Integrating DMA attacks into Metasploit

Posted in Research, Security, Tools on 2012/03/09 by mram

Note 1: this is not my research. I only (co)supervised MSc students Albert Spruyt and Rory Breuk.
Note 2: the work was done in only five weeks, including reporting. More updates may follow when the guys find some time to work on it a bit more.

Summary

DMA attacks are oldskool, but hard to perform as no modern tool allows for it easily. Also, the oldskool attacks were limited to bypassing the login screen (Windows GINA) and searching for keys through memory. Some small patches were made for other operating systems besides the original winlockpwn for Windows XP and Vista, but the bottom line is that the attack has lost awareness since it’s first appeared a few years back. A nice overview of all DMA related research and attacks over the years can be found here.

The idea for this research came when I was once again fiddling with old linux kernels and old python code to successfully attack a client’s laptop during a security test with winlockpwn. I thougth “Wouldn’t it be cool if we could update the whole DMA attack thing to run on modern systems and integrated it into Metasploit so we could use all goodness Metasploit has to offer like payload selection, session control, etc”? Unable to find the time myself, I was doomed to keep using the old tooling.

But luckily I’m in good contact with the University of Amsterdam (System and Networking Engineering education) and was able to submit the topic for research by their MSc students. Rory Breuk and Albert Spruyt selected the topic and the research could start. They did the theoretical research and also created proof of concept code. Their paper can be found here, their presentation here, and their PoCs here. Oh, the PoC is called MOFO (Metasploit Over Firewire Ownage). With such a name it just has to be awesome ;-)

The PoC include two attacks:

  • Payload insertion via Metasploit: use Metasploit to prepare a reverse_tcp payload, connect to the target system via firewire, hit ‘exploit’ to insert the payload into memory, unplug firewire gear and walk away. Once the user gets back to the Ubuntu system and logs in, the injected code gets triggered and a reverse tcp connection is made via the network back to the attacker’s machine. In the case of Ubuntu 11.10 (the only supported OS at this moment), your you will have root-level control as LightDM runs as root. This all happens transparent to the end user. See screenshot below for attacker’s point of view.
  • Session control over DMA: connecting two machines via firewire, launch PoC code and the attacking system can issue commands on the target system, all via firewire + DMA.

You can find more details in their paper. The paper also includes ideas for future research on this topic, like how to implement multi stage payloads (meterpreter FTW!). So if you are interested, make sure to have a look.

Welcome additions to the code would be to have it ready for Windows systems and to have multi stage payloads like meterpreter supported. But the main message is that Albert and Rory have shown that it is possible to integrate DMA attacks into Metasploit. Great research, kudos for them!

Happy hacking!

Advertisements

What hardware to choose when building a GPU based password cracker right now (Q1 2012)?

Posted in Notes to myself, Password cracking on 2012/02/06 by mram

GPU based password cracking has unmet power when brute force cracking. Although brute force cracking is only part of the game (see also my over a year old post on CPU based cracking not being dead here) any modern security testing lab includes GPU password cracking functionality.

The field of GPU hardware is heavily in development. What was top of the line 18 months ago is somewhat reasonable right now. As I’m the process of upgrading the GPU hardware in our security testing lab myself, I just researched several possibilities with the current state of GPU hardware taken into account. This may be different in a few months, but for now (Q1 2012) these are the best picks I could find. And I thought to share them with you.

I narrowed it down to four different options, ranging from a few hundred to 13.000 Euro.

Common decisions for all possible options

Before diving into the different options, let’s discuss a few main decisions that are the same for any way you go.

Power is not really an issue when you can combine power supplies

GPU cards consume a lot of power. Having several GPU cards in your box requires a massive PSU. We are talking 1200+ Watt here when having a few modern cards. High Watt PSUs are expensive, especially when you want  ’80 PLUS’ certified – you want these as these are guaranteed to require only 20% of extra Watt from the power outlet to reach the advertised amount of Watt, these extra 20% are transformed into heat, the byproduct of any PSU. But as you do consume a lot of power you do need a big – and therefore expensive – PSU. Fortunately there are easy solutions to combine several mid range PSUs into the PSU of your requirements. ADD2PSU allows you to daisy-chain even more than two PSUs into one. Lian-Li Dual Power Supply Adapter (availability is hard, not sure if still shipped) allows you to combine two PSUs into one. Both simple solutions for our problem. Of course you can do this yourself with soldering cables. But with these solutions and prices (Eur 20) I wouldn’t start tampering with electrical power myself.

When picking PSUs make sure to take PSU that allow for enough connectors. Preferably a PSU like the Corsair AX1200 that allows for connecting the cords yourself.

CPU, chipset and main memory don’t really make a difference

It is all about the GPU cards. Unless you want to do more on the box you are creating I wouldn’t spent too much Euros on top of the line CPUs, chipsets and memory. Any Intel socket 1366 or even socket 1155 is good enough. If you want to go AMD, socket  AM3 or AM3+  is good enough. Of course you can go to the newest sockets  but it doesn’t provide you with more cracking power. Same goes for MHz, it will not provide you with more cracking power. Memory should be enough to run your OS of choice and some more. Don’t be on the cheap side, no computer runs OK with insufficient RAM, but I still need to find the first cracking program that requires gigabytes of memory, except for rainbowtable (in that case system ram does matter a bit but you should calculate your needs based on the size of tables you are using).

