ST

m0ei on Sun 26 Jun 2011

Nice, thanks again for a great video.

DesertSun on Sun 26 Jun 2011

Jokerr could you give me your Setup script ? email: ahmetyilgor@mynet.com

tpolm on Sun 26 Jun 2011

Thanks buddy, this is really usefull info.

Bob.Sponge on Sun 26 Jun 2011

@j0k3rr
Great video, thanks for time invested.

On a related matter, are there ATI powered PCs there?
I hear that ATI cards process hashes much faster then nVidia due to architecture.

j0k3rr on Sun 26 Jun 2011

@ m0ei & tpolm: Your welcome guys thanks so much for your wonderful comments

@ DesertSun: I have uploaded the script to mediafire you can download it :) the link to the file has been added to the discription above.

@Bob.Sponge: Thank you , I only made a better tutorial cause you helped point me to the right direction.

In regards to the ATI cards on Amazons EC2's,I believe you could find a cluster that use's ATI cards instead but I did not search for them yet. If i find anything i will let you know for sure.

I wont be having much time to invest on this anymore as i will be focusing on my studys. but if i do find the time i promise to make more tutorials.

Happy cracking guys

D4rkC0d3 on Mon 27 Jun 2011

great video, i really apreciate all the effort in order to make it posible!!!

shadtor on Tue 28 Jun 2011

Great video, thanks for your time and effort! Worked like a charm!

Vivek-Ramachandran on Tue 28 Jun 2011

Nicely done! and thanks for contributing to the community! I am gonna refer this video to anyone who wants to crack passwords in the cloud.

shadtor on Tue 28 Jun 2011

Thanks again j0k3rr for the effort you put into this! Have you played around with running multiple instances with pyrit serve? I setup 2 additional instances but I was only able to achieve around 15000 pmk/s from each additional client.(hovered around 82000 pmk/s total) I tested different workunit sizes in the pyrit config file, but all had the same results...

j0k3rr on Wed 29 Jun 2011

D4rkC0d3, shadtor : Thanks so much for your comments.reading them just makes me want to make more tutorials :)

@ Vivek-Ramachandran: Its my pleasure to give back to the community, Thanks you very much for everything. I learned so much from this site and your videos and its my been fun learning and teaching others :) I plan to make more if i find the time. Im planning on setting up a proper database to hold a huge amount of wordlists and have a bunch of EC2 clusters work on it.

@ shadtor: I have not yet tried using more then one clusters as iv been so busy with other things and im really new to all this and not an expert such as Vivek.But it sounds so interesting reading your comment and it just made me want to go a step further :) I will definitly make another tutorial if i learn all this and post it on here.

VitaminT on Fri 01 Jul 2011

Awesome video! Had to mess around with this immediately! FYI you can get the GPU spot instance for around 75-80 cents an hour instead of $2.10 an hour. pretty cool stuff. keep up the good work looking forward to your next tutorial!

j0k3rr on Sat 02 Jul 2011

@VitaminT : So glad you loved the tutorial, makes me happy reading your comment. I was on my vacation so I was not able to make more but I will work on making more during the next month. Stay tune'd :)))

D4rkC0d3 on Fri 15 Jul 2011

sorry for disturb you but i can´t find the cent OS instace with the gpu, i searched "ami-aa30c7c3" and i just can´t find it, do you know any other similar???

j0k3rr on Sat 16 Jul 2011

@ D4rkC0d3: the ami should always be there. that is strange that you could not come across it...It would be better to ask amazon about it. sorry im not able to help you with this.

j0k3rr on Sat 16 Jul 2011

@ D4rkC0d3: i just checked the status for that ami it says its still available... make sure the region is us-east. as other reagons dont have gpu's yet heres the link on that status http://thecloudmarket.com/image/ami-aa30c7c3--ec2-centos-5-5-gpu-hvm-ami#/definition

let me know if you still have trouble...

WCNA on Mon 18 Jul 2011

That.was.friggin'.awesome!!!!!

