|
|
|
OctoPass™ - Distributed Password Recovery
System
Online Documentation |
OctoPass™ is a new powerful password recovery system made for recovering
forgotten or lost passwords using distributed computing. The current version
supports brute force attack only.
Who and Why Needs OctoPASS?
Password Recovery is extremely resource-consuming task. If a password
protection is well done, brute force attack may be the only recovery method
available. If the password is long enough, it may take a lot of time to
break it. By using the power of multiple computers, you can reduce the
recovery time. OctoPASS first of all, targets security professionals and
forensic examinators. Naturally, utilizing OctoPASS makes sense only when
several computers are available. The more computers you have, the higher
search speed and better results you obtain.
OctoPass Key Features
- Scalable architecture optimized for the best performance.
- OctoPass™ supports remote web-based management.
- Highly optimized recovery engines that support all major algorithms.
- OctoPASS Agents (worker) interacts with OctoPASS Server through the
common HTTP protocol. OctoPASS Agents and OctoPASS Server could
be installed in different LAN segments or even interact through a global
WAN.
- Lightweight installation size, ease deployment.
- Special hardware support. We offer special versions for IBM Cell
processor (available in Sony PlayStation 3) and GPU Password Recovery
Engine for NVIDIA video cards.
Supported algorithms
OctoPASS supports distributed brute force attack for the following algorithms:
- MD4 (ASCII and UNICODE)
- MD5 (ASCII and UNICODE)
- SHA1 (ASCII and UNICODE)
- OneNote (2003, 2007, 2010)
- Access 2007,20101
- MS Money2
- PDF
- PowerPoint (all versions through 2010)
- Act!
- Quicken
- Quickbooks3
- WinRar4
- VBA
- Word 97 - 20105
- Excel 97 - 20105
Notes:
- Password protection in the earlier versions of Access (prior to 2007)
is weak; all passwords could be recovered instantly without brute force
attack.
- Passwords to old MS Money files could be recovered instantly.
- It is possible to reset password on a Quickbooks document, so brute
force attack is required only if only you need to find the original
password.
- Currently we support the recovery of WinRAR passwords, only if file
names in the archive are encrypted.
- There are five different types of passwords used in Word and Excel:
- Modification passwords, document protection passwords, workbook
passwords, and all other passwords - except document access passwords
- all these passwords are recoverable instantly, and OctoPASS is not
required for handling them.
- Access passwords to the old Office (95 and earlier) documents -
these passwords are also recoverable instantly.
- Access passwords to Office 97 - 2003 documents - these passwords
are supported by OctoPASS; however, please keep in mind that you can
take advantage of the Express Recovery service to recover these passwords
quicker.
- Advanced encryption passwords available as an option in Office
XP and 2003. By default, Office XP/2003 uses Office 97-compatible
password protection mode; however, user can choose the "advanced
options" and change the encryption settings. Express Recovery
will not handle such documents.
- Office 2007/2010 passwords. These passwords are very hard to crack,
so OctoPASS can be extremely useful in breaking such passwords.
OctoPass Architecture
OctoPass consists of the following components:
- OctoPass Server
OctoPass Server is to be installed on a single computer, which would
coordinate the recovery process.
OctoPASS Server carries out three functions:
1) Receives password recovery tasks,
2) Hands out the tasks and coordinates the performance of agents in
the network,
3) Allows administering and managing the recovery process.
- OctoPass Agent
OctoPass Agent is to be installed on all computers connected to the
network. OctoPass Agent carries out the password recovery job utilizing
the power of the computer it is installed on .
Since OctoPASS Server consumes very little computing power, literally
any computer can be used as the server. To utilize the computing power
of the server, install OctoPASS Agent on it also.
- Password Recovery Modules (Engines)
The components that immediately execute the password recovery algorithms.
- Password Recovery Software
Password Recovery Software - the program that analyzes password-protected
document , generates password recovery task and submits it to OctoPASS
Server. The password recovery task contains user-selected parameters
of the brute force attack (password length, character set, etc.) and
DocumentData - the information extracted from the password-protected
document, necessary and sufficient for the recovery of the password.
In case of hash algorithms (MD4, MD5, SHA1), DocumentData contains the
actual hash. With the purchase of the OctoPASS license, you will obtain
the full versions of all of our password recovery programs.