Be smart and don’t pick top of the line here on CPU, socket and main memory. It will save you a considerable amount of money that you can than spend on GPU cards.

One of the commentators (Bitweasil, author of the Cryptohaze Multiforcer crack tooling so definitely somebody who has experience with this) recommended to match system RAM with RAM from GPU. With system RAM begin very cheap nowadays and most GPU cards shipping with about a Gig of RAM, you would probably match it by using a ‘default’ amount of 4-8GB. He also recommends to match the amount of CPU cores with the amount of GPU cards, just in case GPU drivers are not optimized as they should. I guess this makes sense, but also shouldn’t be a problem with most CPU’s nowadays being multi core.

PCIe1x is fast enough

This is an important one when choosing your main board. Many boards are advertised with X amount of PCIe16x slots. But when you look closer in the specs you notice that the 16x speed is shared between slots. So when for example slot 1 and slot 3 are used simultaneously, they are downgraded to both PCIe8x or even lower. If you think “more is better” this really makes it hard to pick a main board with as many as possible PCI16x slots. I’ve got news for you, main boards with 8 slots of true PCIe16x are limited to non existing. But there is also is no need for. If you go gaming (still the largest market for creators of main board with many PCI slots) you want to go SLI with some PCIe16x. In that case the cards mostly communicate via the SLI bridge and not via the PCI bus. But we go password cracking, not gaming. And with password cracking PCIe1x is fast enough.

PCIe works with lanes. The amount of lanes is a factor of two between 1 and 32 and is represented by the number directly after the “PCIe”. PCIe16x means 16 lanes. 16x Seems to be top of the line on most boards. PCI version 2 (which is the most used version for GPU cards and main boards right now) has a speed of “500MB per second per lane”. Now, with games textures and vertices are continuously processed by the cards. These are heavy calculations on big sets of input data that together require significant throughput on the PCIe bus. But with password cracking we are talking simple operations on data. Transfer of ‘data’ as in the list of base input words that are to be hashed + ‘operation’ as the set of calculations to be performed by the cores to calculate the hash on the GPU are transferred over the bus only periodically. No way that the GPU can calculate hashes so fast it requires 500MB of data + operations every second. GPU’s are simply not powerful enough at this moments to achieve 500MB/s.

So, PCIe1x is speedy enough. Suddenly a lot more main boards become available :-)

Memory on GPU card is not a delimiting factor

This continues on the discussion that the throughput of the GPU cards isn’t that big for password cracking compared to gaming. Using a gigabyte of memory on the card is a ridiculous huge amount that no tool will use. Perhaps only when you are using ridiculously large dictionary files. But if you are using dictionaries that are approaching 1 gigabyte you might need to verify the usefulness of the dictionary. Brute force will be faster.

So, save yourself some money and don’t go for the GPU cards with a ridiculous amount of memory. It will not improve your cracking speed. And with most cards shipping nowadays with 1-1.5GB of RAM, my pick would be those, and not the extra expensive with 2GB.

PCI riser cards can come in handy

With also the PCIex1 slots being usable for cracking, the only thing you need to overcome to use all PCIe slots on a main board is the fact that most GPU cards require the physical space of two PCIe slots. Flexible PCI riser cards come in handy here.  If you can find a way to lift the cards and have a big enough box to fit all these double sized GPU cards, you can then interconnect them with the main board via (flexible) PCI riser cards. Many solutions exist. Note that in theory all you need is a PCIe1x connection (the shortest possible connector). Just make sure the card you buy allows for it without sawing holes in the PCI connector (and if you do want to saw in your PCIe equipment here is an excellent tutorial: http://blog.zorinaq.com/?e=42) .

AMD has the more powerful architecture

When buying GPU cards for password cracking you have two different vendors to choose from: NVIDIA and AMD. Which one to pick? Short answer: go AMD, the results are all over the place.

Long answer: go AMD because they have an architectural preference of more cores/ALUs, resulting in more parallel calculations. AMD has more cores at a bit lower speed, where NVIDIA goes less cores but higher speed. For gaming there is not much between them. But AMD’s solution comes in handy for the task of password cracking.  You can read up all kinds of things like AMD’s move from the VLIW to the CGN architecture, NVIDIA’s current FERMI architecture that the Geforce500 architecture is based on, the move to the 28nm process AMD already made and NVIDIA will do with the to be released Geforce600 architecture, but the bottom line is that AMD’s approach is faster for password cracking.

The battle isn’t won, both NVIDIA and AMD have the same goal: continue awesome graphics performance but also enlarge the use for General Purpose computing on GPU. So perhaps NVIDIA’s next move will change things, but for now go AMD.

Pick the AMD HD79XX series

AMD recently released the HD79xx series. My pick right now would be the HD7970 card. It’s performance is top of the line, and the pricing is not ridiculous (check stats at https://en.bitcoin.it/wiki/Mining_hardware_comparison). You can go one series below and go HD6970 or HD6990 (basically 2 HD6970s on one board). But only go that way if you find a nice discount.

