Squashing Some Bugs

Release Image

Release Notes

Release 1.3 is a minor release featuring some UI and backend optimizations intended to reduce wasted time per hash crack request and increase software stability. Changes included:

  • Included docker-compose for suggested use which persists database contents allowing for updating without losing data
  • Use of custom AMI and prebuilt standard wordlists - reduce overall job time by ~6 minutes per job
  • More robust support of Active Directory Install From Media Backup zip files for Domain password auditing
  • Ability to terminate cracking jobs at any time
  • UI/API refinement to prevent submission of cracking jobs before files had been fully uploaded

Additional Details

For those curious and for the sake of discussion here are some more details around a couple of the improvements

Docker-Compose FTW!

This release contains a recommended docker-compose.yml file that can be used to run the main Cryptbreaker and MongoDB database instances in seperate containers. The provided configuration also creates a volume which is mounted to the database container allowing for data to persist even if you stop/remove the running containers. Since the docker-compose file references the latest version of the Cryptbreaker docker image you can now receive future updates simply by using this docker-compose file and running docker-compose stop followed by docker-compose rm and then docker-compose up. This will stop and remove both containers, download the newest versions of each, and then relaunch the tool, loading the previous database contents into the new database container.

Saving Time by Prestaging

This update introduces the use of pre-generated default wordlists and the use of a custom Cryptbreaker AMI (Amazon Machine Image) that has been built and shared in AWS. Previously, Cryptbreaker would install Nvidia drivers and Hashcat as part of each cracking job. Now, I’ve already done those steps and saved the image to Amazon for quick retrieval, eliminating the need to install those packages and perform a system reboot. Additionally, Cryptbreaker gets it’s default workdlists from Daniel Miessler’s SecLists project. Previously, a few minutes of each cracking job were used to download this repository, extract compressed contents, combine all the Password pass lists, and de-duplicate into the wordlist to use for cracking. Now, I’ve performed this action and uploaded the relavent output to a file in S3 which the instance simpley copies and unzips. By performing both of these more ‘administrative’ actions before hand Cryptbreaker can be even more efficient with the time you’re paying for when you use it.