Early this week FireEye released a managed password cracking tool, dubbed GoCrack, that is able to execute tasks across multiple GPU servers. GoCrack is an open source tool developed by FireEye’s Innovation and Custom Engineering (ICE) team that implements an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.
Users can deploy a GoCrack server along with a worker on every GPU/CPU capable machine, the tasks will be automatically distributed across the GPU/CPU of the machines composing the network.
“FireEye’s Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks.” reads the post published by FireEye. “Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines.”
GoCrack supports the hashcat v3.6+ engine and requires no external database server, the experts also implemented the support for both LDAP and database backed authentication.
FireEye plans to add support for both MySQL and Postgres database engines soon.
The server component can run on any Linux server with Docker installed, users with NVIDIA GPUs can use NVIDIA Docker to run the worker in a container with full access to the GPUs.
Password cracking is a very important activity for security professionals that aim to test password effectiveness and management.
“Some use cases for a password cracking tool can include cracking passwords on exfil archives, auditing password requirements in internal tools, and offensive/defensive operations.” continues FireEye.
GoCrack logs any sensitive actions for auditing purposes, the tool allows to hide task data unauthorized users.
“Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators,” continues the post. “Engine files (files used by the cracking engine) such as Dictionaries, Mangling Rules, etc. can be uploaded as ‘Shared’, which allows other users to use them in task yet do not grant them the ability to download or edit.”
You can download GoCrack code from the GitHub repository along with the tool itself.
Experts have no doubt about the fact that this could be soon a privileged instrument for threat actors looking to crack passwords.