A Willing Botnet?

[Infiltrator]

Ok no offense... well ok maybe a little. But let me guess... 13 maybe 15ish. Think all the stuff you see in the news about hackers and botnets are cool. Bam you wanna create you're own botnet. But for political protesting of course...

Whenever someone hears the term BotNet, they instantly assume its for doing something evil or causing harm. But I don't see it that way. What gives them the bad image, are the people controlling them on the background.

If I were to create my one Botnet, it would be put for good use. Scientific, medical research and so forth.

[Trip]

Scientific, medical research and so forth.

like the seti screen saver ;)

http://boinc.berkeley.edu/download.php

i wonder if the source code is available ?

Edited October 8, 2010 by Trip

[Guest Deleted_Account]

So you are as I expected, a teenager whom wants to have access to the power of a botnet. I have already posted an alternative idea, cluster of willing people to recovery WPA keys. But highly doubtful someone will step up to develop.

I would be willing to help develop it. Preferably in python however. If I did it I would have to wait till either A) someone from the homebrew community brings FULL otherOS back or B) I get a 12 core processor rig that I am eying at the moment before I start doing anything like tables and such.

And as a side note using my ps3 before and a self-compiled rtgen I managed to spit out some huge 3GB+ tables pretty fast so it could come in handy specailly if there are more PS3 owners on here.

EDIT: One more point it should be secure and limited to members here ONLY kinda like you need to sign in to your Hak5 account to use it and have more than X number of posts. Also for legality if it can be used for cracking to there should be X number of mods that review Cracking requests to make sure the keys belong to who is doing the cracking and not just hacking some random person for illegal purposes.

Edited October 8, 2010 by x942

[Infiltrator]

EDIT: One more point it should be secure and limited to members here ONLY kinda like you need to sign in to your Hak5 account to use it and have more than X number of posts. Also for legality if it can be used for cracking to there should be X number of mods that review Cracking requests to make sure the keys belong to who is doing the cracking and not just hacking some random person for illegal purposes.

I like the idea, I think someone should design a web-interface where you login with your Hak5 account and once logged in, the user can submit his/her hashes for cracking, as well we can keep track of what hashes that user submitted for legality purposes.

Furthermore, as you stated not everyone should be able to use the system, they must meet a certain amount of post numbers before they are allowed to use the service.

[Trip]

think about it though thats some amzingly crazy stuff i dont understand rainbow tables enough to know if this is viable ... distribution of tables would be interesting to say the least i think before anyone starts designing anything we should first take into consideration of how viable this project would be and speak to some people that understand rainbow tables and methods for distributed computing.

[Razor512]

No one likes to take part in a ddos. One of my friends got his road runner account suspended for taking part in a DDOS attack a long time ago (used a utility created by some people on 4chan, it turns out that not only did it flood it's target, it also did a number of other things to other random ip's on the internet and additional weird stuff to his PC)

Not sure if it applies to many other ISP's but road runner is a real life reenactment of the book 1984 but instead of following it exactly, they instead make it their goal to monitor everything everyone does.

[Mr-Protocol]

Road runner doesnt bother me really. I've gotten lots of calls for hacking a corp network, DDoSing yahoo, running my Tor exit node which people were using for account theft. Pretty much what happens is they put your account in a quarantine and if the problem isn't solved after sending you a letter, they discontinue your account.

I usually call them and say I had a bad virus, say i ran my "virus checker" or tell them someone looked at it and fixed it. If you sound like a retard they usually will leave you alone.

[Infiltrator]

think about it though thats some amzingly crazy stuff i dont understand rainbow tables enough to know if this is viable ... distribution of tables would be interesting to say the least i think before anyone starts designing anything we should first take into consideration of how viable this project would be and speak to some people that understand rainbow tables and methods for distributed computing.

There is nothing complex about understanding how rainbow table works, it's not alien technology my friend. Its a simple concept that involves, cracking hashes on a more efficient manner. As opposed to the traditional brute forcing method, that uses your computer CPU power to crack the password hash. Rainbow crack uses a combination of CPU power and Memory trade off to accelerate the cracking process.

But before rainbow crack can be used, rainbow tables are required to be generated and that's where a distributed rainbow table system comes in. Since it requires a lot of processing power, storage and time to create these massive tables, a single computer would take a very long time to generate these tables, if you can combine the power of more than one PC together, like in a cluster environment the time needed to generate these tables would be greatly reduced.

Now on a side note, if you want to have a good success rate when cracking passwords, lots of storage capacity will required for this project to take off.

