Jump to content


Photo
- - - - -

What can I do with 50 computers...


  • Please log in to reply
5 replies to this topic

#1 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 23 December 2012 - 10:43 PM

Greetings, and Happy Festivus!

I've been given creative freedom to make suggestions/implement my ideas on the equivalent of a small business network consisting of roughly 50 laptop computers (8GB RAM each, i7 processors) running Windows 7, with VMWare Workstation 8 installed on each. The network in the end will be used for a security class, specifically ethical hacking/pentesting so I figured this would be the perfect place to get some cool ideas for what to do with all this freedom in order to benefit the class. My only stipulation is that I'm not allowed to remove Windows 7 or even dual boot (*sigh*), so any Linux installations will have to be virtual machines. So, I'm looking for out of the box ideas...got any?

My first idea:

I love showing people how easy it is to crack password hashes of out-of-date algorithms. What if I installed 50 virtual Linux boxes (All the laptops are identical, so I could set up something lightweight like Arch on one, and then just copy the image from machine to machine) and then clustered the machines via Ethernet cables to a switch? How difficult would it be to make use of the CPU's, or even better, the GPU's of each laptop in the distributed system to crack hashes? Do any password crackers have this functionality? Would there be a bottleneck if I used an old switch with 100mbps FE connections?

My second thought was, if there aren't any password crackers with distributed functionality, it would be a simple matter to write a script to divide up blocks of potential passwords, and then assign each computer work on it's own block individually with a locally installed password cracker, such as Hashcat. As an oversimplified example, say you had a 3 digit password, using a strictly numeric character set (0-9), and you had 3 computers to crack the password with. Computer 1 could process 000 through 333 while Computer 2 processed 334-666, and Computer 3 could do 667-999, and no intercommunication would be necessary. The only needed interaction would be when one of the computers actually found the password. This would essentially eliminate any network caused bottleneck. In your opinions, is this doable?

My second idea:

Everyone loves capture the flag competitions. What if I were to configure a few vulnerable servers and then give the class notice, say a week ahead of time, that next week they would be given the opportunity to split into teams, and find vulnerabilities in those servers? I could give them a jumping off point, and from there the team to find the most vulnerabilities and report them properly would win. Additionally, after the game, the students could be asked to share their procedure/methodology for finding/exploiting, and reporting a vulnerability." Does anyone have any suggestions of cool things to do with this? I'm expecting a few students with some experience using things like Backtrack/Blackbuntu, and a few others with some knowledge of vulnerability assessment, but for a majority of the class, I imagine a few hints will be necessary. The end goal is to keep everyone focused on the actual HOW, and not to promote cookbook style (read: script kiddie) thinking.

TLDR: Just reread the title.

#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 24 December 2012 - 10:46 AM

There is a version of JTR (john the ripper) that is distributed; called djohn.

If you're gonna torque out a mobile i7 plan on getting some heating pads for the laptops. The last thing you want to do is fry some CPU's. Laptops are not really designed to run long periods of time at full power. The cooling is just not there. At the least take precautions to make sure they're not overheating. There is an SNMP extension that will allow monitoring the temp remotely. You'll need to google for it.

Cracking passwords is really kind of lame though. Set up some real world scenarios:
- easy SMB passwords with the ability to enumerate usernames
- remote registry running
- iis with some vulnerable scripts. Maybe even SQL server with a weak sa password.
- do some linux virtual machines with exploitable daemons, etc...

#3 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 24 December 2012 - 12:00 PM

- iis with some vulnerable scripts. Maybe even SQL server with a weak sa password.
- do some linux virtual machines with exploitable daemons, etc...


I was thinking about following Metasploit Unleashed for this. Metasploitable would make setup a breeze for the Linux boxes and I've already got several vulnerable XP machines configured. The class could follow along starting with MSF basics. After the lab activity there could be a lecture on what exploit code is, and the benefits of a framework for launching exploits. Plus that would lead nicely into Web App Security. Look at me go, I'm all sorts of excited for this.

#4 Seal

Seal

    Not a fan of clubs.

  • Agents of the Revolution
  • 2,440 posts
  • Country:
  • Gender:Male
  • Location:Canada

Posted 24 December 2012 - 11:07 PM

I've developed a few distributed systems for the geophysics company I work at. In my case, the specs of the machines varied wildly.

What I did was break up computational tasks into discrete blocks to be allocated to all computers, on a first come first serve basis. If the task was 100 blocks, then the faster computers would invariably complete more than the slower computers, but they'd all contribute to speeding things up.

The important thing to keep in mind was the overhead. If it took three minutes to send the data over the network, but one minute to process - that was a waste of resources. I worked on optimization tricks, but by and large the thing to keep in mind is that this isn't a panacea. It's good for brute forcing, which has little data transfer requirement.

Doing your own distributed system is relatively easy with Python. You can probably do it in less than 300 lines of code.

Edited by Seal, 24 December 2012 - 11:09 PM.


#5 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 25 December 2012 - 09:08 PM

Doing your own distributed system is relatively easy with Python. You can probably do it in less than 300 lines of code.


I actually am planning to do just that. From one main box I'll take in a character set and password length. Then I'll compute the total number of different combinations possible, divided by the number of machines I have at my disposal, and assign a modified character set to each computer based upon the return (essentially breaking the work into even blocks). The work can then be done locally on each machine, so as to keep my slow network from being a bottleneck.

The results should be wonderful. Imagine one computer's GPU taking 10 minutes to crack an 8 character password. An array of 50 machines working simultaneously could handle the same password in a little over 12 seconds! Imagine a 9 character password taking 12 hours to brute force, 50 computers could do it in around 15 minutes. This is assuming some brand new hardware in each machine, but still, it's the principle of the thing. Distributed computing is pretty sweet.

#6 I8igmac

I8igmac

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 14 posts
  • Gender:Male

Posted 26 December 2012 - 01:13 AM

i have not read the hole post so forgive my ignornce...

i have been wanting to create a network of cuda machines... are these machines nvidia graphics?

for example take a large dictanary file and split into 50 parts per 50 machines... when the password is found send a sucess kill msg across the network...

you have alot of processing power... sounds like fun




BinRev is hosted by the great people at Lunarpages!