Thursday, 19 July 2012

How to Use Ravan for Password Cracking?

In my previous article, i explained about the Ravan Tool.  Now let us see how to use the Ravan for cracking passwords.


Requriments:
Lot of Friends :
Ravan is Distributed password cracking method. So you will need lot of friends who have Pc with Internet connection. The speed of cracking will increase based on the number of pc contribute in the cracking.

How to use Ravan?

Step1:
  • Go to http://www.andlabs.org/tools/ravan.html
  • Enter the value of the hash that must be cracked
  • Enter the value of the salt, if it is not a salted hash then leave it blank
  • Enter the charset. Only these characters will be use in the brute force attack
  • Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
  • Select the position of the salt. (clear-text+salt or salt+clear-text)
  • Hit ‘Submit Hash’
Step 2:
 If hash is successfully submitted, it would return a URL.  Now you just need to send this URL to all your friends and ask them to click the start button.

    The main page manages the cracking so it must not be closed or the cracking would fail.

That is it. Once your friends click start they would be doing pieces of the work and submitting results back. 


The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed


Ravan an JavaScript based Distributed Password cracking



You want to crack a hash but your system speed is low?! No need to worry..! Here is solution for you , "Distributed Password Cracking". Let me introduce a new tool called "Ravan" developed by LavaKumar.

About Ravan:
Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity. Ravan now supports MD5,SHA1,SHA256,SHA512 hashes.

How it works?
Ravan has three components:

Master:
The hash, salt, hashing algorithm, position of the salt (before or after salt) and the charset are submitted by the user. These are submitted to the web backend and it returns a ‘hash id’ which is unique to every submitted hash. It also supplies a ‘worker url’ specific to this hash that must be sent to potential workers.
Once the hash is submitted the master creates arrays of slots (each array contains 5 slots), this is submitted to the web backend. Each slot represents a small part of the keyspace, this is how the entire activity is broken down in to multiple tiny tasks. A single slot represents 1 million combinations.
The master constantly polls the web backend to check on the progress of the cracking process. As the existing list of slots is completed by the workers the master allots more slots. When a worker cracks the hash and returns the clear-text value the master confirm this and then signals all workers to stop cracking.

Web Backend:
The web backend acts as a proxy between the master and the workers. It does not perform any actual computation but validates the data submitted by both the parties and passes information between them.

Worker:
The worker performs the actual hard work of cracking the hashes. Each hash has a unique worker URL and this page explicitly asks for the user permission before the cracking process is started. Once the user accepts and clicks ‘Start’ the worker polls the web backend for available slots, the web backend returns an array of slots from its database. The worker cracks each slot and sends the result to the web backend. After completing all the slots it polls the web backend for more slots.

Here is the tool:
click here

Tutorial: How to use Ravan Tool?

nrelate