In the next few weeks AMD will release the HD7990, which basically will be 2 HD7970s on one board. They did the same trick with the HD6990, and if something teaches us from that release is that availability will be very hard. If you buy one card that may not be a problem, but buy 4 of those at once and you may have an issue. Do note that AMD has an issue where no more than 8 cards are recognized by the system. So when going HD6990 or future HD7990 you can only hold 4 of them (as these cards are double GPUs on one card).  I’m sure NVIDIA has similar issues I just don’t know the exact limit at this moment (it used to be limited to four cards about two years ago).

Linux support for AMD sucks, expect issue or wait for new software versions

AMD has shown not to take Linux as seriously as Windows. The catalyst drivers for Linux are a mess, although they are getting better and better. NVIDIA has been in the same spot a few years back, and they have fixed it. AMD will also fix this, but it will take some time. Right now you can expect that the current release (12.1) has issue detecting the latest HD7970 card. Simply wait for a newer version of go Windows if you want to use this card.

So, with these main topics discussed, let’s dive into the four different options you have. Of course your budget is the main decider for what way you want to go. More budget pays for more power. I’ll start with the cheapest one.

Option 1: add new cards to your existing GPU cracker

Budget estimate: a few hundred Euro

If you already have a GPU box you can simply add or swap cards. As stated above the CPU, memory and chipset will not hold you back. Simply add an HD7970 to your box. Or if you already went NVIDIA find yourself a nice GTX590 or a discounted GTX570.

My experience with combining AMD and NVIDIA cards in one box are pretty bad. You can expect issues at the driver level (does combining NVIDIA and AMD drivers sound like a good idea to you?) and with the password cracking tooling (you are pushing limits and may encounter bugs the creators never looked for).  Good luck with that.

Note that Bitweasil notes that he has success with mixing AMD and NVIDIA on Linux (see his tips in the comments). I have not tried it, but give the driver model of Linux I would not be surprised if it does work. My experience with mixing cards is on Windows 7, which has been far from trouble free.

Option 2: building a new tower model GPU cracker from scratch

Budget estimate: base system 1000 Euro + Euros for a maximum of 4 double sided GPU cards to add

If you don’t already have a GPU box you can simply build your own. The option explained here covers hardware needed for a ‘simple’ tower model PC stacked with GPU cards to the max. Current of the shelve main boards allow for a maximum of 8 PCI cards, which leaves for a maximum of 4 double sided GPU cards.

As explained earlier you can go moderate on CPU, memory and chipset. Challenges here are to find main boards with as much as possible PCI slots but also the right tower model cases to have room for all the GPU cards and PSU’s. Cooling may also be an issue, although any big case allows for plenty fans to be positioned.

Main board options

  • Gigabyte GA-X79-UD3: uses the latest Intel socket 2011, is advertised to handle 4-way-SLI (which in our case is important as it will handle 4 double width GPU cards) and is advertised in NL for around Eur190. Also, as it has 2 PCIe1x slots, if you start using PCI risers you can add even more cards.
  • Gigabyte GA-990FXA-UD7: for AMD cpu’s. Not newest socket but has 6 PCIe slots in 16x size, one in PCIe1x size and a traditional PCI slot. Supposed to handle 4-way-SLI and advertised around Eur190.
  • Gigabyte GA-X79-UD7: basically the same as the Gigabyte X79-UD3 but this one doesn’t have any traditional PCI slots. With Eur300 it’s more expensive and I would only pick this one if you would go with PCI riser cards to fully use the extra slots. Also this main board requires a XL-ATX case (discussed later on).
  • Gigabyte GA-X58A-UD9: uses an older Intel socket but comes with 7 PCIe slots, all in PCIx16 size, but not 16x speed. Can handle 4-way-SLI Advertised around Eur400, but not sure if it is shipped anymore. It needs a XL-ATX case. I would only pick this one if you go PCI riser and choose GPU cards that don’t support a PCIe1x connector.
  • EVGA 270-WS-W555-A2: supports Intel 1366 socket (if you want to go Intel Xeon), has 7 PCIe slots and can cope 4-WAY-SLI. Advertised around $600, which I find expensive. But some prefer the ‘professional’ approach EVGA has on the main boards. Main reason for this one is the brand and if you want to use dual Xeon CPUs. For all cards to be filled you need a case that can hold 9 PCI cards. See below for a list.
  • MSI Big Bang MARSHAL B3: a bit older Intel socket (1155), but has 8 PCIe slots available, all in full size, reasonably priced at Eur340. However, can’t find it at many web shops so availability may be an issue.
  • MSI 890FXA-GD70: recommended by Bitweasil as he has good experience with it. Takes AMD cpu’s and takes 4 double sized GPU cards. I couldn’t find it anymore in NL web shops, but the last price it was know to go for was Eur180, which is pretty good.

Cases options

Main challenge with the case is size. Although not a real standard XL-ATX, Ultra ATX and HPTX are terms to look for. Some of the cases I found:

Cooling

Make sure to spend some effort on cooling. With that many GPU cards and PSUs you will need it. Any big case you buy allows for fans to be added. Make sure to use these.

