Jump to content


Photo
- - - - -

Pyrit Using A Cluster Of Pcs


  • Please log in to reply
11 replies to this topic

#1 TheRaver

TheRaver

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 24 March 2012 - 08:18 PM

Hi All,

little background.

I am running an AMD 1055T Overclocked to 3.6Ghz at highest speed Ive lowered this down as I am running a WPA crack using pyrit & crunch.

My pc
AMD clockspeed about 3.4GHZ six cores
I am also using CUDA on an Nvidia GTX260 (this is quite an old card I had lying around)
8Gig Ram
Backtrack 5r1 fully patched working with cuda.

I also have a linux server box well webserver as well which just sits there all day not doing much.

This is a 3Ghz Dual core AMD
2gig Ram
1TB harddisk
no special card or other bits.


What I would like to do is run "./crunch 10 10 -f charset.lst lalpha-numeric -i -d 1 -s abababababab -u | pyrit -i - -r mywpa.cap - mywifi attack_passthrough"
This command will bruteforce to pyrit starting from abababababab

All well and good as its running this now on my BT box I am getting aprox 14000PMKs

I would like to shift some of the load onto my other linux box I know it can be done with pyrit but if I want to do this will I have to generate a 32Pbyte wordlist then import that into pyrit then I can attack that using multipule machines or is it possible to do this using the command i have with crunch?

Many thanks.
To give you an idea of what I have tried ...

I ran a vm on my windows machine running Backtrack 5
I then run crunch with the above command but created a 50gig file once this was completed I compressed this file using gzip then tar'd it to make it smaller the resulting zipped size was about 10-11gig
It got to the stage where I couldnt zip up my files fast enough.... I had some serious fun in the beginning crunch filled a 3TB eternal harddrive in just over a day it was amazing I came home expecting the drive to have been about half full but it just gobbled up 3TBs way cool...

Anyway if anyone has any ideas
So you are aware I have the 4 way handshake I captured this using airodump-ng I also verified this using pyrit and checked in wireshark for the EAPOL(i might have that wrong)



So again 2 machines I would like to spread the load so to speak :)

Thanks all....

The Raver
Live long and prosper :)

#2 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 24 March 2012 - 10:25 PM

Found something that might be worth, checking out.

http://code.google.c...s/detail?id=159
http://www.backtrack...ead.php?t=36368

Edited by Infiltrator, 24 March 2012 - 10:32 PM.

Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#3 TheRaver

TheRaver

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 26 March 2012 - 03:45 PM

Many thanks for your quick reply,

I have actually been watching the threads on BT forums...

What I am trying to do might not be possible its ive seen clusters sharing cpu work...

What I am doing is a bruteforce so I dont have a text file to use so would be unable to spread the load across each of the machines although I may end up doing this.

Thanks for your reply.

Dave

#4 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 27 March 2012 - 03:23 AM

Many thanks for your quick reply,

I have actually been watching the threads on BT forums...

What I am trying to do might not be possible its ive seen clusters sharing cpu work...

What I am doing is a bruteforce so I dont have a text file to use so would be unable to spread the load across each of the machines although I may end up doing this.

Thanks for your reply.

Dave



Correct if I am wrong, but doesn't Pyrit only use dictionary files? Instead of pure brute forcing!
Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#5 leapole

leapole

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 141 posts
  • Gender:Male

Posted 27 March 2012 - 08:08 PM

I would set up Pyrit and the server setup as described in the links.

then you can run a command like

crunch 10 10 0123456789 | pyrit -i '-' -r keyfile attackpassthru

and if the servers are all setup and running it should work as a cluster.

But after looking at the systems you are using It might be more effective to buy a 100 dollar video card that will do more pmk that your setup clustered for like half the power cost and the lack of use of whatever machines are doing the cracking.

You just have to make sure the servers are running on other machines and you have set the pyrit config file to know about them.

Edited by leapole, 27 March 2012 - 08:08 PM.


#6 intertan

intertan

    Hak5 Fan

  • Active Members
  • PipPip
  • 17 posts

Posted 03 April 2012 - 10:15 PM

have you looked at oclhashcat-plus?