[Sparda]

A rainbow table still takes allot of CPU time (just as much time as a 'normal' brute force attack), you just expend that time long before you actually need to crack some thing. Then you hope what you need to crack was generated and stored in your pre-computational attack.

[Infiltrator]

A rainbow table still takes allot of CPU time (just as much time as a 'normal' brute force attack), you just expend that time long before you actually need to crack some thing. Then you hope what you need to crack was generated and stored in your pre-computational attack.

And that's where a distributed system comes in hand, to reduce that time it takes to crack the hash.

[Trip]

right ...

step 1. create client application capable of creating rainbow tables for a specific string size & character set

step 2. create a server application to distribute table generation to clients (breaks up character set into segments) sends to clients connected ie one client produces keys a-c client 2 produces d-f and so on till a complete set is produced. we should aim for 4 chars to start with (for testing purposes) then to 8 and 16+ if we got it to release state.

step 3. create function to pass hashes to client apps for cracking

step 4. compare keys on clients

step 5. return result from client

start process again from step 3 (with a new hash)

... i think the client app should be a screen saver so it runs only when the machine is idle

ps.

client app could handle multiple sets of keys so if we split the rainbow table into 32 chunks and only had 10 clients some clients could process 2 or 3 chunks of hashes ... so we wouldnt need a complete set of clients before any processing could take place

server app would almost look like a torrent app showing which chunks had been processed and how far an attempt was from completion

anyone know how long it would take to create a set of tables for 4 chars ?

using ...

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`1234567890-=[];'#,./\¬!"£$%^&*()_+<>?:@~{}|

Edited October 11, 2010 by Trip

[Trip]

put your tools down its already been done ...

Distributed Rainbow Crack!

If you don't wan't to download all the tables, we can also offer to scan your password hashes through all of the rainbow tables.

Thanks to our distributed approach, we can scan thousands of hashes through all of our rainbow tables in little time. Just register and let us start cracking your hashes

The cracking service is limited to 10 hashes per 24 hours. To be able to crack more than that, you have to contribute to our distributed rainbow table generation project by downloading and running the BOINC client.

http://www.freerainbowtables.com/

... you know the really funny thing it runs on the bionic framework which is the same thing seti's screen saver runs on lol :D

Edited October 11, 2010 by Trip

[Infiltrator]

anyone know how long it would take to create a set of tables for 4 chars ?

using ...

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`1234567890-=[];'#,./\¬!"£$%^&*()_+<>?:@~{}|

Try using winrtgen.exe its a GUI application that can calculate and tell you how long and how much disk space it will take, as well as generate the tables itself. The only issue is that, it does not support multicore CPUs.

[Trip]

Try using winrtgen.exe its a GUI application that can calculate and tell you how long and how much disk space it will take, as well as generate the tables itself. The only issue is that, it does not support multicore CPUs.

there's not much point now dude if we had a unique product i'd be up for programming it but if there's an existing one there's not much point but ty for the info

[Infiltrator]

there's not much point now dude if we had a unique product i'd be up for programming it but if there's an existing one there's not much point but ty for the info

Who said we can't design a unique product. We can design our own product and make is opensource and available to the public. At the moment, I don't think we have a software that is available for us to generate distributed rainbow tables. I know BIONIC The project, but it only have a bionic client software available not the server side software which sucks.

[Guest Deleted_Account]

(Condensed)

Now on a side note, if you want to have a good success rate when cracking passwords, lots of storage capacity will required for this project to take off.

I have about 10 Terabytes on my LAN right now lol was going to use it as a kick ass media center/ ISO hub but I could definately spare it for some table fun :P

Try using winrtgen.exe its a GUI application that can calculate and tell you how long and how much disk space it will take, as well as generate the tables itself. The only issue is that, it does not support multicore CPUs.

I thought it did? or does just rtgen support it? I used it on my ps3 and it generated (as I said before) 3GB+ tables in less then a day (if I remember right it was a while ago someone correct me if the time is wrong; it was faster for sure) and thats a 2 Teraflop system so I bet a Core I7 could do a lot better. (but I am not a hardware person so correct me if i am wrong here).

Who said we can't design a unique product. We can design our own product and make is opensource and available to the public. At the moment, I don't think we have a software that is available for us to generate distributed rainbow tables. I know BIONIC The project, but it only have a bionic client software available not the server side software which sucks.

