Search...

Kraker - Distributed Password Brute-Force System That Focused On Easy Use

2021-03-24T11:30:06

ID KITPLOIT:7304266172961465519
Type kitploit
Reporter KitPloit
Modified 2021-03-24T11:30:06

Description

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant.

Kraker consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below.

Kraker continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: @_w34kp455 and @_asSheShouldBe .

Setup

Here you can find a manual on how to setup your own server, build an agent from the source and run it. You always can download a Release that is already built and run it.

Server

Server is written on Laravel and provides a web interface for creating brute force tasks and also serves for managing agents.

Setup

sudo apt update  
curl -fsSL https://get.docker.com -o get-docker.sh  
sh get-docker.sh  
rm get-docker.sh  
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose  
sudo chmod +x /usr/local/bin/docker-compose  
sudo systemctl enable docker

sudo docker-compose build app  
sudo docker-compose up -d  
sudo docker-compose exec app composer install  
sudo docker-compose exec app php artisan key:generate  
sudo docker-compose exec app php artisan migrate  
sudo docker-compose exec app php artisan db:seed --class=HashtypeSeeder  
sudo docker-compose exec app php artisan db:seed --class=UserSeeder

Navigate the server IP address and enter the next credentials:

Login: admin
Password: kraker

Agent

It is written in .NET Core 5 and works on any OS where this framework is available - Linux, Windows, MacOS (not tested yet). The agent is responsible for performing brute-force tasks that it receives from the server.

Setup

For the agent to work on the host, you need to install .NET Core 5, which can be downloaded from the following link:

https://dotnet.microsoft.com/download/dotnet/5.0

Build from source

Install .NET Core 5 SDK. Linux example:

wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install -y apt-transport-https
sudo apt-get update
sudo apt-get install -y dotnet-sdk-5.0

To compile agent from source code, go to agent folder and run the next command: dotnet build --configuration Release . After that in Kracker.App/bin/Release/net5.0 folder you will get the built project.
You need to download hashcat from the official page at https://hashcat.net/hashcat/ , unpack it into the agent's folder.
Modify appsettings.json in Kracker.App/bin/Release/net5.0 and put ServerURL and Hashcat.Path like:

{
"HashCat":{
"Path": "/home/admin/Kraker/agent/Kracker.App/bin/Release/net5.0/hashcat/hashcat.bin", //hashcat path
"SilencePeriodBeforeKill": 5, //default - 60 minutes
"RepeatedStringsBeforeKill": 100, //defaut 1000 strings
"NeedForce": true,
"Options": "--quiet --status --status-timer=1 --machine-readable --logfile-disable --restore-disable --outfile-format=2"
},
"ServerUrl": "http://8.8.8.8/", //server url
"InventoryCheckPeriod": 600,
"HearbeatPeriod": 15
}
Create a folder wordlist and rule and put there your favorite wordlist and rules.
Run Kraker.app.exe or use command dotnet run Kraker.app.dll
You can copy-paste the agent folder from server to server for easy setup. Happy cracking!

Using release

In release you can find:

pre-installed hashcat https://hashcat.net/hashcat/
rules from https://github.com/ttmyst/tmyst_rules

Running agent from release:

Install .NET Core 5 runtime.
Modify appsettings.json in Kracker.App/bin/Release/net5.0 and put ServerURL and Hashcat.Path .
Put your favorite wordlist and rules in wordlist and rule folders. You can find lots of wordlists on https://weakpass.com .
Run Kraker.app.exe or use command dotnet Kraker.app.dll

