John-jumbo-full-mpi Backtrack 5

The situation is the following. I have a Lenovo x230 notebook with the following parameters:

  • Intel Core i5 vPro CPU (2+2 core)
  • 8 GB RAM
  • Backtrack 5 R3 x64 Gnome

There are two modern solutions for fast password cracking: GPU and Distributed cracking. I have Intel integrated graphics, so I have not even tried to configure graphic card cracking. The other solution is the distributed cracking which means to crack on several threads in parallel. One can do this with a home computer also like in this tutorial. Another solution is GIJohn.info. Check that out if you want to put your processor time to a "password cracking bank".

So we will do some parallel password cracking inside one computer using several cores. MPI stands for Message Passing Interface and it is good for us to distribute the cracking to multiple CPU cores which obviously makes it faster.

John the Ripper with Jumbo patch and Full MPI patch

1. Install and configure with MPI

The first step is to install MPI to the OS and configure it. You can do that with the following commands.

apt-get install libmpich-shmem1.0-dev libmpich-shmem1.0gf libmpich2-1.2 libmpich2-dev mpich-shmem-bin mpich2 mpich2-doc gdb

Network configuration

The MPI needs the Fully Qualified Domain Name to be associated with the Network Interface Cards IP address. Check your IP address with the following command:

ifconfig|grep "inet addr"

You can now insert it into the "/etc/hosts" file. After the modification it should look like something like this (where 10.0.0.1 is the local IP):

127.0.0.1 localhost
10.0.0.1 myserver
The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now you have to associate the mpi settings with a user. I assume that you don't have one, so I decribe how to create a new one. If you want to use the current user, just replace the name and ignore the user creating command.

sudo useradd -m -s /bin/bash cluster 
sudo passwd cluster 
<enter password="" twice=""> 
sudo su - cluster -c "mkdir ~/bin;export PATH=~/bin:$PATH"</enter>

Configure MPIC:

touch ~/.mpd.conf 
chmod 600 ~/.mpd.conf 
echo secretword=mypassword&gt;~/.mpd.conf 
/sbin/ifconfig|grep "inet addr" 
<inet addr:10.0.0.1="" bcast:10.255.255.255="" mask:255.0.0.0=""> 
<inet addr:127.0.0.1="" mask:255.0.0.0=""> 
cat /proc/cpuinfo|grep processor|wc -l
<4>
echo 10.0.0.1:1 > ~/mpd.hosts</inet></inet>

Check if everything is ok:
  • mpdboot – start the cluster
  • mpdtrace - list all nodes in the cluster
  • mpdallexit – shut down the cluster

Start the cluster with the "mpdboot" command.

2. Download and install John the ripper and patches

Download and extract John the Ripper with jumbo and full-mpi pathces with the following commands (version could change from time to time, so change it where appropriate).

mkdir /pentest/passwords/johnMP 
cd /pentest/passwords/johnMP 
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz 
tar xvzf john-1.7.9-jumbo-7.tar.gz cd src/

 

 After this we have to modify the Makefile and install john to look like below.

nano Makefile 
 
## For experimental MPI_Barrier support, add -DJOHN_MPI_BARRIER too. 
## For experimental MPI_Abort support, add -DJOHN_MPI_ABORT too. 
CC = mpicc -DHAVE_MPI 
MPIOBJ = john-mpi.o 
 
#Uncomment OMPFLAGS 
# gcc with OpenMP 
OMPFLAGS = -fopenmp 
OMPFLAGS = -fopenmp -msse2

Exit nano with CTRL+X and save the file with Y

The john.ini has to be manually created, and the easiest way to grant write permission to cluster

touch ../run/john.ini 
chown cluster:cluster -R run

Now the compilation. Determine your architecture with uname, mine is x86_64, the make:

uname -a 
make linux-x86-64-native 
cd ../run/ 
./john --test

The cluster can be started with the followings:

su cluster mpdboot

Now everything is installed, you can start the test with the following command for 4 cpu cores:

mpiexec -np 4 ~/john-1.7.6/run/john –test

Theoretically the following should work fine, but in my case it only used 1 CPU:

OMP_NUM_THREADS=1 ./john --test

3. Tune John with charsets

John can use different charsets. There is one called RockYou. Download and install it like this:

cd john-1.7.6 
cd run 
wget "ftp://ftp.openwall.com/pub/projects/john/contrib/rockyou/1.1/rockyou.chr.gz" 
gunzip rockyou.chr.gz

 

Edit "john.conf" and insert the followings.

[Incremental:rockyou] File = $JOHN/rockyou.chr MinLen = 1 MaxLen = 8 CharCount = 95

you can now use this charset file:

mpiexec -n 4 ~/john-1.7.6/run/john --incremental:rockyou passwd

 

Links:

http://thesprawl.org/memdump/?entry=11

http://www.petur.eu/projects/John_the_Ripper_on_a_Ubuntu_10.04_MPI_Cluster.pdf