OctoPass Server is a CGI application running under on HTTP server. Please
note that requests are always sent from agents to server; server never
sends requests to agents. The network settings must provide that agents'
HTTP requests are not blocked and able to reach server. To add a new computer
to an OctoPASS network, simply install OctoPASS Agent on that computer;
no other settings or configurations are necessary . OctoPASS Agent can
be installed in the completely automatic silent mode; simply run a single
application that doesn't require any configurations. This lightens the
deployment of OctoPASS on a large number of computers.
System Requirements
OctoPASS Server
- Windows 2000/XP/2003/2008/Vista
OctoPASS Agent
- Windows 98/Me/2000/XP/2003/2008/Vista
- High-performance CPU is recommended. The faster CPU is, the better
are the results. Multicore, multiCPU is a plus. Other PC components
(RAM, HDD, ets) do not affect the performance.
Licensing Terms
The free demo version of the software is available for the evaluation
only. The demo mode doesn't have restrictions on the number of agents
allowed to be in an OctoPASS network; however, the only algorithm supported
by the demo version is MD4 (ASCII). No restrictions are imposed on password
length . Each OctoPASS license purchased entitles user to install OctoPASS
on one server. We offer several types of licenses , which differ by the
number of agents supported in an OctoPASS network. You can place an order
here: www.LastBit.com/octopass.asp
With the purchase of an OctoPASS license, you also obtain LastBit
Software MegaPack - all our password recovery programs .
Installing OctoPASS
The installation procedure is described here:
www.LastBit.com/OctoPASS-setup.asp
Using OctoPASS
Check list:
- Complete the installation of OctoPASS Server on the server computer
that will coordinate the performance of all other computers.
- The selected server must be available to all workstations. The interaction
between the workstations (OctoPASS Agents) and the server is carried
out through the HTTP (TCP port 80, but you can change the port number)
protocol; please configure your firewall and network settings as necessary
to ensure the interaction is not hindered. OctoPASS Server must be to
all computers running OctoPASS Agent.
- After OctoPASS has been installed, install OctoPASS Agent on all
computers connected to the network.
- After the OctoPASS software is installed, use a regular Web browser
for managing it. For that purpose, open this Web address: http://servername/installdir/OctoPASS.exe
(enter the server name and the folder name instead);
for example, http://localhost/cgi-bin/OctoPASS.exe If your
browser offers to download the octopass.exe instead of opening the
web page, it means that CGI is not properly configured on your server.
You should allow running CGI programs for the directory where OctoPASS
server is installed.
If the installation has been completed successfully, when you open OctoPASS
Server in your browser you will see OctoPASS' Main Screen. There are four
information blocks on the main screen:
- Brief information about the software: version number, license information,
short introductory information.
- Status of the current password recovery task. If the password is
found it is displayed here.
- Recent Records: latest records from OctoPASS log file.
- Command Menu. Using these commands, you can control OctoPASS Server
and the recovery process.
Once the installation of OctoPASS is complete, the server runs in the
Idle State and expects to receive a task . You can submit it the test
task, designed specifically to quick check the functioning of OctoPASS,
using the Command menu.
To make use of OctoPASS in solving the real tasks , you will need the
corresponding Password Recovery Software available on our website at
www.LastBit.com.
- Run the password recovery application (for example, Word Password).
- Select the password-protected document that you want to recover.
- Choose the Custom (user-defined) password recovery mode.
- Choose "Brute Force Attack" (OctoPASS is designed for brute-force
attacks only).
- Set up brute force attack options, such as the password length and
character set.
- At the last step, choose "Submit the recovery task to the Distributed
Password Recovery Engine (OctoPASS Server)".
- Enter the URL of the OctoPASS server; for example, http://computername/cgi-bin/octopass.exe
. If OctoPASS is installed in the /cgi-bin directory, you can just enter
the computer name; for example, MyPC .
- If you have installed OctoPASS Server to be protected with a password,
you will have to enter the correct password in order to submit a password
recovery task.
- Click 'Next' and then click 'Finish'. The task will be submitted
automatically to OctoPASS Server. You can also submit the task manually.
To do that, tick off the 'Show detailed submit information' checkbox.
On the information screen that appears, copy the request string. Now
you can use the 'Submit New Task' command on the main OctoPASS Server
screen to submit the task. Normally, you should submit password recovery
tasks automatically.
- Now open OctoPASS Server in your Web Browser, so you can monitor
and manage the recovery process.
Commands
All these commands appear on the Command Menu of the main screen (open
OctoPASS Server in your Web Browser in order to see it).