Water cooling can be an option, but to be honest I don’t have experience with it so can’t advice you on it. I also haven’t looked at the options as our GPU cracking machines are positioned in an air controller lab.

Option 3: building your own scalable supercomputer on a budget

Budget estimate: base system 1000 Euro + Euros for as many GPU cards as you can fit

We will be using the same components here as we did with option 2, except for the case. Budget for the main computer is about the same. But as you can stack more GPU cards you can spend your bigger budget before going to a second box.

Main issue with the previous option is that you will not be using all PCIe slots. With double sided GPU cards you need PCI riser cables to use all slots, and no case allows for 8 double sided GPU cards to be fitted away from the main board. So, what if we go without case? The guys at HighSpeed PC have a product called Top Desk Tech Station. It’s as simple as a case can be.

Now, with the advertised options you have the same space as a normal XL-ATX case. However, they also build custom design. I’ve been in contact with them for an extended version of their HPTX version. It’s fairly easy for them to adjust the design so you can lift the GPU cards and stack 8 double sided cards. I’ve seen the not yet released design and it simply rocks as it has a third level for your cards that use the PCI-risers. You can go even further and use PCI splitters to combine several cards on one PCIe slot (do note AMD’s maximum of 8 cards recognized). The Top Desk Tech Station XL-ATX goes for Eur180.

Pricing for the custom built (which will become a new product as they receive more and more demand) is not detailed at this moment. But the price they were offering me the custom built for is only just a tad more expensive and still is very reasonable.

Now for connecting the cards to the main board you need flexible PCI riser cables. These come in 16x size and in 1x size. Price around 10 to 30 Euro per cable.

Cooling does become an issue, so make sure you attach enough fans to your system. In my situation where the box is in an air conditioned environment these cooling issues are non existing.

If you are worried about warranty find yourself a local computer dealer that will built this system for you and sell it as one. That way they can handle any warranty issues if you encounter them.

Option 4: buying a pre built super GPU computer

Budget estimate: Eur13.000 excluding tax and shipping

The final option you have is to go professional and buy a solution from the guys at Renderstream. My pick would be the VDACTr8-A model. It can hold 8 double size GPU cards. The Renderstream solution is based on the TYAN FT77B7015 barebone with a custom built S7015 main board that has the PCIe slots positioned so it takes 8 double sized GPU cards.

Perhaps you can purchase these components yourself and save some money. I did look into this but had a really hard time finding shops where you can buy the TYAN FT72B7015 and the main board. Eventually I gave up. Also buying the entire solution from one vendor has much added benefit in terms of warranty and service. Be sure to ask them yourselves for a quote, but think about Eur13.000 for the basic VDACTr8-A model with 8x HD7970. That is excluding tax and shipping. Positive note for us Europeans, second half of 2012 they will be opening their warehouse/shipping center in Europe.

update: added a few remarks from Bitweasil’s comments below to be inline with the text. Also added more details on the custom built from the guys at Top Desk.

Your awesome ‘Hacker Hacker’ ringtone is here

Posted in Uncategorized on 2011/06/07 by mram

Now you can listen to Hacker Hacker every time your phone rings. How cool is that!?

‘Hacker Hacker’ is the song that the guys from Phenoelit presented during the last PH-neutral. It has been an awesome few years of partying, sorry to see it go.

Kudos to all that helped make PH-neutral such a great yearly meeting/party,  kudos to @Phonoelit for the great song, kudos to @binarydom for the awesome vid, kudos to FX for enjoying our champagne during the keynote year after year ;-) and thanks to @michielprins for making the m4r.

Zip of M4R and MP3 ringtone can be found here (rename to zip as WordPress doesn’t allow commonly used file extensions):

Original YouTube movie can be found here

MP3 of original full song can be found here

So, next DefCon I wanna hear some ‘Hacker Hacker’ :-)

Online passwords: why don’t we have to change them periodically?

Posted in Online security, Password, Security on 2011/03/26 by mram

If I look at the password policies of the websites and services I visit online, then I notice they are about the same as the ones I find within companies. Of course there are bad examples, but most of them require that a password:

  • is at least 8 characters in length;
  • contains both lower and upper case letters;
  • contains at least one number;
  • contains at least one special character.

This is a Good Thing (TM) as with these rules you are forced to create a password that we consider to be strong. Strong passwords results in the password hash being hard to guess or crack in the case a hacker compromises the web server. And as we have seen website compromises happen a lot, even to the really big websites including the hoster of this blog.

But, there is one really big difference with the password policy in your office: in the office you are most likely required to change your password periodically. I still have to find the first website that enforces you to change your password periodicallly.

By the way, I bypass the option of using OpenID or some other federated online identity solution. I simply accept that websites with passwords will be with us for another few years.

Bad thing?

Is not having an password expiry function on online accounts a bad thing? I do think so, at least it is for the websites that you regularly use or are otherwise important to you. Why is this bad? Well, simply put it limits the time an attacker can misuse your account when compromised. And comprises happen as we have just seen.

