Kraker - Distributed Password Brute-Force System That Focused On Easy Use

2021-03-24T11:30:00

Description

[![](https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/w640-h468/kraker_1_cracker.png)](<https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/s500/kraker_1_cracker.png>) **Kraker** is a [distributed](<https://www.kitploit.com/search/label/Distributed> "distributed" ) password [brute-force](<https://www.kitploit.com/search/label/Brute-force> "brute-force" ) system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash [cracking](<https://www.kitploit.com/search/label/Cracking> "cracking" ) and make it fault-tolerant. **Kraker** consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below. **Kraker** continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: [@_w34kp455](<https://twitter.com/w34kp455> "@_w34kp455" ) and [@_asSheShouldBe](<https://twitter.com/asSheShouldBe> "@_asSheShouldBe" ). **Setup** Here you can find a manual on how to setup your own server, build an agent from the source and run it. You always can download a Release that is already built and run it. **Server** Server is written on Laravel and provides a web interface for creating [brute force](<https://www.kitploit.com/search/label/Brute%20Force> "brute force" ) tasks and also serves for managing agents. **Setup** sudo apt update curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh rm get-docker.sh sudo curl -L "https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo systemctl enable docker sudo docker-compose build app sudo docker-compose up -d sudo docker-compose exec app composer install sudo docker-compose exec app php artisan key:generate sudo docker-compose exec app php artisan migrate sudo docker-compose exec app php artisan db:seed --class=HashtypeSeeder sudo docker-compose exec app php artisan db:seed --class=UserSeeder Navigate the server IP address and enter the next credentials: * Login: admin * Password: kraker **Agent** It is written in .NET Core 5 and works on any OS where this framework is available - Linux, Windows, MacOS (not tested yet). The agent is responsible for performing brute-force tasks that it receives from the server. **Setup** For the agent to work on the host, you need to install .NET Core 5, which can be downloaded from the following link: <https://dotnet.microsoft.com/download/dotnet/5.0> * Linux - <https://docs.microsoft.com/ru-ru/dotnet/core/install/linux> * Windows -<https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-5.0.4-windows-x64-installer> **Build from source** 1. Install .NET Core 5 SDK. Linux example: wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb sudo apt-get update sudo apt-get install -y apt-transport-https sudo apt-get update sudo apt-get install -y dotnet-sdk-5.0 [![](https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/w640-h360/kraker_2_dotnet_install.gif)](<https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/s544/kraker_2_dotnet_install.gif>) 2. To compile agent from source code, go to agent folder and run the next command: `dotnet build --configuration Release`. After that in `Kracker.App/bin/Release/net5.0` folder you will get the built project. 3. You need to download **hashcat** from the official page at <https://hashcat.net/hashcat/>, unpack it into the agent's folder. 4. Modify `appsettings.json` in `Kracker.App/bin/Release/net5.0` and put **ServerURL** and **Hashcat.Path** like: { "HashCat":{ "Path": "/home/admin/Kraker/agent/Kracker.App/bin/Release/net5.0/hashcat/hashcat.bin", //hashcat path "SilencePeriodBeforeKill": 5, //default - 60 minutes "RepeatedStringsBeforeKill": 100, //defaut 1000 strings "NeedForce": true, "Options": "--quiet --status --status-timer=1 --machine-readable --logfile-disable --restore-disable --outfile-format=2" }, "ServerUrl": "http://8.8.8.8/", //server url "InventoryCheckPeriod": 600, "HearbeatPeriod": 15 } 5. Create a folder **wordlist** and **rule** and put there your favorite [wordlist](<https://www.kitploit.com/search/label/Wordlist> "wordlist" ) and rules. 