Monday, July 30, 2012

New cloud-based hacking service can crack VPN passwords within 20 hours

As example of a leverage power of cloud-based services can be mentioned the twitter message we have posted today:

https://twitter.com/reanvent/status/229923837465198593

The advantages of the scalability of such services and the low costs oriented by "pay as you go" can be used to attack an keys, passwords and networks at companies or at private users.

To demonstrate how it works, we would like to describe the possible handling of such attacks. As example I would like to use the example of CloudCracker Service.
The online form of the service looks like:



How the fields in the form have to be filled can be found bellow.

How do I submit a WPA/WPA2 Job?
In order to submit a WPA/WPA2 job for processing, you'll need to capture a WPA handshake for the network you're interested in cracking. There are many publicly available tools for acquiring a network handshake such as aircrack-ng, along with online tutorials for how to use them.

Once you've gotten a network capture, simply submit the .cap (or .pcap) file along with the SSID/ESSID of the network. If your network capture is greater than 5MB, you'll have to reduce it by stripping out the handshakes. On Linux, you can use the script here to do this.

How do I submit a LM/NTLM Job?
Submit a file containing the LM or NTLM hashes you'd like to crack, formatted as a PWDUMP file. PWDUMP files are formatted as:
<user_name>:<user_id>:<lm_hash>:<ntlm_hash>:<comment>:<home_directory>:

For example, a file with two NTLM hashes might look like this:
moxie:1000:NO PASSWORD*********************:55BB1BF7C3668EE1C23D74B4C5686C1E:::
geoff:1001:NO PASSWORD*********************:CCA5A5F729D79D8DDC67524C286C126A:::

Or a file with two LM hashes would look like this:
moxie:1000:9224FC255C58C50EAAD3B435B51404EE:87F65D137998A4CE59EA65B114A0F831:::
geoff:1001:9224FC255C58C50E93E28745B8BF4BA6:A4CC3E6ADACEB79EBE88AAFDEA4B97CD:::



Sources:
http://www.zdnet.com/blog/btl/new-cloud-based-hacking-service-can-crack-wi-fi-passwords-in-20-minutes/28224
https://www.cloudcracker.com/
http://www.heise.de/security/meldung/Cloud-Dienst-knackt-VPN-Passwoerter-in-24-Stunden-1654958.html