sy14r / cryptbreaker Goto Github PK
View Code? Open in Web Editor NEWA cloud-backed password cracking and assessment tool - Sponsored by Open Security
License: Apache License 2.0
A cloud-backed password cracking and assessment tool - Sponsored by Open Security
License: Apache License 2.0
Improvement to specify complexity requirements on a per character class basis (2 upper, 2 lower, etc) and then also to specify at least 2 of the 4 complexity requirements met. (IE if complexity is 2 upper, 2 lower, 2 symbols, 2 numbers and the uses specifies at least 3 of the 4 met then we want 2 upper, 2 lower, 2 symbols to be marked compliant as well as 2 upper, 2 symbols, and 2 numbers)
Thought this was dealt with but need to update so that the empty LM hash doesn't pollute statistics (it is still showing up on the Pass Reuse Stats for uploaded group files)
I now get all the way to the point where I select attempt to crack but still receive an error stating "Job failed - Need to configure Spot Instances in AWS." The database I am using is very small so I'm not understanding why I need to do this. Nevertheless, I configured spot instances and requested the increase. I get a little bit of round around from AWS before they think they have it configured only to then be told I need to "Please launch a t2.micro EC2 instance in the desired region to activate it.
Once region is active we can increase your Spot limits." I'm not an AWS guy so I'm a little lost on why I need to do this and how, not to mention there is no mention of this need here in the guidance provided.
Is anyone else seeing this issue or is it just me?
For teams who have already invested in GPU rigs, it would be great to be able to use those in place of AWS instances, and have the benefits of the API and cobalt strike integration that exist with this project.
The dockerized version of CB doesn't support M1 macs, need to build a container image which supports this architecture for easier use on that platform
Provide docker build and instructions (docker-compose.yml)
Desktop Docker version: 2.2.0.3 (42716)
Cryptbreaker version 1.1
Infrastructure environment: Maybe 15 users counting service accounts (lab environment - VMware)
OS: Windows Server 2019
I loaded the zipped data from the export of ntdsutil and that took longer than I expected. (10 minutes)
Clicked 'attempt to crack', received the 'retrieving price data' dialog and then it hangs and never gets past that point.
The display shows the following:
Hashes cracked: 0
Different Hashes: 57
Total Hashes: 158
PowerShell (Docker) window states level=error msg="error waiting for container: EOF" and then reverted to the system32 prompt.
Demo looks like an awesome program. Any help would be appreciated.
Can more broadly support different regions if this is worked out
Add an 'enhanced logging' feature that results in more verbose logging of cracking status and ec2 status updates.
Instead of building wordlists on each box have an automated process and repo to build the wordlists once a day and reference that repo in all instances that run, should decrease per box runtimes
Hi, will there be Azure support in the near future? Or is it possible to use it in an Azure cloud environment?
Improve discovery of hash files within a zip upload (initially targeted for IFM backup work for auditing but eventually arbitrary hash files)
This will enable improved billing tracking in AWS and also allow for AWS limits out of band of the tool to delete long running instances. CB will need to also be able to handle when AWS resources are yanked out from under it as well.
Creating an AMI for cracking to avoid having build/configuration time built into all cracking jobs.
Occasionally output from hashcat isn't properly parsed and we get overly verbose status messages that don't accurately/succinctly reflect the current state of the tool. Need to id and avoid these issues by improving parsing
Add a 'nuke from orbit' feature that allows for a crack job to be instantly cancelled. Forcefully deleting all related cloud resources.
Occasionally CB fails to tag created resources properly... will want to update where the tagging occurs to avoid this problem.
Can't recreate the hanging bug but lets add an additional protection to ensure no run-away resource issues. A configurable serverless function run on a schedule to find and kill tagged resources that have a run time of > X hours (or minutes or whatever....)
We will want the Job UI to gracefully handle when resources just disappear (either admin killed via AWS or the serverless job killed it)
Need to add support for P4 cracking generation in AWS
This is a default feature to cap max expense if desired....
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.