Only good guys would use an automated GPU-powered password-cracker ... right?

FireEye gives the world GoCrack, a Dockerised hashcat implementation for sysadmins

FireEye reckons sysadmins need help enforcing enterprise password rules, so it's released and open-sourced a tool that distributes password testing across multiple GPU-equipped machines.

GoCrack (at GitHub) combines the management of a red team's cracking tasks with privilege management, so the password tests don't fall into the wrong hands.

Only creators of task data, or those they delegate permission to, can see the contents of a cracking task. “Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators”, the company explains in its blog post.

The cracking engine's dictionaries, mangling rules and the like are made available to other users, but the administrator can protect them against views or edits.

Under the hood, GoCrack uses hashcat v3.6 or higher, and while it doesn't need an external database server, it supports LDAP or database-backed authentication.

The server component runs on any Linux server with Docker, and NVIDIA Docker lets GoCrack run in a container with full GPU access.

Future plans include MySQL and PostgreSQP database support, UI support for file editing, automatic task expiration, and expanded hashcat configuration. ?


Biting the hand that feeds IT ? 1998–2017

  • 8207870 2018-01-20
  • 59213869 2018-01-20
  • 814434868 2018-01-20
  • 663393867 2018-01-20
  • 255500866 2018-01-20
  • 736756865 2018-01-20
  • 57893864 2018-01-20
  • 378982863 2018-01-20
  • 463182862 2018-01-20
  • 983878861 2018-01-20
  • 226305860 2018-01-20
  • 194376859 2018-01-20
  • 17410858 2018-01-20
  • 148249857 2018-01-20
  • 619862856 2018-01-20
  • 715860855 2018-01-20
  • 99290854 2018-01-20
  • 508353853 2018-01-19
  • 966152852 2018-01-19
  • 997753851 2018-01-19