Your SlideShare is downloading. ×
0
White ChapelPassword Auditing Framework
Current State of Password Cracking1.   Get hashes2.   Crack hashes!! With GPUs!!3.   ...4.   Profit!                  Ok.....
The dark side to PasswordCracking● Dump/Cracked are either deleted or left  scattered around the cracking box● Clear-text ...
The dark side to PasswordCracking - contd● Running the same dictionary over and over  is a waste of computer time● Cross-h...
But why not use one of the onlinehash databases?          ● No way Im going on            unemployment for divulging      ...
What about #{hash_cracking_tool}● WhiteChapel doesnt try to replace or do  cracking better, John The Ripper and  Hashcat h...
Enter White Chapel my solution to those issues
White Chapel 0.1
White Chapel 1.0
Problem 1: No centralized storage● WhiteChapel uses ElasticSearch as a  backend "database" of passwords and  hashes
Problem 2: Clear-Text Passwords● WhiteChapel allows you to  input either dictionaries or  single passwords through  an eas...
Problem 3: No team collaboration● WhiteChapel utilizes a centralized, yet easily  clustered Elastic Search backend.● Joe i...
Problem 4: Re-running samedictionary● WhiteChapel enables upload of pwdump and  hashlist files, this allows for near insta...
Problem 5: Cross-hash knowledge● Since WhiteChapel generates all of the  supported hash types for all of the  passwords in...
Installation & Startup
Installation Steps (Dependencies)1. Ruby2. ElasticSearch  a. Download then run ./bin/elasticsearch -f  b. Requires Java or...
Installation Steps1. git clone repo   a. edit elastic.conf for elasticsearch ip/port if different   b. edit Rakefile for r...
Start the app, queue system and oneworker          1. foreman start
Expanding...● Start more elasticsearch servers  ○ elasticsearch/bin/elasticsearch -f● Start more redis servers  ○ redis/re...
Infrastructure
Single-box Setup                                     Sin                                        atr                       ...
Scaled Setup
Uber - Scaled Setup
endhttp://github.com/mubix/whitechapel
Intro to White Chapel
Upcoming SlideShare
Loading in...5
×

Intro to White Chapel

12,605

Published on

An intro to the White Chapel password auditing framework project found here: https://github.com/mubix/WhiteChapel

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
12,605
On Slideshare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Intro to White Chapel"

  1. 1. White ChapelPassword Auditing Framework
  2. 2. Current State of Password Cracking1. Get hashes2. Crack hashes!! With GPUs!!3. ...4. Profit! Ok... and then what...
  3. 3. The dark side to PasswordCracking● Dump/Cracked are either deleted or left scattered around the cracking box● Clear-text passwords never make it to password cracking box for addition to dictionaries (dont need to be cracked)● Each team member uses their own methods, tools, and dictionaries
  4. 4. The dark side to PasswordCracking - contd● Running the same dictionary over and over is a waste of computer time● Cross-hash knowledge is that golden nugget that gets forgotten ○ Password "P#$$w0rd1259_%" cracked because LM stored, isnt checked against MySQL hash and goes uncracked because hash type is unrealistic to brute to 14 characters
  5. 5. But why not use one of the onlinehash databases? ● No way Im going on unemployment for divulging internal passwords to a 3rd party. ● For the most part they dont allow upload of files ( pwdump / shadow / dictionary ) to do mass lookups/adds ● Not open source. I dont know what or where the things Im looking up go
  6. 6. What about #{hash_cracking_tool}● WhiteChapel doesnt try to replace or do cracking better, John The Ripper and Hashcat have teams and community support. ○ Not to mention WAY better at math than me● WhiteChapel should just be your first (check for any known passwords instantly) and last (import all of your known passwords) stop on the password cracking train
  7. 7. Enter White Chapel my solution to those issues
  8. 8. White Chapel 0.1
  9. 9. White Chapel 1.0
  10. 10. Problem 1: No centralized storage● WhiteChapel uses ElasticSearch as a backend "database" of passwords and hashes
  11. 11. Problem 2: Clear-Text Passwords● WhiteChapel allows you to input either dictionaries or single passwords through an easy to use web interface
  12. 12. Problem 3: No team collaboration● WhiteChapel utilizes a centralized, yet easily clustered Elastic Search backend.● Joe imports their dictionary● Alice adds the 20 character password they found in a text file● Joe finds a MySQL hash that matches that 20 character password● Alice finds 20 extra passwords using WhiteChapels mass-lookup due to Joes dictionary contribution
  13. 13. Problem 4: Re-running samedictionary● WhiteChapel enables upload of pwdump and hashlist files, this allows for near instant searching of hashes stored in whitechapel, no matter the hash types cracking speed● Since ElasticSearch can easily handle billions of what it calls "documents", this can out-pace standard cracking tools
  14. 14. Problem 5: Cross-hash knowledge● Since WhiteChapel generates all of the supported hash types for all of the passwords inputted, finding where users have re-used passwords can result in new findings● This is mostly useful beyond the threshold of standard brute-force lengths (passwords over 10 characters) and saves you time processing a "found pass" dictionary.
  15. 15. Installation & Startup
  16. 16. Installation Steps (Dependencies)1. Ruby2. ElasticSearch a. Download then run ./bin/elasticsearch -f b. Requires Java or OpenJDK c. http://www.elasticsearch.org/download/3. Redis Server a. Download then run ./redis-server --foreground b. http://redis.io/downloadBoth of those options are foregroundrunning, works in screen, but each OS hasservice based options
  17. 17. Installation Steps1. git clone repo a. edit elastic.conf for elasticsearch ip/port if different b. edit Rakefile for redis ip/port if different2. bundle install (to pull ruby gems)
  18. 18. Start the app, queue system and oneworker 1. foreman start
  19. 19. Expanding...● Start more elasticsearch servers ○ elasticsearch/bin/elasticsearch -f● Start more redis servers ○ redis/redis-server --foreground● Start more redis-resque workers ○ ./scripts/start_worker.sh● Start another Sinatra front-end ○ ruby app.rb
  20. 20. Infrastructure
  21. 21. Single-box Setup Sin atr aq e eu ue qu ries ela o sti st cs e rd arc wo h ss pa ds ad tra m na fro rch Si es a sh ticse ha s es ela rat o ne s int ge d Redis worke rp rk er fee passwords fr ulls wo and om queue is d ed wor R ss pa
  22. 22. Scaled Setup
  23. 23. Uber - Scaled Setup
  24. 24. endhttp://github.com/mubix/whitechapel
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×