GoCrack: Managed Password Cracking Tool
GoCrack provides APIs to manage password cracking tasks across supported cracking engines.
- Linux (Ubuntu 16.04+ although other distributions may work) or MacOS
- Computer(s) with NVIDIA or AMD GPUs
Step 1. Building Hashcat
- GoCrack requires hashcat version 3.6 or higher and to be built in the Shared mode. This can be accomplished by switching the SHARED bit to 1 in src/Makefile. Alternatively, you can apply the patch here.
- Follow Hashcat’s build instructions to compile hashcat as a shared library.
- Copy hashcat’s include folder to /usr/local/include/hashcat -> cp -r include/ /usr/local/include/hashcat
- Test and ensure hashcat was installed successfully by running hashcat —opencl-info. You should see information about the various OpenCL devices attached to your computer.
Step 2. Building GoCrack
- Building GoCrack’s server & workers are straightforward on MacOS as libOpenCL is a “standard” framework. Simply run,
You’ll most likely need to install libOpenCL along with platform-specific ICD’s for all your devices to work. At the time of writing, we only have access to NVIDIA GPUs.
To test and ensure OpenCL libraries are working correctly you can run clinfo to show all OpenCL platforms and devices on your machine.
Building GoCrack’s server & workers can now be accomplished by running make build.
GoCrack is built to use whatever authentication backend and storage provider you choose. By default, all supported modules are compiled into binary but you have the option to exclude ones you do not want.
$ make SERVBUILDTAGS=”auth_database auth_ldap”
- auth_database: Allows you to use whatever storage backend you’ve chosen for authentication
- auth_ldap: Allows you to use the LDAP authentication provider
- stor_bdb: Build GoCrack with the BoltDB flatfile engine
When GoCrack starts, depending on which authentication plugin you are using the following will happen:
- If you’re using the database plugin, an admin user will be created with the credentials admin / ch@ng3me!. You should change this immediately after logging in.
- If you’re using the LDAP plugin, the first user who logs into the system will automatically be promoted to admin.
Uploading Engine Files
GoCrack tasks’s won’t function until “Engine Files” are uploaded. Engine files are dictionaries, mangling rules, and brute force masks used by the cracking engines to perform their task. From the File Manager -> Engine Files page, click the Upload File button.
Upload at least one dictionary and password masks file and select the appropriate type. In order for non-admins to use the file, you must check the Shared box. Non-admins will be able to select this file for tasks and see basic metadata about it but will be unable to edit/download the contents.
Figure 2 shows a task list, Figure 3 shows the “Real-time Status” tab for a task, and Figure 4 shows the “Cracked Passwords” tab.
Figure 2: Task Listing
Figure 3: Task Status
Figure 4: Cracked Passwords Tab