Contacts

Download Kraker

JSON Vulners Source

Initial Source

{"id": "KITPLOIT:7304266172961465519", "bulletinFamily": "tools", "title": "Kraker - Distributed Password Brute-Force System That Focused On Easy Use", "description": "[ ![](https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/w640-h468/kraker_1_cracker.png) ](<https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/s500/kraker_1_cracker.png>)\n\n \n\n\n** Kraker ** is a [ distributed ](<https://www.kitploit.com/search/label/Distributed> \"distributed\" ) password [ brute-force ](<https://www.kitploit.com/search/label/Brute-force> \"brute-force\" ) system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash [ cracking ](<https://www.kitploit.com/search/label/Cracking> \"cracking\" ) and make it fault-tolerant. \n\n** Kraker ** consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below. \n\n** Kraker ** continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: [ @_w34kp455 ](<https://twitter.com/w34kp455> \"@_w34kp455\" ) and [ @_asSheShouldBe ](<https://twitter.com/asSheShouldBe> \"@_asSheShouldBe\" ) . \n\n \n\n\n** Setup ** \n\n\nHere you can find a manual on how to setup your own server, build an agent from the source and run it. You always can download a Release that is already built and run it. \n\n \n** Server ** \n\n\nServer is written on Laravel and provides a web interface for creating [ brute force ](<https://www.kitploit.com/search/label/Brute%20Force> \"brute force\" ) tasks and also serves for managing agents. \n\n \n** Setup ** \n\n \n \n sudo apt update \n curl -fsSL https://get.docker.com -o get-docker.sh \n sh get-docker.sh \n rm get-docker.sh \n sudo curl -L \"https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose \n sudo chmod +x /usr/local/bin/docker-compose \n sudo systemctl enable docker \n \n sudo docker-compose build app \n sudo docker-compose up -d \n sudo docker-compose exec app composer install \n sudo docker-compose exec app php artisan key:generate \n sudo docker-compose exec app php artisan migrate \n sudo docker-compose exec app php artisan db:seed --class=HashtypeSeeder \n sudo docker-compose exec app php artisan db:seed --class=UserSeeder \n \n \n\nNavigate the server IP address and enter the next credentials: \n\n * Login: admin \n * Password: kraker \n \n** Agent ** \n\n\nIt is written in .NET Core 5 and works on any OS where this framework is available - Linux, Windows, MacOS (not tested yet). The agent is responsible for performing brute-force tasks that it receives from the server. \n\n \n** Setup ** \n\n\nFor the agent to work on the host, you need to install .NET Core 5, which can be downloaded from the following link: \n\n[ https://dotnet.microsoft.com/download/dotnet/5.0 ](<https://dotnet.microsoft.com/download/dotnet/5.0> \"https://dotnet.microsoft.com/download/dotnet/5.0\" )\n\n * Linux - [ https://docs.microsoft.com/ru-ru/dotnet/core/install/linux ](<https://docs.microsoft.com/ru-ru/dotnet/core/install/linux> \"https://docs.microsoft.com/ru-ru/dotnet/core/install/linux\" )\n * Windows - [ https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-5.0.4-windows-x64-installer ](<https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-5.0.4-windows-x64-installer> \"https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-5.0.4-windows-x64-installer\" )\n \n** Build from source ** \n\n\n 1. Install .NET Core 5 SDK. Linux example: \n \n \n wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb \n sudo dpkg -i packages-microsoft-prod.deb \n sudo apt-get update \n sudo apt-get install -y apt-transport-https \n sudo apt-get update \n sudo apt-get install -y dotnet-sdk-5.0 \n \n\n[ ![](https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/w640-h360/kraker_2_dotnet_install.gif) ](<https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/s544/kraker_2_dotnet_install.gif>)\n\n 2. To compile agent from source code, go to agent folder and run the next command: ` dotnet build --configuration Release ` . After that in ` Kracker.App/bin/Release/net5.0 ` folder you will get the built project. \n 3. You need to download ** hashcat ** from the official page at [ https://hashcat.net/hashcat/ ](<https://hashcat.net/hashcat/> \"https://hashcat.net/hashcat/\" ) , unpack it into the agent's folder. \n 4. Modify ` appsettings.json ` in ` Kracker.App/bin/Release/net5.0 ` and put ** ServerURL ** and ** Hashcat.Path ** like: \n \n \n { \n \"HashCat\":{ \n \"Path\": \"/home/admin/Kraker/agent/Kracker.App/bin/Release/net5.0/hashcat/hashcat.bin\", //hashcat path \n \"SilencePeriodBeforeKill\": 5, //default - 60 minutes \n \"RepeatedStringsBeforeKill\": 100, //defaut 1000 strings \n \"NeedForce\": true, \n \"Options\": \"--quiet --status --status-timer=1 --machine-readable --logfile-disable --restore-disable --outfile-format=2\" \n }, \n \"ServerUrl\": \"http://8.8.8.8/\", //server url \n \"InventoryCheckPeriod\": 600, \n \"HearbeatPeriod\": 15 \n } \n \n \n\n 5. Create a folder ** wordlist ** and ** rule ** and put there your favorite [ wordlist ](<https://www.kitploit.com/search/label/Wordlist> \"wordlist\" ) and rules. \n 6. Run ** Kraker.app.exe ** or use command ` dotnet run Kraker.app.dll `\n 7. You can copy-paste the agent folder from server to server for easy setup. Happy cracking! \n\n[ ![](https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/w640-h360/kraker_3_agent_setup.gif) ](<https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/s544/kraker_3_agent_setup.gif>)\n\n \n\n\n** Using release ** \n\n\nIn release you can find: \n\n * pre-installed hashcat [ https://hashcat.net/hashcat/ ](<https://hashcat.net/hashcat/> \"https://hashcat.net/hashcat/\" )\n * rules from [ https://github.com/ttmyst/tmyst_rules ](<https://github.com/ttmyst/tmyst_rules> \"https://github.com/ttmyst/tmyst_rules\" )\n\nRunning agent from release: \n\n 1. Install .NET Core 5 runtime. \n 2. Modify ` appsettings.json ` in ` Kracker.App/bin/Release/net5.0 ` and put ** ServerURL ** and ** Hashcat.Path ** . \n 3. Put your favorite wordlist and rules in ** wordlist ** and ** rule ** folders. You can find lots of ** wordlists ** on [ https://weakpass.com ](<https://weakpass.com> \"https://weakpass.com\" ) . \n 4. Run ** Kraker.app.exe ** or use command ` dotnet Kraker.app.dll `\n \n** Contacts ** \n\n\n * [ @_w34kp455 ](<https://twitter.com/w34kp455> \"@_w34kp455\" )\n * [ @_asSheShouldBe ](<https://twitter.com/asSheShouldBe> \"@_asSheShouldBe\" )\n * [ https://weakpass.com ](<https://weakpass.com> \"https://weakpass.com\" )\n \n \n\n\n** [ Download Kraker ](<https://github.com/zzzteph/kraker> \"Download Kraker\" ) **\n", "published": "2021-03-24T11:30:06", "modified": "2021-03-24T11:30:06", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.kitploit.com/2021/03/kraker-distributed-password-brute-force.html", "reporter": "KitPloit", "references": ["https://github.com/ttmyst/tmyst_rules", "https://github.com/zzzteph/kraker"], "cvelist": [], "type": "kitploit", "lastseen": "2021-03-24T15:30:18", "edition": 1, "viewCount": 26, "enchantments": {"dependencies": {"references": [], "modified": "2021-03-24T15:30:18", "rev": 2}, "score": {"value": 0.3, "vector": "NONE", "modified": "2021-03-24T15:30:18", "rev": 2}, "vulnersScore": 0.3}, "toolHref": "https://github.com/zzzteph/kraker", "immutableFields": []}