Much agreed. We should start from the ground up as winrtgen doesn't support multiple cores apparently. Also maybe we could add in GPU for those that have more GPU power. The hardest part would be the securing and authentication part. So ONLY Hak5 members can actually use the client/server (Not code I just mean so each network is isolated so if we start a "hak5" one and someone else comes along they can't just rob our power for illegal use.) The "hash" sumbiting part is good as a web front-end as previously stated and then have Darren tie it in to the Hak5 accounts so you have to have at least 20 or so posts before you can use it. Also require a legit email or something in case it's passed off as legit but turns out to be illegal. An EULA would be a must to so Hak5 couldn't be held responsible in the event of this.

[Infiltrator]

I have about 10 Terabytes on my LAN right now lol was going to use it as a kick ass media center/ ISO hub but I could definately spare it for some table fun :P

10 Terabytes, that should be plenty for a 12 to 15 charset mix-alpha-numeric table.

[Trip]

what type of hashes would we want to target ?

[Guest Deleted_Account]

what type of hashes would we want to target ?

I would say WPA as a start as NTLM and LM are easily cracked as is. Maybe support for more complex passwords in LM/NTLM but after, I believe, a 14 (20?) char. alpha-numeric password it would take just as long to crack it with tables as with a normal bruteforce. (from my understanding at least I read a white papper on this a while back). If there is enough dammaned for LM/NTLM we could always incorperate it later but I don't see it as needed as even if they use a complex password KonBoot them ;)

[Infiltrator]

Definitely WPA and NTLM/LM hashes, especially WPA!!!

[Trip]

cowpatty is linux only isnt it ?

... im just thinking of speeding up the development of the client app using existing code / apps

number 1 problem how to split the char set ?

we need an algorithm where we could specify key generation to start and end but it needs to be sequencial going to have a look for some brute force password list generators ... should be some open source code somewhere

Edited October 12, 2010 by Trip

[Guest Deleted_Account]

What I have so far (in pseudo code):

Draw main window with title "Login"

  Print "Welcome to Hak5 DRTGen"
  Print "Please Sign in"

  Draw text box with label "username"

  Draw text box with label "password"


Check password with www.hak5.org/insert_login_check_here

   if login successful
goto postcheck

else
 return_error() 

postcheck()

connect to www.hak5.org/insert_post_check_here

if post_count =/> 20 
connect to DRTGen network 

else
 return_error()

// This part is connecting to network ///

Check client list on www.hak5.org/insert_client_ip_list_here
connect to mesh network {insert ip of mesh network here} on port 1337 // This should be encrypted by the way //
draw new window
Print "INSERT SIZE OF HASH DECIDED BY SERVER/MESH OPERATOR"
draw button Start
draw button Pause
draw Button Quit

Well you get the point as for decided size and stuff this should be done by whoever is running the server/Mesh which would be the main connection point that then tells the clients where to connect to (i.e. There IP's) The size of tables and type could by set-up with a web-front end so users can input what they want and others vote on it so say if a 3GB has 20 votes and a 1GB Table has 10 than the 3GB Tables would be generated first. This would be feed into a text file which would then be read by the clients and they would proceed down the list. As more votes come in this would have to automatically be updated to reflect the changes. (Againg this page would only be available with 20+ posts as well). For submitting hashes the Program would either need to include a cracking part or that could be seperate. We could do it like this:

X number of members run dedicated machines to Generate tables while X number of other members run dedicated machines to crack hashes using those tables. (correct me if this wouldn't work).

Oh and how do you like the name? :P DRTGen (Distributed Rainbow Table Generator ) :)

[Trip]

If I do recall ddos'ing is a felony... (its illegal regardless)

I dont know if it was mentioned or not but a modified copy of loic has been made a voulentary botnet for ddos attacks

this thread has moved on from ddos btw ;)

[monkyyy]

lol the updated LOIC added the what i was talking about when i started this as "hive mind mode"

wonder if i will have to set it up again if i reboot

[Monki]

Only to play devils advocate here, but if it is not illegal to strike and lockout companies, why should it be illegal to DDOS a site? I understand the thought, but still, they are very much the same. I would not condone this type of behavior, but these kind of things do create attention for your cause. I'm not saying we Hak5ers can do anything about it, but it is still and interesting thought. I would say a benevolent botnet like this would be fun actually. Very much like it was brought up before, TOR and Folding@Home are both "botnets" and they accomplish a lot of good things. Heck, even the Internet itself is a kind of botnet. Maybe a Hak5 opt-out botnet could be cool. It could be used for things like mass emailings. A botnet would accomplish more if it did legal things politically then if it was illegal. Maybe if you want to do something like this run it as an email server, that says to the end user: "Would you like to help with this emailing, and send an email to the representative?" And on the Yes click it would send an email from all of the computers that agree, to the person mainly leading the thing the 'net is against. And if you want you can click No. Make sense?