Thanks for a great video. Could you upload the tutorial text with all the commands you were using as well?

j0k3rr on Mon 18 Jul 2011

@WCNA: sure, give me till tomorrow and I will post the link on here. Glad u liked it. Thanks for your comment :)))) puts more then a smile on my face ;)

j0k3rr on Wed 20 Jul 2011

@ WCNA: Heres the text tutorial http://j0k3rrr.blogspot.com/

D4rkC0d3 on Wed 20 Jul 2011

problem solved, i think that i'll have to create the same script to speed things up

admin@sovereignmoney.com on Mon 25 Jul 2011

Thanks. Definitely one I'm saving. I've bookmarked your site as well.

chaeo on Sun 31 Jul 2011

Thanks for the info and the script, otherwise I'd be losing money messing around trying to set things up.

kenny on Sat 24 Sep 2011

At the end, how do I crack WPA? Could you simply explain the final thing to do after the script. Example, how to run the captured file for the password.

j0k3rr on Sat 24 Sep 2011

@kenny Hi Kenny,

This video tutorial just guides you on how to setup an EC2 instance with amazon which helps speed up the cracking process. I got almost 50,000 keys per second.

As far as I know you can crack WPA by catching the 4 way handshake and use a technique called dictionary attack. which takes a wordlist with random passwords and runs it against the PCAP/CAP file.

You can find wordlist files online but its better to create your own. I like using crunch to generate passwords.

You should check out Vivek-Ramachandran's videos on how to crack wpa he teachs how it is done.I would suggest watching it from the beginning.

http://www.securitytube.net/video/1756

p.s a lot of wireless networks use their cellphone numbers as passwords thinking its hard for anyone to guess.. well it maybe hard for us to guess but its easy to crack with a password generator and a cracker :)

good luck. hope this helps...

kenny on Mon 26 Sep 2011

Thanks for your reply. How can I transfer the EC2 Setup script file(EC2SETUP) through Putty?

j0k3rr on Tue 27 Sep 2011

@ kenny: Your welcome. Watch the video and you will find your answer....

shivahacked on Thu 10 Nov 2011

@jOk3rr: Amazing work! Millions of thanks to you for going into such details =))!!!

j0k3rr on Thu 17 Nov 2011

@ shivahacked Thank you :) glad i could help. wish i had more time but i will make more videos in the future :) love this site and thought i would contribute :)

shivahacked on Thu 17 Nov 2011

@j0k3rr: Thank you for reply :)

Check for new Amazon EC2 Cluster Compute instance, Cluster Compute Eight Extra Large (cc2.8xlarge). I wanna try with this new one - not much of a price difference - its $ 2.40 an hour ;)

What do you say with this one - 100,000 PMKs/s ??????

shivahacked on Fri 18 Nov 2011

@j0k3rr: Sorry - that's (cc2.8xlarge)not GPU Cluster =(( lol

j0k3rr on Sun 18 Dec 2011

@shivahacked :P u had me excited and confused lol

Kris on Sun 19 Feb 2012

This is an excellent tutorial, congrats to you!

one or two remarks if you don't mind (constructive please :-)

The race in cracking speed is one factor, and we should expect great progress in that matter, but we're still far- far away of what could be considered "reasonable cracking time"

- Most of the pswd cracked are "dummy" passwords, and the avg length is below 11.

- Using your phone # as pswrd should be punishable by death. I have computed a "most used" pswrd dictionary, and I am banging my head when I still see the shear number of really stupid passwords used, even used by "educated people. When I have exhausted those lists, I drop the ball: too costly to outsmart a smart guy.

Lastly, have you tried a precomputed table on your EC2 instance? I have instant speed of millions per sec on a "regular" quad core. I would be curious to see how fast you could go on EC2, probably warp speed (50mil pmks/s ?)
Yes, you are limited to precomputed ESSDs, but the trade-off could be valuable: If you use your phone number as password, you have probably a generic ESSID.
As a ball figure, if you run 50,000 pmks/s on your instance, I would estimate an increase by a factor of x 1,000

- Using your phone # as pswrd should be punishable by death. As well as your pet's name, girlfriend, etc.
I have computed a "most used" pswrd dictionary, and I am banging my head when I still see the shear number of really stupid passwords used, even used by "educated people"