About 5 months ago I got the idea to create a botnet style password cracking program. This blog post is about what I was trying to do and how I failed. Along with version 2 outline showing whats next.
It took a little over 2 months to get people at DC214 (DEFCON Group in Dallas, TX) moving on the project. Mostly because this is the first project I have tried to lead. So that left us with about 3 months to complete the project. Another limitation I had I didn't know how to distribute the coding to other people. So I programmed everything my self. Working a normal job 7am to 5pm only had a couple hours a day. with about 3 weeks wasted on how to preform asynchronous subprocess communication with out blocking named pipes.
We ended up naming it: ID-PCB ( IRC distributed password cracking bot )
I have added the license GPLv3 and made the repo public. You can access the files here:
https://github.com/DC214/pwcrack
What resources we had:
16x GPU's all but 2 were 7950's or 7970's
I know several people didn't even connect because we were having problems. I am thinking we had another 5 or 7 GPU's.
Roughly 140 CPU cores. plus 3 boxes with 12 CPUs each that didn't make it online.
How it was spouse to work:
The user would download the client software for pwcrack.init6.me. Run the setup.py. This would create a sysinfo file with all the hardware information. Also, the client ID represented the power of the computer. So the better the GPU and the more you had your client ID would be higher.
Then you would run the client software. It would read in the sysinfo file. Connect to the IRC server. Register with the server with all its info. It would than wait for commands to execute. Before executing any commands it would make sure the binary file was on the whitelist of apps. It would also do a md5sum on the binary and compare it with the read-only file on pwcrack.init6.me to make sure no "DEFCON hackers" messed with our stuff.
I had a regServer that kept track of all the clients and their status.
I had what I called crack programs that would query regServer database and grab clients to use and distribute the commands to each client.
Once the client executed the command it would hit the status key and send a update through IRC. Once it finished if passwords were found it would upload them to the FTP site and tell the crack program it was ready in which it would send the next command.
The problems:
I had only wrote and tested the brute force crack program. I wrote the Rule based crack program on the road while driving towards vegas.
Once I started a bruteforce command I had no way of stopping it nicely.
Didn't get to this point but all the clients would have stopped at the wrong time. I put a time bomb in it as on Saturday night it would have stopped whatever it was doing and upload what it had. However, it was checking local time not PDT.
IRC, IRC, IRC. It sounded great to start with because that's what I knew. I had programmed other IRC bots in the past. The IRC server had buffer problems both sending and receiving. During testing it didn't lag because I only had a couple clients on at once. However, once everyone jumped on and started talking the lag became really high.
Not enough testing.
No nvidia cards to test so some nvidia users couldn't connect correctly.
The conclusion:
It failed and that is okay. I learned a lot. This is the first python program I have wrote that was this complex.
I know
why and
how I failed so I have quickly moved on and designed a new approach.
A rough draft of the direction I would like to move this project in: [
gdoc]