6. Run **Kraker.app.exe** or use command `dotnet run Kraker.app.dll` 7. You can copy-paste the agent folder from server to server for easy setup. Happy cracking! [![](https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/w640-h360/kraker_3_agent_setup.gif)](<https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/s544/kraker_3_agent_setup.gif>) **Using release** In release you can find: * pre-installed hashcat <https://hashcat.net/hashcat/> * rules from <https://github.com/ttmyst/tmyst_rules> Running agent from release: 1. Install .NET Core 5 runtime. 2. Modify `appsettings.json` in `Kracker.App/bin/Release/net5.0` and put **ServerURL** and **Hashcat.Path**. 3. Put your favorite wordlist and rules in **wordlist** and **rule** folders. You can find lots of **wordlists** on <https://weakpass.com>. 4. Run **Kraker.app.exe** or use command `dotnet Kraker.app.dll` **Contacts** * [@_w34kp455](<https://twitter.com/w34kp455> "@_w34kp455" ) * [@_asSheShouldBe](<https://twitter.com/asSheShouldBe> "@_asSheShouldBe" ) * <https://weakpass.com> **[Download Kraker](<https://github.com/zzzteph/kraker> "Download Kraker" )**

{"id": "KITPLOIT:7304266172961465519", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Kraker - Distributed Password Brute-Force System That Focused On Easy Use", "description": "[![](https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/w640-h468/kraker_1_cracker.png)](<https://1.bp.blogspot.com/-GHbAS9Ox6ds/YFehU5a4vDI/AAAAAAAAVpY/819gDQK_0W0_Nu_g_TV8LhZw23DwfcMIACNcBGAsYHQ/s500/kraker_1_cracker.png>)\n\n \n\n\n**Kraker** is a [distributed](<https://www.kitploit.com/search/label/Distributed> \"distributed\" ) password [brute-force](<https://www.kitploit.com/search/label/Brute-force> \"brute-force\" ) system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash [cracking](<https://www.kitploit.com/search/label/Cracking> \"cracking\" ) and make it fault-tolerant.\n\n**Kraker** consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below.\n\n**Kraker** continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: [@_w34kp455](<https://twitter.com/w34kp455> \"@_w34kp455\" ) and [@_asSheShouldBe](<https://twitter.com/asSheShouldBe> \"@_asSheShouldBe\" ).\n\n \n\n\n**Setup** \n\n\nHere you can find a manual on how to setup your own server, build an agent from the source and run it. You always can download a Release that is already built and run it.\n\n \n**Server** \n\n\nServer is written on Laravel and provides a web interface for creating [brute force](<https://www.kitploit.com/search/label/Brute%20Force> \"brute force\" ) tasks and also serves for managing agents.\n\n \n**Setup** \n\n \n \n sudo apt update \n curl -fsSL https://get.docker.com -o get-docker.sh \n sh get-docker.sh \n rm get-docker.sh \n sudo curl -L \"https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose \n sudo chmod +x /usr/local/bin/docker-compose \n sudo systemctl enable docker \n \n sudo docker-compose build app \n sudo docker-compose up -d \n sudo docker-compose exec app composer install \n sudo docker-compose exec app php artisan key:generate \n sudo docker-compose exec app php artisan migrate \n sudo docker-compose exec app php artisan db:seed --class=HashtypeSeeder \n sudo docker-compose exec app php artisan db:seed --class=UserSeeder \n \n \n\nNavigate the server IP address and enter the next credentials:\n\n * Login: admin\n * Password: kraker\n \n**Agent** \n\n\nIt is written in .NET Core 5 and works on any OS where this framework is available - Linux, Windows, MacOS (not tested yet). The agent is responsible for performing brute-force tasks that it receives from the server.