Accounts are a potential threat for the IT systems as they provide some level of access. So, requiring you to periodically change your passwords ensures to the IT systems that even if an attacker is able to intercept someones credentials, or crack someones password, the attacker can only use it for the time the compromised password is the same as the current password.

This is many times combined with an account lockout procedure; when not having logged on for some time your account will get disabled. This is normally done to prevent old accounts to remain active (of employees that left the company for example) and to ensures to the IT systems that you still are an active user and that you need your access.

Both measures boil down to the thinking of ‘the less accounts on the system the better’. Both are impact limiting factors that are implemented by the ones that feel the pain when something goes wrong: the owner of the IT systems.

Online we feel the pain

But in our online social world this is turned around. We as end users feel the pain when our accounts are hacked, not the website owners. Their entire business model is based on people having accounts on their websites, it’s not seen as a risk. Having old accounts – even hacked ones – doesn’t hurt them.

If your account is hacked an attacker now has the ability to intervene with your online social life, or is able to see your financial data or even order something at that web shop. And to make it worse, we are totally dependent on the implemented security measures of the website to protect our accounts.

The website that provides us with the service will not feel the pain if a single account is hacked. By the way I say ‘a single account’ as they of course do feel the pain when their entire websites and all accounts are hacked. But in that case they had a bigger problem and a periodic password change policy will not help them.

Website owners don’t care

The important thing here is that the web sites don’t really care if your accounts gets hacked, only you care. So why should they include a policy that requires you to periodically change your password? Well, from their view point there actually are some reasons why they don’t want to:

  • There is no reliable password recovery procedure that makes sure they are contacting the real you. There is no help desk you can call and that can ask you your secret question. Forgot about sending an email as you probably have the same password for your email as you have for your online accounts (if so, you are an idiot and should start changing every password now!);
  • It is not a given that you use the service every day as you do with your computer in the office. So you may not be warned in time that your account will expire. This however can be easily circumvented by sending a simple informative email.
  • Together with the previous: website owners don’t want to scare users away. So if you use a service a few times a year, and you can’t log in because of the password being aged out or because they keep receiving emails about password aging, vendors may think that may scare the customers away as their service is less easy to use;
  • Vendors are scared to send out emails to their users about anything that has to do with passwords, as such actions may also be used by social engineering attacks. The easy choice then is to never send out emails about passwords, so a social engineering attack really stands out as soon as it happens.

So, nothing to win here for the website owner.

The only reason why they should include an account expiration function is because we as end users want them to! I want my online identity to be as guarded as much as possible. An account expiration is part of a good password policy. And if I’m not periodically reminded of the fact that my password hasn’t changed in the last few months, I will forget and end up with the same password as 5 years ago. And as website are constantly under attack, the security of my online identity is depending on the success of the security measures of the websites. I don’t like being fully dependent.

Solution

I want the website to remind me of my aging password. Yes I can remind myself using an agenda, but I think it’s redicilous that websites don’t see this as something they should do.

Maybe I don’t want the reminder for all websites that I have an account with, but at least for the ones that I find important as they store financial data (luckily my bank has two factor authentication), as they have parts of my credit card data as I frequently order stuff at their web shop, or as they area part of my online identity (WordPress, LinkedIn, Twitter to name just a few).

So, dear website makers. Please add a little tickbox to your ‘accounts’ sub site that allows me to remind myself to change my password. A reminder at login would be great and even a simple email that says ‘You haven’t changed your password in X days. Remember to do so the next time you login.‘ The email doesn’t need to have a hyperlink to your website so a social engineering attack is still less likely to happen.

Even if this is optional I would be very happy and I will respect you as a website that sees online security as a good thing. Just give me the option. Please!?

Champagne and the mystery of the 6 turns of the muselet

Posted in Champagne on 2011/01/09 by mram

When opening a bottle of champagne you have to remove the wired cage that sits on top of the cork. This wired cage is officially called the ‘muselet’ and it is loosened by removing the foil and turning the wire counter-clockwise. If you are like me you probably have never paid attention to the amount of turns it takes. But a friend once noticed that it always(!) takes 6 turns if you do by hand, or 3 if you count full 360 degree turns.

That was years ago, and since then we have tested many bottles on the amount of turns. The outcome has always been the same, regardless of the brand or type of champagne. But we also noticed bottles of Cava, Vonkelwyn, Sekt and Crémant de Bourgogne have the exact same number of turns. So I got really curious. I kept on asking myself ‘Why does it take 6 turns to open the muselet?‘.

By the way, this is the moment where you may think “Nah, that’s not true, I don’t believe this guy. All these thousands of champagne houses all use the exact same number of turns… yeah right”. I challenge you. Go buy a bottle, count and let me know.

Source: wikipedia As I didn’t know the answer I started asking people that really should know this: people working in the champagne business. I asked the owner of my local liquor store, some importers of champagne, the owner of a champagne bar in Amsterdam and even the guide of a tour through the cellar one of the big champagne houses. Answered ranged from “Good question, I never noticed that” , “I don’t know” and “I guess it’s because of the tradition” to “6 refers to the pressure of 6 atmosphere in the bottle” and “6 is what French see as the number of intense happiness”.