#7 TheRaver

TheRaver

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 09 April 2012 - 12:15 PM

Hi Infiltrator,

no you can pipe data from number crunchers like crunch. which is what i had started to do...
But i dont think it was possible to do a cluster without using a dictionary.

As a starting point I am creating a 27Pbyte list I am on about 5Tbytes with a week of crunching :)

Cheers

The Raver

#8 TheRaver

TheRaver

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 09 April 2012 - 12:18 PM

have you looked at oclhashcat-plus?

Hi intertan no I havent looked at oclhashcat-plus I've had a read about it but havent had any experience yet.

Cheeers

The Rave

#9 TheRaver

TheRaver

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 09 April 2012 - 12:32 PM

I would set up Pyrit and the server setup as described in the links.

then you can run a command like

crunch 10 10 0123456789 | pyrit -i '-' -r keyfile attackpassthru

and if the servers are all setup and running it should work as a cluster.

But after looking at the systems you are using It might be more effective to buy a 100 dollar video card that will do more pmk that your setup clustered for like half the power cost and the lack of use of whatever machines are doing the cracking.

You just have to make sure the servers are running on other machines and you have set the pyrit config file to know about them.


Hi leapole,

my intention is weavering towards 2-3 AMD 5870s as they seem to get about 32000Psk
My ideal setup would be my trusty GTX260 on my server box running 2Gig Ram & a 3Ghz Quad AMD
Then my normal BT5 box running AMD 1055 6 cores overclocked 3Ghz per core with 2-3 5870s I can fit upto 4 cards on my board.

Thanks again I am constantly reading and learning and am always open to suggestions.

If anyone is interested
55 files of 100Gig compressed with bzip2 to 8gig a file.
This hasn't really touched much of the create list lalphanumeric.

Cheers

The Raver

#10 leapole

leapole

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 141 posts
  • Gender:Male

Posted 10 April 2012 - 05:36 AM

Nice. You should have nps using the pipe for the cluster. You might want to setup the database up so you can save all the crunch that you do. Pyrit is an extensive program and well setup for your plans.

#11 thebunnyman

thebunnyman

    Newbie

  • Members
  • 2 posts

Posted 11 October 2013 - 07:22 PM

you can nix the gpu and lack of understanding and get the basis of this done in a page of bash

 

You need two main scripts.  One to iterate permutations a-Z 0-9 or whole words even.

The other iterates numerations of your desired line.

Third script runs on into the other.  for var do done.  you can then easily pipe this into mario world.

 

Sed your script while numerating a sequence of 1-however many lines your permutations yield.  You also sequence your permutations against your numeric sequencer.  This reads 1to1 but you could could omit aircrack here and make a fullblown connect script by sequencing a telnet 1 in every 3 or whatever you desire. This allows you to choose a starting point for your crack as well as distributing that starting point differently to different devices.  Looks basically like this

 

./bin/bash/script1

 

list=`echo {0..9} {a..z} {A..Z}`
 
for c1 in $list
do
        for c2 in $list
        do  
                for c3 in $list
                do  
                         echo $c1$c2$c3$
done
done
done

 

 

/bin/bash/script2

for i in$(seq 1-100000000)

do

    /bin/bash/script1 sed -n  '$line'p

done

 

 

/bin/bash/script3

ti=$(bin/bash/script2)

for var in "$ti"
do
     /bin/bash/script2  
done
 
/bin/bash/aircrack-ng some code - | /bin/bash/script
 
You would then make a master script presumably with netcat which would launch the same script on multiple devises.  The only difference being what line you start on, your char set, or whatever vars you care to define.
 
The output of each of these scripts probably needs a handler but that should be the easy part.  That is the part you do know how to articulate... right?
 
so this is a little rough but it should work for whatever you are capable of adapting it to.  Not gpu based but simple enough for a noob I hope.  plus you can run it on anything that supports a bash terminal.  Like a android phone :-)  if your not getting it or you want to see my full telnet script drop me a line bunny.test.y@gmail


#12 thebunnyman

thebunnyman

    Newbie

  • Members
  • 2 posts

Posted 11 October 2013 - 07:33 PM

in the case of tables this would leave you with multiple in which case you could script your attack and add one second per table.  For a cluster you could output your numeric iteration the (third which iterates the second) to a file and reference it with your handler to know where to start, stop, or where you left off.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users