Muticore dictionary support in JTR using Hashcat utilities (by d3ad0ne via ob-security.info)

Introduction:

John the ripper first saw the light of the digital word back in 1996. The common CPUs at the time ranged from 486′s to Pentium’s, not a dual core, quad core, or hex core was in sight. Over the past decade and a half JTR has had plenty of patches and updates, but it’s never been rebuilt from the ground up to work in a multicore architecture.  There however has been some creative methods for getting it to work in a multicore environment. Which brings me to what this article is about. Today I’m going to cover how to use the “Gate” tool from the Hashcat utilites suite to put all those cores to work. The gate tool logically splits a dictionary file into equal sections based on the amount you specify. Gate works in both linux and windows, but for the purpose of this article I’ll be covering how to use it in linux.

Method:

Before we get started you’ll need a couple things. First you’ll want the latest version of Hashcat utilities you can download it here. Once you have them unrared in your working directory copy gate.bin to your john directory.  If you don’t have a dictionary to use a good example is the “rockyou.txt” list that can be downloaded from here. You’ll need  a hash list, here is the example DES list I’ll be using in my example.

The syntax for gate is: ./gate.bin mod offset < infile > outfile   Gate will also work on stdin and stdout. The two important switches are the ‘mod’ and ‘offset’. Mod is the number of times you want to split your dictionary. For example if you have an i7 then you would want to use a mod of 8 so that all your cores are fully utilized. The offset value is which section of the split is getting that feed. Lets look at an example.

john# cat rockyou.txt | ./gate.bin 8 0 > example0.txt

After this finishes excuting you should now have a file called example0.txt that is 1/8th the size of rockyou.txt. This is because gate splits the output from cating rockyou.txt evenly and only puts every 8th line into example0.txt You could do this for 0-7 and each one will have a different section of the original file. Now that you can see how gate works we’ll see how to use this with JTR.

john# ./gate.bin 8 0 < rockyou.txt | ./john --stdin --session=0 des.hash
<Ctrl>+c to kill

If you’ve run the above command correctly you should see John running as it normally does. However if you only have one terminal shell open your screen is being taken up by just one instance of John. You can put this process in the background by doing:

<Ctrl>+z
# bg

The ctrl+z will put the current running process in the background, bg will make that process running again. At this put you can continue kick off subsequent instances of John using a different offset and session number.
One thing to note is that John will print guesses to stdout, so it can be hard to start other instances if John keeps printing to the screen. You can send the output to /dev/null so that it won’t interfere. By running the command with ‘&’ on the end the process will start in the background. You could put your entire list of commands in a text file and copy & paste them to the screen such as this:


./gate.bin 8 1 < rockyou.txt | ./john --stdin --session=1 des.hash > /dev/null &
./gate.bin 8 2 < rockyou.txt | ./john --stdin --session=2 des.hash > /dev/null &
./gate.bin 8 3 < rockyou.txt | ./john --stdin --session=3 des.hash > /dev/null &
./gate.bin 8 4 < rockyou.txt | ./john --stdin --session=4 des.hash > /dev/null &
./gate.bin 8 5 < rockyou.txt | ./john --stdin --session=5 des.hash > /dev/null &
./gate.bin 8 6 < rockyou.txt | ./john --stdin --session=6 des.hash > /dev/null &
./gate.bin 8 7 < rockyou.txt | ./john --stdin --session=7 des.hash > /dev/null &

You can type ‘jobs’ on the command line to see all of the instances of John running, and if any of them are stopped. If everything was done right you’ll hopefully be running through those wordlist 8 times as fast. The above example could work similarly in a windows environment however each instance of John would have to run in a separate command windows because the background command isn’t supported.

Original post: http://ob-security.info/?p=164

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s