Robert PerrieroStephen JuiCMPT-495IntroductionPurpose6 Character Max, Upper/Lower/Numeric/Special Character PasswordsCommand Line: dic-gen Aa1$_6.txt Aa1$ -F1 -T6Command Line: dic-gen Aa1$_4.txt Aa1$ -F1 -T4Working.........................................................................This generation finished within 45 seconds. Final file size was 330MB.Command Line: dic-gen Aa1$_5.txt Aa1$ -F1 -T5Total Words written: 747197831ReferencesClustering &ComputingA look into the usage of a cluster as a passwordcracking deviceRobert PerrieroStephen JuiCMPT-495December 12, 2004CMPT-495 Fall 2004 Clustering & Computing – Analysis and Design2IntroductionWhether it is for fun or profit, password cracking can be a long, drawn out, time consuming task. Despite the recent advances in commodity level hardware, a really "good" password can take a long time to break and finding out what it is requires a lot of resources. Through the years though, much work has been put into the concept of clustered computing. The basic concept entails harnessing the computing power and memory resources of multiple computers over some sort of medium (Ethernet, fiber, etc.). This isn't possible with standard desktop operating systems, but through the use of the Linux kernel with custom clustering patches, this suddenly becomes practical. With the advent of clustering on commodity level hardware, password cracking has gone from being a task that could take weeks to one that could simply take hours. Anyone with access to multiple computers would be able to have quite a bit of computing power at their disposal.PurposeThe purpose of this paper is to analyze the theory and methods required to crack passwords with a distributed clustering system. We will determine the steps required to build and utilize the clustering system. Attempts will be made at cracking passwords, but this is not the main purpose of the project. Other goals will be to determine the suitability of such a clustering system for other purposes.OverviewThe analysis will be conducted over a number of machines ranging from 1 to 25. Each computer system that will be utilized is an IBM M50. Each of these systems has a 2.8 GHz Pentium 4 processor with 512 MB of RAM. The medium that the analysis will be conducted over is Cat-5e Ethernet. The software that will be utilized will be the CHAOS v.0.7 OpenMosix boot disk. It utilizes a Knoppix bootstyle in which the kernel and file system are loaded into local memory. The chaos disks Linux kernel has been patched with the OpenMosix kernel patch which enables clustering. The local hard disk is not touched at all. The cracking softwarein question will be John the Ripper. Passwords will be generated outside of the laband then brought in via USB hard drive. The main task of splitting multiple john processes across the cluster is achieved by using forkjohn, a program that allows the user to define all necessary command line switches that john the ripper needs. Additionally, forkjohn allows the user to define how many instances of john that are started. This will be necessary later on to optimize the performance of the cluster.CMPT-495 Fall 2004 Clustering & Computing – Analysis and Design3ProcedureAfter managing to obtain access to a Computer Science Department run computerlab for off hour usage, we set about preparing the resources necessary for completing this project. First step, generate a suitable dictionary file that could be run against any password. This is necessary to acquire data on the actual performance of the cluster.Generating the dictionary fileThe first step to any password cracking system is to generate an effective password file. Going on the assumption that we would want to be able to crack anything that a user could throw at us, we decided to build a file that supported Upper, lower, numbers, and special characters (?$#@!.,;:[]{}&^) etc. After an exhaustive search for a shell script, Perl script, or even java code that would do exactly what we wanted it to, we found an application written for windows that did the job. The programmers at Hackers Choice had already done the leg work for us, and had developed an excellent application that would do the job quickly and efficiently. THC Dictionary Generator is a basic DOS utility which will generate a dictionary file based on the users needs.1 st RunRequirements:6 Character Max, Upper/Lower/Numeric/Special Character PasswordsCommand Line: dic-gen Aa1$_6.txt Aa1$ -F1 -T6Results:DIC-GEN v1.0ß (c) 1995 by van Hauser/THC - The Hacker’s Choice [THC]══════════════════════════════════════════════Initialization...Identifying Options...Displaying Options... Output File: Aa1$_6.txt CharSet: Aa1$ Generator Mode: GUESSING VARIABLE Variable: ?????? `?` to fill: 6Working..........................................................................................................................................................................................................................................CMPT-495 Fall 2004 Clustering & Computing – Analysis and Design4Aborted.The file size was getting to be too large. When the file size reached 50GB, I aborted the generation, as this isn't feasible to work with on a temporary clustered system.2 nd RunRequirements:4 character Max, Upper/Lower/Numeric/Special Character PasswordsCommand Line: dic-gen Aa1$_4.txt Aa1$ -F1 -T4Results:DIC-GEN v1.0ß (c) 1995 by van Hauser/THC - The Hacker’s Choice [THC]══════════════════════════════════════════════Initialization...Identifying Options...Displaying Options... Output File : Aa1$_4.txt CharSet : Aa1$ Generator Mode : BRUTE FORCE From Word Length : 1 To Word Length : 4Working.........................................................................This generation finished within 45 seconds. Final file size was 330MB.3rd RunRequirements:5 character Max, Upper/Lower/Numeric/Special Character PasswordsCommand Line: dic-gen Aa1$_5.txt Aa1$ -F1 -T5Results:DIC-GEN v1.0ß (c) 1995 by van Hauser/THC - The Hacker’s Choice