John-jumbo-full-mpi Ubuntu 10.04

The situation is the following. I have a Sony Vaio VPCEB1E1 notebook with the following parameters:

  • Intel Core i3 330m CPU (2+2 core)
  • 4 GB RAM
  • ATI Mobility Radeon HD5470
  • Ubuntu 10.04 x64

There are two modern solutions for fast password cracking: GPU and Distributed cracking. I tried the GPU with Backtrack4 but I had some problems with my graphic card so I gave up for a while. The other solution is the distributed cracking which means to crack on several threads in parallel. One can do this with a home computer also like in this tutorial. Another solution is GIJohn.info. Check that out if you want to put your processor time to a "password cracking bank".

So we will do some parallel password cracking inside one computer using several cores. MPI stands for Message Passing Interface and it is good for us to distribute the cracking to multiple CPU cores which obviously makes it faster.

John the Ripper with Jumbo patch and Full MPI patch

1. Install and configure MPI

The first step is to install MPI to the OS and configure it. You can do that with the following commands.

sudo apt-get install libmpich1.0-dev libmpich-mpd1.0-dev libmpich-shmem1.0-dev mpich2 mpich2-doc build-essentials

Network configuration

The MPI needs the Fully Qualified Domain Name to be associated with the Network Interface Cards IP address. Check your IP address with the following command:

ifconfig|grep "inet addr"

You can now insert it into the "/etc/hosts" file. After the modification it should look like something like this (where 10.0.0.1 is the local IP):

127.0.0.1 localhost
10.0.0.1 myserver
The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now you have to associate the mpi settings with a user. I assume that you don't have one, so I decribe how to create a new one. If you want to use the current user, just replace the name and ignore the user creating command.

sudo useradd -m -s /bin/bash cluster
sudo passwd cluster
<enter password twice>
sudo su - cluster -c "mkdir ~/bin;export PATH=~/bin:$PATH"

Configure MPIC:

touch ~/.mpd.conf
chmod 600 ~/.mpd.conf
echo secretword=mypassword>~/.mpd.conf
/sbin/ifconfig|grep "inet addr"
<inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0>
<inet addr:127.0.0.1 Mask:255.0.0.0>
cat /proc/cpuinfo|grep processor|wc -l
<4>
echo 10.0.0.1:1>~/mpd.hosts

Check if everything is ok:
  • mpdboot – start the cluster
  • mpdtrace - list all nodes in the cluster
  • mpdallexit – shut down the cluster

Start the cluster with the "mpdboot" command.

2. Download and install John the ripper and patches

Download and extract John the Ripper, jumbo and full-mpi pathces with the follwoing commands (version could change from time to time, so change it where appropriate).

wget "http://www.openwall.com/john/g/john-1.7.6.tar.gz"
wget "http://www.openwall.com/john/contrib/john-1.7.6-jumbo-3.diff.gz"
wget "http://openwall.info/wiki/_media/john/john-1.7.6-fullmpi8-after-jumbo3.diff.gz"
tar xvzf john-1.7.6.tar.gz 
gunzip john-1.7.6-jumbo-3.diff.gz 
gunzip john-1.7.6-fullmpi8-after-jumbo3.diff.gz

 

 After this we have to patch and install john.

cd john-1.7.6
patch -p1 < ../john-1.7.6-jumbo-3.diff
patch -p1 < ../john-1.7.6-fullmpi8-after-jumbo3.diff
cd src
make linux-x86-64

Now everything is installed, you can start the test with the following command for 4 cpu cores:

mpiexec -n 4 ~/john-1.7.6/run/john –test

3. Tune John with charsets

John can use different charsets. There is one called RockYou. Download and install it like this:

cd john-1.7.6
cd run
wget "ftp://ftp.openwall.com/pub/projects/john/contrib/rockyou/1.1/rockyou.chr.gz"
gunzip rockyou.chr.gz

 

Edit "john.conf" and insert the followings.

[Incremental:rockyou]
File = $JOHN/rockyou.chr
MinLen = 1
MaxLen = 8
CharCount = 95

you can now use this charset file:

mpiexec -n 4 ~/john-1.7.6/run/john --incremental:rockyou passwd

 

Links:

http://thesprawl.org/memdump/?entry=11

http://www.petur.eu/projects/John_the_Ripper_on_a_Ubuntu_10.04_MPI_Cluster.pdf