lst file (as before) i used wordlist files from www.openwall.com

The two main password files were all.lst and mangled.lst

/passwd_cd/all.lst - 3,917,193 lines
This file has the following wordlists inside:

  • passwords/password.lst
  • passwords/languages/*

/passwd_cd/mangled.lst - 40,532,676 lines
This file has the following wordlists put through word-mangling rules:

  • passwords/password.lst
  • passwords/lower.lst
  • languages/English/1-tiny/lower.lst
  • languages/English/1-tiny/cap.lst
  • languages/English/2-small/lower.lst
  • languages/English/2-small/cap.lst
  • languages/English/2-small/alnum.lst
  • languages/English/2-small/mixed.lst
  • languages/German/1-small/lower.lst
  • languages/German/1-small/cap.lst
  • languages/French/lower.lst
  • languages/Danish/1-small/lower.lst
  • languages/Dutch/1-clean/lower.lst
  • languages/Italian/1-small/lower.lst
  • languages/English/3-large/lower.lst
  • languages/English/3-large/cap.lst
  • languages/English/3-large/alnum.lst
  • languages/English/3-large/acronym.lst
  • then at the bottom all unique words from all.lst are included as well.

First test - using the all.lst file with rules turned off.
This test completed in 1 second, cracking the following username/plaintext:
test45:2 PENDENC
test50:1 NOITAMR
test15:1 TNEMERC

Each of these passwords was actually cracked twice! - As the 2 processors where both finding the first 7 characters of words which were in fact larger reoccuring, example:
pendencies and pendency
so node 0 would get PENDEC from pendencies and node 1 would get PENDEC from pendency

This does highlight that it might be useful for LM hashes to truncate these wordlists down to 7 characters long, and remove any duplicates

Second test - using the all.lst file with rules turned on.
This test completed in 37 seconds, cracking the following username/plaintext:
test45:2 PENDENC*
test50:1 NOITAMR*
test15:1 TNEMERC*
test40:1 SNOISSE*
test40:2 RPXEBUS
test35:1 SLAUGH7
test50:2 OFSNART

Passwords marked with a * were cracked twice - similar to what happened in the first test.

Third test - using the mangled.lst file with rules turned off.
This test completed in 13 seconds, cracking the following username/plaintext:
test50:1 NOITAMR*
test15:1 TNEMERC*
test45:2 PENDENC*
test40:1 SNOISSE*
test50:2 OFSNART*

Passwords marked with a * were cracked twice - similar to what happened above.

Posted by xntrik at 03:26 PM | TrackBack

Running jtr-1.6.37-mpiwlcmf2 on LM passwords with a basic wordlist

Using the default password.lst file i attempted to run a crack against the Samba/LM password file created for last semesters work.

This test was once again performed on a single obsidian node (comp-pvfs-0-3) - the command was executed:

 mpirun -np 2 -nolocal -machinefile ~/machines2 ./john --wordlist=password.lst --rules smbpasswd

Initially i believed there were problems as the program appeared to quit almost immediately after pressing enter. Both the *.log and *.pot files had no entries for successful cracks, so i assumed something was broken.

To test this, i created a new smbpasswd file which had passwords based (or copied) from the password.lst wordfile.. i then executed:

 mpirun -np 2 -nolocal -machinefile ~/machines ./john --wordlist=password.lst --rules smbpasswd-test

Within 1 second all of the passwords were cracked...

I then realised that attempting to run a pure wordlist attack using the password.lst file against the initial smbpasswd file would in fact not crack any of the passwords successfully at all - and the reason the program appeared to quit for no reason was because it had actually successfully attempted to crack every word within the password.lst file (and 57 various permutations of each word) and had finished without a successful hit!

Mental note: A single opteron processor can crack ~ 4,128,614 LMhashes per second - so a wordlist file with 2290 lines is nothing.

Posted by xntrik at 03:18 PM | TrackBack

Testing jtr-1.6.37-mpiwlcmf2's wordlist attack

After making the mods to jtr-1.6.37 to allow for wordlist attacks (john-1.6.37-mpiwlcmf2 .. see here) i had to test that it was in-fact working.

The initial tests were performed on a sindle node (with 2 processors) - comp-pvfs-0-3 of the obsidian cluster. This was performed by:

mpirun -np 2 -nolocal -machinefile ~/machines2 ./john --wordlist=password.lst --rules shadow

Where machines2 had a single entry:
comp-pvfs-0-3:2

Unfortunately, because no passwords were actually being cracked (due to the password.lst wordfile being insufficient, and the shadow file not containing simple enough passwords) - the test was re-run, this time the code had been compiled with the -D__CMF_DBG__ flag, which enabled extra output to be generated by john into the log files for each process.

Once again, the command was run - but after running for a few minutes was manually cancelled. Analysing the log files generated by each process, john_log.0 and john_log.1, showed that each node was in fact cracking alternate words from the password.lst wordfile.

Posted by xntrik at 03:06 PM | TrackBack