Network Distributed WPA Cracking
Hi everyone, I've been searching for an application that supports "WPA cluster cracking" and haven't found one for Linux, just the ElcomSoft for Windows... So after I finally got enough passwords, went through some list optimizing steps, read up some more of xplioitz great tutorials then stumbled across hxxp://airodump.net/utilizing-multiple-cpu-cores-for-password-cracking/ I benchmarked one of my desktops and speeds in 'airolib-ng db --batch' went from 273PMK/s on avg to 505PMK/s on avg (252PMK/s + 253PMK/s) 'aircrack-ng -r db cap.cap' went from 86000 k/s max and 75000 k/s avg on one pid, to, ~150000 k/s (75000 + 82000 k/s avg) , by splitting the number of workloads according to the nr of processors, after completing these steps, I figured I'd try to make a small script to help with the wordlist mangling and distribuiting the workloads to specified clients, each recieving N workloads, where N=nr of processors, but my bash skills aren't really all that so it takes me a little extra time to google it all up, but I'm almost done with a first working version that uses netcat to trigger remote requests after which targets download the workloads from specified urls, sitting on the server which distributes the packs using apache, (the packs are split segments of the main wordlist sitting on the server, which gets split N times by nr of lines, and rounded up, where N is the total nr of processors, counting local on server and on remote clients), after all are distributed, the server starts local computing, all other clients start as soon as the downloads complete. Once all clients have the packs downloaded, it creates a different db for each pack, which is in reference to the number of processors on that client, then run the same nr of airolib instances for the creation, cleaning and batching of the databases, followed by the same nr of instances of aircrack...
I plan on adding more to it, like a control panel etc, but I just really wanted to see it up and running. I'll post it here and some more info in a day or two, maybe someone else would find it useful or could give me some criticism. I almost had it runing complete earlier but then i deleted the client file on accident and haven't got back up to rewriting it yet...
If anyone has a similar setup or ideas please do share
I did (do) something very similar with john the ripper. I presume you are only planning to use this for airolib or do you want to be able to kill the other systems once the password has been found (if you ran straight out aircrack)? Did you have a look at the older versions of pyrit?
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
I only tried it with the aircrack suite so far, I will probably add a genpmk/cowpatty option to it later... What did you mean by killing the systems once the pass has been found? And no, honestly I haven't looked at older pyrit versions but now that you mention it I guess that I should, what was it you were refering to in the older versions?
older pyrit versions had network processing - I think that was removed recently but would have to look to be sure.
My scripts are actually C programs - the idea for me is:
1. Split up password list
2. Distribute components to network hosts
3. Process password list - if password is found, skip to step 6.
4. Report failure and request/receive a new password block
5. Complete processing on all password file chunks
6. Kill any running process' that pertain to cracking (in this case "john") and exit with success/failure status.
I use this distribution to crack singular passwords - that is all it is capable of currently, but the idea is that once the password is found, john is killed on all hosts to prevent wasted CPU cycles. This is *not* what you want to do with airolib (except that it will eventually loop infinitely IIRC so you may want to), but would work better for aircrack-ng itself.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
I am basically trying to do the same thing, but in bash and using 3rd party tools like netcat, apache and wget instead of sockets, unfortunatly I don't have that much bash knowledge either, but it doesn't seem that hard, and a whole lot easier to slap together using google than learning C basics and sockets. My script will kill local and remote aircrack instances if a password has been recovered and reported, it'd still be time consuming but it obviously helps splitting up the loads as you did/do using djohn. I recently ran across a distributed wpa cracker using djohn but was unable to get it going...
hxxp://forum.aircrack-ng.org/index.php?topic=5036.0
maybe you would make more use of it implementing it in your current cracker
Posting Permissions
