"Penetration Tester Develops AWS-Based Automated Cracking Rig"

Max Ahartz, a penetration tester, realized that building a custom cracking rig for research would be costly, so he built one on Amazon Web Services (AWS). In an interview with Help Net Security, he discussed the process and the specifics of his creation. The heart of the automated cracking rig is a bash script that imports settings from a configuration file. Using the aws-cli tool via SSH, the rig remotely builds an Ubuntu server, installs CUDA drivers and Hashcat, and downloads a 66-million-word Seclist password dictionary from an S3 bucket within AWS's cloud network. Hashcat's results are downloaded to the local machine, and the instance is terminated upon completion. The roundtrip time for a sha512crypt hash was consistently less than 8 minutes, demonstrating how efficient the process is from start to finish. Ahartz also pointed out how affordable this cutting-edge technology is. He plans to have the cracking rig available for upcoming Capture The Flag (CTF) competitions and penetration testing projects that may require its capabilities. This article continues to discuss the AWS-based automated cracking rig developed by the penetration tester Ahartz. 

Help Net Security reports "Penetration Tester Develops AWS-Based Automated Cracking Rig"