None of the answers were spoken out with confidence. Not happy with these answers I kept on asking. And after searching for a long time, hearing many different answers and checking online I have come to the conclusion that it has to do with pressure, standardization, ease of opening and manufacturers of the muselet.

Pressure
Sources are not very clear on who exactly invented the muselet. But is is clear that Dom Perignon and Adolphe Jacqueson made important contributions. Dom Perignon is believed to have made important improvements to the production process of champagne. Including a wire caging on the cork. At that time a lot of bottles were lost during production because the cork or the bottle was unable to withstand the pressure of the Champagne. Dom Perignon’s invention made it better.

But it wasnt until 1844 that Adolphe Jacqueson made the muselet in the shape and form as we know it today. Perhaps Adolphe also decided that six turns, or 3 full turns, was the best way to do it back in those days. Perhaps the number 3 for the full turns was an optimum between the amount of power to resist the pressure from within the bottle and the length of the wired leaflet so that you can remove it easily.

Standardization
During the years many things got standardized. From the grapes to use, the area where it may be produced to the size of the bottles. This is all agreed by the Comité Interprofessionnel du vin de Champagne. In the end also the amount of turns of the muselet was agreed upon.

Ease of opening
Having it standardized makes sense to have a strong brand. But in this case it has second added value: ease of opening by the sommelier. A sommelier should provide good hospitality and service to it’s guests. It was (and still is) regarded a good manner when the sommelier can open a bottle whilst looking to his guests instead of the bottle. So, having a standard number of turns makes it easier for the sommelier and keeps the guests happy.

Manufacturers of the muselet
So now we know why Champagne bottles all have muselets that require 6 turns. But, that still doesn’t explain why Sekt, Vonkelwyn and Cava also require 6 turns. Turns out there is a pretty easy explanation. There aren’t that much manufacturers of the machinery that can put a muselet on a bottle. These manufacturers create the machines that are sitting in the production line at the perimeter of  the Champagne houses, and can process up to hundreds of bottles a minute. I was told by a spokesman of a famous Champagne brand that there are only two manufacturers in Europe that deliver to Champagne houses. One in the Champagne region, the other in Italy. And they produce all the machines used for putting the muselets on the bottle. So let’s say you want a muselet that requires 10 turns for your Prosecco. Then the manufacturer needs to alter their machinery. This results in more expensive machinery and you probably going for the cheaper 6-turns option. And the cheaper option also happens to be supported by a great tradition of Champagne. So, easy choice.

So, there you have it. One more answer to a question you probably never asked. But sure a fun little topic you can entertain your guests with the next time you open a wonderful bottle of champagne. Cheers! Oh, and let me know if you heard a different answer or if you happen to find a bottle of champagne that does not require 6 turns!

Update 2011-03-27: declared more specific that the machinery of the manufacturers are situated at the perimeter of the Champagne houses and that the muselets are not shipped to the Champagne houses.

Update 2011-06-05: I was at my little niece’s birthday party recently. Learned that kids champagne (not with real alcohol, just soda that looks like champagne) also comes in bottles of which the muselet requires six turns. I did not expect this, but it does make sense.

Update 2011-06-15: I’ve visited the champagne region as I was in the area after the 24 hours of Le Mans. I did the tour through the cellars of Mumm. After the visit I asked the guide about the mystery of the 6 turns. Apparently I was the first ever to as this question, and clearly they did not have the answer.

Update 2012-02-06: Magnum champagne bottles also require six turns. Sounds logical, but just wanted to let you know.

Update 2012-04-12: I’ve tried champagne beer a few days back (= beer modified to taste a bit like champagne, also called a ‘Gueuze‘). More specifically I tried ‘Oud Beersel’ and my friends tried two other brands. They comes in a small bottle, with a champagne cork and a muselet. They all required 6 turns to open.

Update 2013-01-12: Hungarian sparkling wine also requires six turns.

Update 2013-04-18: based on comments updated and included Adolphe Jacqueson as an the inventor of the muselet in the shape and form as we know it today.

CPU based password cracking is not dead!

Posted in Password cracking, Security on 2010/11/05 by mram

In the old day, password cracking (or password auditing or recovery if you are that old school) was relatively easy. You got the hashes from a system, put them in John The Ripper, waited a while and had results. If you wanted faster cracking you just bought a bigger CPU. In the last few years much has changed. We have seen new ways for password cracking like pre-computation tables and rainbow tables. But one of the major recent shifts is that to new architectures with massive theoretical power that we can use for brute force password cracking.

In this post I will not be challenging the enormous computational advantages for brute force password cracking that new architectures provide. These new architectures are simply better for specialized tasks.

However, this post is about:

  1. Putting the power of new architectures in perspective (that of a professional penetration tester*, see below for details);
  2. Proving that CPU based password cracking is long from dead;
  3. The introduction to a little hobby project I will discuss in a future post.

New architectures and why they are not usable yet

So let’s start with the new architectures that are  already being discussed in relationship to password cracking. These architectures are:

  • Cell architecture (e.g. from the PlayStation3);
  • Field-Programmable Gate Array (FPGA) and to some extend even Application Specific Integrated Circuits (ASIC);
  • Cloud Computing;
  • Graphics cards, or Graphics Processing Units (GPU).

