Moscrack is currently is under development and all releases to date are beta (or alpha) releases, which means they contain bugs. This guide will show you how to install from SVN (the revision control repository) so that you can obtain the latest code which is hopefully the most functional and least buggy. These steps probably work just fine on beta releases too.
Although Moscrack has MANY features, they cannot all be included in
this document. This how to describes a simple setup between two
Ubuntu Linux 16.04 systems using the copy file mode, ssh,
aircrack-ng and basic performance tuning. All configuration options
are left to default. The idea is to get you up and running with
Moscrack as painlessly as possible.
Although Moscrack will likely work on many operating systems, it has
only been tested on Ubuntu Linux. These instructions are based on
Ubuntu Linux 16.04 but will work on other versions of Ubuntu, other
Linux distributions and possibly other operating systems.
This how to does not tell you how to actually use Moscrack.
user@host:~$ sudo apt-get install subversion
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
db5.3-util subversion-tools
The following NEW packages will be installed:
subversion
0 upgraded, 1 newly installed, 0 to remove and 140 not upgraded.
Need to get 308 kB of archives.
After this operation, 1,577 kB of additional disk space will be
used.
Get:1 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64
subversion amd64 1.9.3-2ubuntu1 [308 kB]
Fetched 308 kB in 0s (494 kB/s)
Selecting previously unselected package subversion.
(Reading database ... 259371 files and directories currently
installed.)
Preparing to unpack .../subversion_1.9.3-2ubuntu1_amd64.deb ...
Unpacking subversion (1.9.3-2ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up subversion (1.9.3-2ubuntu1) ...
user@host:~$ svn checkout
svn://svn.code.sf.net/p/moscrack/code/trunk moscrack-code
A moscrack-code/nodes.dat
A moscrack-code/plugins
A moscrack-code/plugins/dehasher.def
A moscrack-code/plugins/pyrit.def.README
A moscrack-code/plugins/pyrit.def
A moscrack-code/plugins/dehasher.def.README
A moscrack-code/extractHandshake
A moscrack-code/dehasher
A moscrack-code/dehasher/crypt.c
A moscrack-code/dehasher/dehasher.c
A moscrack-code/dehasher/test.sh
A moscrack-code/dehasher/Makefile
A moscrack-code/dehasher/README
A moscrack-code/release-notes.txt
A moscrack-code/mosctop
A moscrack-code/moscrack.conf
A moscrack-code/README.cygwin
A moscrack-code/README
A moscrack-code/install_modules
A moscrack-code/Moscrack_Live.txt
A moscrack-code/README.daemon
A moscrack-code/moscapid
A moscrack-code/gpl.txt
A moscrack-code/moscrack
A moscrack-code/moscrack.cgi
A moscrack-code/daemon
A moscrack-code/daemon/moscc
A moscrack-code/daemon/moscd
A moscrack-code/daemon/moscc.init
A moscrack-code/tuning
A moscrack-code/tuning/tune.words
A moscrack-code/tuning/README
A moscrack-code/tuning/tune.cap
A moscrack-code/README.solaris
A moscrack-code/solaris
A moscrack-code/solaris/aircrack-ng.sol11_x64
A moscrack-code/solaris/byteorder.h.patch
A moscrack-code/solaris/aircrack-ptw-lib.c.patch
Checked out revision 408.
user@host:~$ cd moscrack-code
user@host:~/moscrack-code$
user@host:~/moscrack-code$ ./install_modules
Looking for required modules:
X Switch - missing
X DateTime - missing
X Math::Round - missing
X Getopt::Lucid - missing
X Acme::Tools - missing
Storable - found
File::Basename - found
X Struct::Compare - missing
LWP::UserAgent - found
HTTP::Request - found
X Config::Std - missing
Socket - found
X Net::SSH2 - missing
File::Copy - found
IPC::Open3 - found
Term::ANSIColor - found
X Term::ReadKey - missing
X DateTime::Format::Duration - missing
CGI - found
X JSON - missing
X HTTP::Server::Simple::CGI - missing
You have two options to install the required/missing Perl modules:
1. Use your package manager (apt, yum, etc...) to install them
manually
2. Run this program again with --install to build and install the
missing modules with CPAN automatically (will not use package
management!)
user@host:~/moscrack-code$ apt-cache search perl
| grep ssh2
libnet-ssh2-perl - Perl module for the SSH 2 protocol
~/moscrack-code$ sudo apt-get install libnet-ssh2-perl
[sudo] password for user:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libterm-readkey-perl
The following NEW packages will be installed:
libnet-ssh2-perl libterm-readkey-perl
0 upgraded, 2 newly installed, 0 to remove and 140 not upgraded.
Need to get 117 kB of archives.
After this operation, 357 kB of additional disk space will be
used.
