FireEye releases open source managed password cracking tool

+ Watch the recorded webinar: Inside a Docker Cryptojacking Exploit

FireEye has released GoCrack, an open source tool for managing password cracking tasks across multiple machines.

open source managed password cracking tool

“Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines,” Christopher Schmitt, a senior vulnerability engineer ar FireEye, explained.

GoCrack and its source code have been made available on GitHub.

Users can build it from source, or with the help of docker containers that build the necessary components for a successful install.

“We’re shipping with Dockerfile’s [sic] to help jumpstart users with GoCrack. The server component can run on any Linux server with Docker installed. Users with NVIDIA GPUs can use NVIDIA Docker to run the worker in a container with full access to the GPUs,” Schmitt added.

Using GoCrack

The tool is expected to be of great help to red teams, which need to do things like test password effectiveness, develop better methods to securely store passwords, audit current password requirements, crack passwords on exfil archives, and so on.

User can create, view, and manage tasks through a simple web-based user interface:

GoCrack dashboard

“Keeping in mind the sensitivity of passwords, GoCrack includes an entitlement-based system that prevents users from accessing task data unless they are the original creator or they grant additional users to the task. Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators,” Schmitt says.

“Engine files (files used by the cracking engine) such as Dictionaries, Mangling Rules, etc. can be uploaded as ‘Shared’, which allows other users to use them in task yet do not grant them the ability to download or edit. This allows for sensitive dictionaries to be used without enabling their contents to be viewed.”

GoCrack tasks’s wont function until engine files are uploaded.

“GoCrack is shipping with support for hashcat v3.6+, requires no external database server (via a flat file), and includes support for both LDAP and database backed authentication,” Schmitt notes.

They plan on adding support for MySQL and PostgreSQL database engines for larger deployments, the ability to manage and edit files in the UI, automatic task expiration, and greater configuration of the hashcat engine.