I will only cover GPU here and not the Cell, FPGA/ASIC and Cloud architectures. They are proven to be very fast in very specific situations, but non usable at this moment as they have too many disadvantages at this moment. For Cell research has been done by Nick Breese but practical implementations are very limited, only MD5 and WPA that I know of. Others you should create yourself. FPGA and ASICS require a setup per hash type or reprogramming your setup. They require detailed knowledge of pseudo-hardware design and programming skills for every specific hash type. Therefor they are relatively expensive and only interesting for very targeted attacks. Finally, Cloud Computing sounds cool but is ridiculous expensive for password cracking. It also has an inherent insecurity that you will be sending your client’s data to a  service provider which in itself may require you to change your contract with your own client.

That does not mean that some bloke somewhere in the world has got a setup up and running. Or that very specific setups are actually kicking ass, like the FPGA setup for cracking A5/1.  It does mean that these architectures are not ready for wide scale usage at this moment.

If you disagree with the stated disadvantages, please keep on reading as there are disadvantages to GPU based cracking that also apply to the just mentioned architectures.

They say GPU is the new way

There is one architecture that has come to a very fast rise in the last few years: graphics cards, or Graphics Processing Units (GPU) with General-Purpose computation on Graphics Processing Units (GPGPU) standing for the activity of using your graphics card for doing other computations than graphics. I will not cover the details of GPU’s here, many resources exist on the intertubes. What is important for this article is that GPU’s have more power than CPU’s have for parallelization, which happens to be quite useful for brute force password cracking as these are simple calculations that can be programmed in parallel very easily. It’s Single Instruction Single Data (SISD) on CPU versus Single Instruction in Multiple Data (SIMD) for GPUs. SIMD wins in regards to raw power on predefined tasks. Many research exists on the net about this topic, like this.

OK, that’s all very interesting but nothing new I hear you say. GPUs are fast, new, full with potential and kicks but for password cracking. But let’s take a step back and be critical for a moment.

Should we give up on CPU based password cracking?

My answer is no, or not yet. I’ve got two reasons for that:

  1. Brute force cracking is only part of the game;
  2. GPU tools have several key disadvantages at this moment.

I will discuss both.

Brute force power is only a part of the job

Up until now I only covered brute force cracking. I would like to point out that brute force cracking should only be considered as a last resort. A fast cracking of password hashes depends on much more:

  1. A descent cracking strategy for the hash type. Hash types differ in ease of cracking. Per hash types and per knowledge about the client or the effective password policy it differs if you want to use rainbow tables, dictionaries, brute force and/or educated guesses, and in what order you want to use this;
  2. A good dictionary, customized to the environment. Dictionary cracking is faster than brute force and is an essential part of cracking. The dictionary should reflect the words people tend to use as the base of their password. The dictionary is than used for cracking on the raw words (e.g. vanessa) and on the mutations of the raw words (e.g. Vanessa2003). With a dictionary adjusted to the specific environment you can make a big difference.
  3. Good, stable tools that you can use for the actual cracking. This means support for the hash type and non crashing. If I put in a list of hashes to be cracking during the night, I must be sure that I get some results in the morning. I also need an easy to use interface.  In my case I want it to be accessible for my team via a web interface and possibly via a secure email interface.
  4. Raw power for brute force cracking. This is the step where we simply try all possible combinations of the characters space to find a password as apparently the password is that strong.

As you can see, only the final step includes brute force cracking. By the time you get there most of the times you already have cracked a large set of the hashes. If you have more raw power, you can make a difference on the final step. Only on the final step.

Disadvantages of GPU tools

I’ve been playing around with a GPU setup for several years now. My setup consist of: Intel i7 920 @ 2,66GHz, 6GB DDR3 @ 1066MHz, 2x ASUS ENGTX295x GPU cards with 1.8GB memory, 1x NVIDIA 9800GT,  ASUS P6T7 Supercomputer mother board and a 1500Watt power supply. Now, this a pretty impressive system and the results of cracking on this box are also. It has shown that GPU based password cracking is very fast and an easy way to go for replacement of CPU based password cracking on a single box.

But during my testing, this setup has shown several very important disadvantages  that prevent me and my team from usage. These disadvantages are:

  1. Support of hashes. Many tools exist and most of the tools support the most used hashes, e.g. LM, NTLM, MD5. But there are many more hash types that I need support for (e.g. Kerberos, MD5 Crypt, MS Cached, MySQL, SHA, Oracle, etc.) as they are used in the real world at my clients;
  2. The tools are highly unstable. It truly is a market that is not yet matured. Whizzkids pop-up doing some blindingly fast implementations of specific hashes types. But the result is that the tools are in a beta or 0.x stadia, remain there for a long time and that the majority of the tools only focus on 1 hash type;
  3. It’s very hard to scale. Clustering or distributed usage is not possible with the current tools so you are stuck with one box. To put a box full of GPU cards requires immense power supplies, a mother board with a ridiculous amount of PCI slots (of which only a few exist). And then you still only have one box which isn’t very useful if you have a team of people wanting to crack hashes.  You could also go Tesla, but the performance on Tesla setups is not that great with the available tools: the whizzkids simply can’t develop for an architecture that they don’t have. Tesla is also not the cheapest way to go;
  4. It’s hard to automate as many tools only support 1 hash per time. The interfaces of the tools are all different with some being solely interactive (non scriptable, darn you Windows GUI apps);
  5. The performance gain of GPUs is on average about 5-30x compared to CPU based cracking. Faster is better, but I find it not _that_ shocking (OK, relatively).