\n\n \n**Setup** \n\n\nFor the agent to work on the host, you need to install .NET Core 5, which can be downloaded from the following link:\n\n<https://dotnet.microsoft.com/download/dotnet/5.0>\n\n * Linux - <https://docs.microsoft.com/ru-ru/dotnet/core/install/linux>\n * Windows -<https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-5.0.4-windows-x64-installer>\n \n**Build from source** \n\n\n 1. Install .NET Core 5 SDK. Linux example:\n \n \n wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb \n sudo dpkg -i packages-microsoft-prod.deb \n sudo apt-get update \n sudo apt-get install -y apt-transport-https \n sudo apt-get update \n sudo apt-get install -y dotnet-sdk-5.0 \n \n\n[![](https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/w640-h360/kraker_2_dotnet_install.gif)](<https://1.bp.blogspot.com/-C-nnmVzE0Jg/YFehg0tBj1I/AAAAAAAAVpc/ZWm3_F8rwQEwO-Z1q6t6GD2rZcGidkAcgCNcBGAsYHQ/s544/kraker_2_dotnet_install.gif>)\n\n 2. To compile agent from source code, go to agent folder and run the next command: `dotnet build --configuration Release`. After that in `Kracker.App/bin/Release/net5.0` folder you will get the built project.\n 3. You need to download **hashcat** from the official page at <https://hashcat.net/hashcat/>, unpack it into the agent's folder.\n 4. Modify `appsettings.json` in `Kracker.App/bin/Release/net5.0` and put **ServerURL** and **Hashcat.Path** like:\n \n \n { \n \"HashCat\":{ \n \"Path\": \"/home/admin/Kraker/agent/Kracker.App/bin/Release/net5.0/hashcat/hashcat.bin\", //hashcat path \n \"SilencePeriodBeforeKill\": 5, //default - 60 minutes \n \"RepeatedStringsBeforeKill\": 100, //defaut 1000 strings \n \"NeedForce\": true, \n \"Options\": \"--quiet --status --status-timer=1 --machine-readable --logfile-disable --restore-disable --outfile-format=2\" \n }, \n \"ServerUrl\": \"http://8.8.8.8/\", //server url \n \"InventoryCheckPeriod\": 600, \n \"HearbeatPeriod\": 15 \n } \n \n \n\n 5. Create a folder **wordlist** and **rule** and put there your favorite [wordlist](<https://www.kitploit.com/search/label/Wordlist> \"wordlist\" ) and rules.\n 6. Run **Kraker.app.exe** or use command `dotnet run Kraker.app.dll`\n 7. You can copy-paste the agent folder from server to server for easy setup. Happy cracking!\n\n[![](https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/w640-h360/kraker_3_agent_setup.gif)](<https://1.bp.blogspot.com/-S_I4JYuCmu0/YFehq9G9rDI/AAAAAAAAVpk/seN_ezOtnoANMitoLA85esZA8i19nHfjwCNcBGAsYHQ/s544/kraker_3_agent_setup.gif>)\n\n \n\n\n**Using release** \n\n\nIn release you can find:\n\n * pre-installed hashcat <https://hashcat.net/hashcat/>\n * rules from <https://github.com/ttmyst/tmyst_rules>\n\nRunning agent from release:\n\n 1. Install .NET Core 5 runtime.\n 2. Modify `appsettings.json` in `Kracker.App/bin/Release/net5.0` and put **ServerURL** and **Hashcat.Path**.\n 3. Put your favorite wordlist and rules in **wordlist** and **rule** folders. You can find lots of **wordlists** on <https://weakpass.com>.\n 4. Run **Kraker.app.exe** or use command `dotnet Kraker.app.dll`\n \n**Contacts** \n\n\n * [@_w34kp455](<https://twitter.com/w34kp455> \"@_w34kp455\" )\n * [@_asSheShouldBe](<https://twitter.com/asSheShouldBe> \"@_asSheShouldBe\" )\n * <https://weakpass.com>\n \n \n\n\n**[Download Kraker](<https://github.com/zzzteph/kraker> \"Download Kraker\" )**\n", "published": "2021-03-24T11:30:00", "modified": "2021-03-24T11:30:06", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/03/kraker-distributed-password-brute-force.html", "reporter": "KitPloit", "references": ["https://github.com/zzzteph/kraker", "https://github.com/ttmyst/tmyst_rules"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:08", "viewCount": 46, "enchantments": {"dependencies": {}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "_state": {"dependencies": 1659895684, "score": 1659843777}, "_internal": {"score_hash": "41ebf5d4c754e187149f85a959a7adc2"}, "toolHref": "https://github.com/zzzteph/kraker"}