Refresh
Immediately refresh the main screen (the main screen is updated automatically
every 30 seconds).
Submit New Task
Normally, password recovery requests are submitted automatically.
However you may submit a password recovery task manually.
Kill Current Task
Cancel the current task. This operation cannot be undone. Once the
task has been killed, OctoPASS goes to the idle state. After a task has
been killed, the agents will continue running for a while, but after contacting
the server they will also go idle.
Pause
Pause the recovery process. OctoPASS Agents will go idle. You can
resume the recovery process later. Like in the case with cancelling current
task, the agents may continue running for a while before they go idle.
Detailed Statistics
Shows detailed statistics. Here you can see the list of agents and
other information.
Setup
Shows configuration information.
Reset
Resets OctoPASS Server. All active tasks will be canceled, and the
default settings will be restored.
Take Snapshot
Takes a "snapshot" of the current OctoPASS state and saves it
to a specified file. You can restore the state later. Here is a possible
application of this command. You "pause" one task in order to
run a new, more urgent task and then get back to the previous task.
Rollback
Restores the state. The running recovery task will be cancelled.
Erase Records
Clear the log.
Test Task
Submits a test task. The test task is a brute-force attack on an MD4 (ASCII)
hash. The hash is CA2FB1F26ED29FDC8D05BFEA45C351F8 and the program is
to find the original string using the brute-force attack (alphanumerical
character set, password length: 1..7). The original string is "lastbit".
The tesk task is designed for the testing purposes only. You can use it
to verify whether OctoPASS is installed and works properly. The task takes
about an hour of working time on a single computer (depends on the CPU
type and speed). If you have a
GPU engine installed, the task should take just a
few minutes.
Help
Shows this help.
Special Hardware Support
You can dramatically increase the search speed by using special hardware.
Currently we provide software for NVIDIA GPUs (video cards) and IBM Cell
processor (Sony PlayStation 3). You can find more information
here. To take advantage of GPU Password Recovery
Engine, please download GPU Password Recovery Engine from
www.LastBit.com/gpu.asp and install it on each and
every computer running OctoPASS Agent. OctoPASS Agent automatically uses
GPU Password Recovery Engine if it is installed. To disable GPU Password
Recovery Engine, simply uninstall it. If you are interested in the
Cell processor version, please contact us for the further information.
Using OctoPASS Agent
OctoPASS Agent has been developed to minimize the interaction between
the software and user (in the majority of cases, such interactions is
not necessary at all; OctoPASS Agent simply utilizes the computer's resources).
OctoPASS Agent displays its icon in the tray area; however, during the
installation, you can choose to disable displaying the icon. If the icon
doesn't show, use the Ctrl-Shift-Alt-O shortcut to open the main window
of the application. Also, during the installation you can specify whether
or not OctoPASS Agent is to run automatically when Windows starts. Keep
in mind that if OctoPASS Agent is not running on some computer, that computer
will not participate in the password recovery, and, accordingly, the search
speed will decrease. Therefore, our recommendation is to enable the automatic
starting of OctoPASS Agent. Right-clicking on the tray icon will
show the menu. You can pause the recovery (on this computer only; other
computers in the OctoPASS network will continue running). You can
adjust the process priority. When the idle priority is selected, OctoPASS
Agent works only when the computer is idle. This decreases the search
speed, but other programs running on the computer work smoother. User
can use the computer for other tasks. If the higher priority is selected,
OctoPASS aggressively consumes the computer resources - it works faster;
however, other programs may run slower.
Helpful Links
www.LastBit.com -
our web site
www.LastBit.com/octopass.asp -
OctoPASS' home page
GPU Password
Recovery Engine
Password
Calculator - estimate the recovery
time
Password Recovery Methods
Advanced Topics
Q: How do I change the port number?
A: By default, OctoPASS Server uses the HTTP protocol with its
default port 80. You can change the port number if you want. You can do
this as follows:
- Make sure that the HTTP server is configured properly and serves
the desired port.
- During the installation, edit the 'OctoPASS Web URL' textbox and
add the new port number. For example: http://MyComputer:880/cgi-bin/octopass.exe
- When submitting recovery tasks, specify the OctoPASS Server along
with the port number.
Q: Silent installation of OctoPASS Agent
A: Run OctoPassAgentSetup.exe with the /s command-line
switch to install OctoPASS Agent silently. No questions or confirmations
will be shown.
Screenshot (click to enlarge)
|