It’s when I simply compete my old school CPU based John The Ripper setup with wordlists and easy to use and stable interface to the GPU cracking server and tools with these disadvantages, the CPU thing is simply faster most of the time. Only when I’m looking for that true random 9 character hash GPUs do the trick. But when you are at 10 characters, the majority of the hashes is non breakable for GPU. So the sweet spot for GPU is limited at this moment.

No I don’t forget the commercial tools

There are commercial tools available that do support more hash types, are distributed to some extend and should be stable. For example the guys at Elcomsoft make some cool stuff. I really support these companies in making their business out of password auditing. But their licensing and/or their fee simply doesn’t make it usable for me. Also, the impact of cracking passwords to my clients is a bigger when I only use freely available tools. Yes, you may think this shouldn’t count as a valid reason. But the thing is that I can recommend the client only to a certain extend. In the end my client is the one that decides to pick up a finding about weak passwords and give it a certain priority for follow up. In my experience the acceptance and priority is much higher when I use freely available tools during the illustrating in the reporting and/or the demo of the hack.

Conclusion

So, there you have it. I’ve been using GPU based password cracking for some time now. I’ve seen the power. I fully support all the different tools that are out there and I expect them to be fully awesome in the future. I really do.

But at this moment there are too many disadvantages, and the advantages are not that great. Maturing the GPU tools, having support for more hashes and be able to cluster it, that would be great. But before we are their yet I don’t want to give up CPU based password cracking combined with a good cracking strategy and good dictionaries. It simply better suits my need as a professional pentester.

For me personally one of the biggest disadvantages of current GPU tools is the interface and the abbility to scale to distributed environment. As I will show you in a future blog post, I’ve got a pretty cool solution for that for CPU based tooling: clustering with a proper interface. I get really cool results with that.

* My background here is that of professional penetration testing. When I’m at a client and hacked one or several of their system I need to pick out the (too) easy password immediately and be able to crack the remaining hundreds or thousands hashes I found in short amount of time. I don’t necessary need to crack them all, although that would be convenient. Where a real hacker has lots of time, I need to provide the client with proper insight within a short amount of time.  I don’t have a gazillion euro budget to buy all tools available and I will not be sending the hashes of my client to a different service provider. I do work in a team of testers, we share a lab consisting of several systems that can support us in our work, and I do have knowledge of what type of passwords people actually choose. Operations of the cracking servers should be fast and easy for us.

[TOOL] pwClean – cleaning your password dump files

Posted in Security, Tools on 2010/09/24 by mram

I finally picked up some code I had lying around and finally created something useful with it. Not a big thing, just a simple tool that you can use to remove useless accounts and password hashes from the output of your favorite password dumping tool (pwdump, fgdump, gsecdump, etc.)

Skip the blabla and go straight to the Tools section.

Situation

So, you are doing a pentest and got several system rooted, maybe even a domain controller. One of the steps after compromise is getting the password hashes to get them cracked. Knowing the passwords in stead of only the hashes is an important step as it can for example provide you with access to that important financial application that is not AD-integrated.

Problem

But now you have got this text file with over 100K lines of password hashes. Sorting of the hashes before cracking is essential as your favorite tool dumps the hashes of many, many accounts that you are not interested in (system accounts, built-in, history, etc).

You can filter by hand or use your favorite text editor. But you need it to be faster, easier.

Solution

Introducing pwClean: a simple yet effective Windows application that helps you with exactly this problem: sorting the files with password hashes.

Using pwClean

Using pwClean to select Administrative accounts: contain 'adm' and in this case also '-a'

Pro’s:

  • independent for password dumping tool used (support for pwdump, pwdumpX, gsecdump, fgdump);
  • graphical user interface for easy clicky-click (I know you windows pentesters like that);
  • can select administrative accounts identified by *adm*;
  • lets you select your domain specific ‘admin’ tag, e.g. if the naming convention uses ‘oper_<name>’ you enter ‘oper_’ as the admin identifier;
  • can remove system accounts (the accounts with the trailing $);
  • can remove built-in accounts like Guest, krbtgt, SUPPORT_388945a0, HelpAssistant, TSInternetUser, IWAM_* and IUSR_*;
  • can remove history accounts (_hist or _1) and wil remove the ‘(current)’ tag;
  • supports multiple input files.

Not yet implemented:

  • removal of accounts of which only the SID is know and not the name (orphaned/deleted accounts with the long numbers instead of an account name)
  • drag ‘n drop

Download link can be found in the  section ‘Tools and Papers‘.

Let me know any comments if you have any.