Do you want to continue? [Y/n] y
Get:1 http://ca.archive.ubuntu.com/ubuntu xenial/universe amd64
libnet-ssh2-perl amd64 0.58-3 [89.9 kB]
Get:2 http://ca.archive.ubuntu.com/ubuntu xenial/universe amd64
libterm-readkey-perl amd64 2.33-1build1 [27.2 kB]
Fetched 117 kB in 0s (224 kB/s)
Selecting previously unselected package libnet-ssh2-perl.
(Reading database ... 259374 files and directories currently
installed.)
Preparing to unpack .../libnet-ssh2-perl_0.58-3_amd64.deb ...
Unpacking libnet-ssh2-perl (0.58-3) ...
Selecting previously unselected package libterm-readkey-perl.
Preparing to unpack
.../libterm-readkey-perl_2.33-1build1_amd64.deb ...
Unpacking libterm-readkey-perl (2.33-1build1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libnet-ssh2-perl (0.58-3) ...
Setting up libterm-readkey-perl (2.33-1build1) ...
user@host:~/moscrack-code$ ./install_modules
Looking for required modules:
... Just like above example ...
user@host:~/moscrack-code$ sudo ./install_modules
--install
... LOTS of CPAN output ...
user@host:~/moscrack-code$ ./install_modules
Looking for required modules:
Switch - found
DateTime - found
Math::Round - found
Getopt::Lucid - found
Acme::Tools - found
Storable - found
File::Basename - found
Struct::Compare - found
LWP::UserAgent - found
HTTP::Request - found
Config::Std - found
Socket - found
Net::SSH2 - found
File::Copy - found
IPC::Open3 - found
Term::ANSIColor - found
Term::ReadKey - found
DateTime::Format::Duration - found
CGI - found
JSON - found
HTTP::Server::Simple::CGI - found
All modules are installed
1. Create directories
user@host:~/moscrack-code$ sudo mkdir -p /opt/moscrack/cap /opt/moscrack/words /etc/moscrack/plugins
2. Install executablesuser@host:~/moscrack-code$ sudo cp moscrack mosctop daemon/moscd daemon/moscc moscapid /usr/local/bin/
3. Install pluginsuser@host:~/moscrack-code$ sudo cp -v plugins/* /etc/moscrack/plugins/
'plugins/dehasher.def' -> '/etc/moscrack/plugins/dehasher.def'
'plugins/dehasher.def.README' -> '/etc/moscrack/plugins/dehasher.def.README'
'plugins/pyrit.def' -> '/etc/moscrack/plugins/pyrit.def'
'plugins/pyrit.def.README' -> '/etc/moscrack/plugins/pyrit.def.README'
user@host:~/moscrack-code$ sudo cp moscrack.conf /etc/moscrack/
5. Install tuning filesuser@host:~/moscrack-code$ sudo cp -av tuning /opt/moscrack/
'tuning' -> '/opt/moscrack/tuning'
'tuning/tune.words' -> '/opt/moscrack/tuning/tune.words'
'tuning/README' -> '/opt/moscrack/tuning/README'
'tuning/tune.cap' -> '/opt/moscrack/tuning/tune.cap'
6. Create the moscrack user. Follow the prompts,
leave all as default and set a password.
user@host:~/moscrack-code$ sudo adduser moscrack
Adding user `moscrack' ...
Adding new group `moscrack' (1001) ...
Adding new user `moscrack' (1001) with group `moscrack' ...
Creating home directory `/home/moscrack' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for moscrack
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
user@host:~/moscrack-code$ sudo su - moscrack
moscrack@host:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/moscrack/.ssh/id_rsa):
Created directory '/home/moscrack/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/moscrack/.ssh/id_rsa.
Your public key has been saved in /home/moscrack/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qgltjRWzbdoBs7haUkFh+MMVDn5exhj6y2bbUrySexM moscrack@host
The key's randomart image is:
+---[RSA 2048]----+
|
.=.o. |
| .+ +.+ |
| o+.O + |
| +*
@ |
|
o.*.S |
| o * *E. |
| o * Oo.o |
| * =+o+ |
| . o o=.. |
+----[SHA256]-----+
There are two background services (daemons):
1. Add the following lines to /etc/rc.local, just before the line that says "exit 0". Leave out moscd if you don't need it.
/usr/local/bin/moscapid
/usr/local/bin/moscd
exit 0
2. Enable rc.local compatibility with systemctl
user@host:~/moscrack-code$ sudo systemctl enable rc.local
3. If you want to start the service(s) right away, start them manually. Skip moscd if you don't need it.user@host:~/moscrack-code$ sudo /usr/local/bin/moscapid
Loading /etc/moscrack/moscrack.conf...
Moscrack API daemon has started
Use 'kill 3970' to stop the server
moscapid: You can connect to your server at http://localhost:8080/
user@host:~/moscrack-code$ sudo /usr/local/bin/moscd
Loading /etc/moscrack/moscrack.conf...
