Forge: Simplifying the process for cracking hashed passwords
Inferno Systems unveiled Forge, a web application that simplifies the process for cracking hashed passwords. Forge offers a workflow for creating attacks against password hashes that includes dictionary management, plan building and use of mixed local and cloud-based compute clusters.
Tightly-controlled IT environments can run Forge in an offline environment, allowing sensitive information to remain on-site. However, Forge also offers turn-key use of Amazon AWS cloud-based GPUs allowing users to distribute ongoing attacks to powerful, temporary password hashing resources. Users simply enter their AWS account credentials and Forge will add resources at the push of a button, automatically.
Inferno Systems CEO, Charlie Wolford sees the value Forge can have for many organizations. “As a cyber security and penetration testing company, we originally built Forge to serve our own internal password cracking needs. However, as Forge grew in capability and scale, we realized there are many organizations that could benefit from a large distributed system that supports a corporate workflow for GPU resources.”
Built on Hashcat, Forge supports hundreds of hashing algorithms and allows users to build custom attack plans based on any of the Hashcat attack types. Users can manage rules, custom dictionaries and cracked passwords all within an intuitive web UI.
Inferno Systems built Forge to integrate directly with Amazon AWS for customers who want to augment on-site GPU compute resources, or who don’t have any at all. “Forge lets you spin up a massive amount of cloud compute capability. This can result in dramatically reduced capital expenditures.”
John D., one of Forge’s customers from the U.S. federal government explains, “Forge has helped us take password cracking from an art to a science. We can make custom plans, track jobs, get results and reprioritize on the fly with a drag-and-drop.” In addition, Forge easily ties into corporate authentication using LDAP, allows role-based permissions and transfers all data over encrypted connections.
Mr. Wolford believes the launch demonstration shows the power of Forge’s workflow and GPU compute cluster management. “For the release we wanted to show the sheer power of cloud-based compute in augmenting password cracking attacks. When you’re cracking at a rate of tens of trillions of passwords per second, even strong password algorithms have little chance against attack plans you can build with Forge.”
Additional cloud providers are planned for future releases, so Forge users will not be tied to a single cloud provider. This also enables even bigger clusters to be created by combining GPU resources from multiple cloud providers, all at the push of a button. Wolford adds, “the only question is: how big do you want to go?”