FireEye on Monday released a tool designed to help red teams manage password cracking tasks across multiple GPU servers. Called GoCrack, the open source tool provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.
Developed in house by FireEye’s Innovation and Custom Engineering (ICE) team, users can deploy a GoCrack server along with a worker on every GPU/CPU capable machine with tasks being automatically distributed across the GPU/CPU machines.
GoCrack currently supports the hashcat v3.6+ engine and requires no external database server, and includes support for both LDAP and database backed authentication.
The server component can run on any Linux server running Docker, while users with NVIDIA GPUs can use NVIDIA Docker to run the worker in a container with full access to the GPUs.
“Password cracking tools are an effective way for security professionals to test password effectiveness, develop improved methods to securely store passwords, and audit current password requirements,” FireEye’s Christopher Schmitt explained in a blog post. “Some use cases for a password cracking tool can include cracking passwords on exfil archives, auditing password requirements in internal tools, and offensive/defensive operations.”
The tool also includes the ability to hide task data from others unless they are the creator or have been granted access to the task.
“Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators,” Schmitt wrote. “Engine files (files used by the cracking engine) such as Dictionaries, Mangling Rules, etc. can be uploaded as ‘Shared’, which allows other users to use them in task yet do not grant them the ability to download or edit.”
GoCrack is available for download from GitHub, along its source code.
While FireEye says the tool is targeted for use within enterprise security teams, the tool will also serve useful for malicious actors looking to crack passwords which can be used in future attacks.
Support for MySQL and Postgres database engines for larger deployments are planned for the future, along with additional features and greater configuration of the hashcat engine.