Lease time: 14400
Lease renew: 900
SSH user: moscrack
Public key: /home/moscrack/.ssh/id_rsa.pub
Moscrack daemon started
Moscrack comes with a cgi script called moscrack.cgi. For the moment, it pretty much only shows you what's going on in a nice graphical interface. The CGI will work on any web server that can contact moscapid. For now, let's install it on the same machine as Moscrack. Once complete, you can open a web browser and point it to http://example.com/cgi-bin/moscrack.cgi.
Configuring a web server is beyond the scope of this document, but if you have apache installed and have not configured anything yet, the below instructions will work.
user@host:~/moscrack-code$ sudo cp moscrack.cgi /usr/lib/cgi-bin/
user@host:~/moscrack-code$ sudo a2enmod cgi
user@host:~/moscrack-code$ sudo service apache2 restart
If you were to run the CGI on another web server, you would need to configure moscapid to listen on an external interface and then copy moscrack.conf to /etc/moscrack on the web server.
A node is what does the processing for Moscrack. You can have as many nodes as you can get your hands on. They can run almost any operating system and hardware and you can connect to them with various protocols. For now, I'll describe how to configure an Ubuntu 16.04 node with SSH using the default copy file mode - meaning files are copied to the node when needed. The default aircrack-ng will be used as well. The alternative is shared file mode which is for use with NFS/SMB or shared file systems. Such advanced options, including Mosix, RSH and plugin support (pyrit, dehasher) will be left for another how to document.
Configuring this type of node is simple. We'll call the node node1.domain in these examples.
1. On the node, create a moscrack user. Just like before, accepting the defaults and entering a password.
user@node1:~/moscrack-code$ sudo adduser moscrack
2. On the node, install aircrack-ng
user@node1:~/moscrack-code$ sudo apt-get install aircrack-ng
3. From the Moscrack server, transfer the moscrack user's SSH key to the node. Enter the password for moscrack@node1.domain when prompted.
user@host:~/moscrack-code$ sudo su - moscrack
moscrack@host:~$ ssh-copy-id node1.domain
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/moscrack/.ssh/id_rsa.pub"
The authenticity of host 'node1.domain (192.168.1.145)' can't be established.
ECDSA key fingerprint is SHA256:hfIIN9MfMA14Ypqc7/f+I9KDwJhX+lZr4xMhb4/oH5c.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
moscrack@www1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'www1'"
and check to make sure that only the key(s) you wanted were added.
4. Verify that you can login to node1.domain without a password as the moscrack user from the Moscrack server. Make sure you can execute aircrack-ng while you're there.
user@host:~/moscrack-code$ sudo su - moscrack
moscrack@host:~$ ssh node1.domain
moscrack@node1:~$ aircrack-ng
... help information ...
No file to crack specified.
The nodes.dat file is a list of all nodes that Moscrack can use for processing. There is a well commented sample nodes.dat in the Moscrack distribution.
Sample nodes.dat - Look for the line that starts with shady, that's an SSH node.
# Node configuration
# Specify one node per line
#
# Format: node/port:type:expire:speed
# Node: numeric ID for mosix, host/ip for ssh/rsh, anything for local. Append /<port> to specify port.
# Type: ssh, mosix, rsh, local
# Expire: date in seconds + epoch that lease expires, leave blank for forever. Used by moscd.
# Speed: nodes speed in key/sec. Set to 1 or more, see README
# Speed is used to calulate how large of a chunk nodes will receive
# If all your nodes are the same speed, you can set them all the same (like "1")
#
# Plugins: type field format is pluginName/type e.g. "dehasher/ssh"
#
1:mosix::3950
2:mosix::2015
3:mosix::500
4:mosix::479
shady:ssh::918
toodapo:pyrit/rsh::6028
hashmaster:dehasher/ssh::20000
funnyport/2218:ssh::903
localhost:local::4000
node1.domain:ssh::1
sudo su -s
cd /opt/moscrack/tuning
root@host:/opt/moscrack/tuning# moscrack -w tune.words -c tune.cap -e test --tune
Moscrack SVN
Moscrack running in tune mode
Trying to validate capture file: /opt/moscrack/tuning/tune.cap
Validated capture file
Loading nodes from: /opt/moscrack/nodes.dat
Auto-chunk size: 300
Estimated cluster speed is: 1 words/sec
> Notice: If your word list contains a match, you will get funny results.
> However, node speeds will still be accurate.
Performing connectivity test in parallel:
OK node1.domain ssh
Measuring node node1.domain
[6082] Killing hung aircrack-ng processes on node node1.domain
[6082] Copying files to node node1.domain
[6082] Launching aircrack-ng on node node1.domain
[node1.domain] Average speed is: 5044
[node1.domain] total active time: 2
[node1.domain] processing time: 0.397
[node1.domain] overhead time: 1.603
Writing the following to nodes.dat.tuned:
-----------------------------------------
node1.domain:ssh::5044
-----------------------------------------
Highest overhead time observed was: 1.603 seconds
Estimated cluster speed is: 5044 words/sec
cd /opt/moscrack
mv nodes.dat nodes.dat.old
cp nodes.dat.tuned nodes.dat