As many of you know, Greg Ose and I recently spoke at Hacker Halted 2009 in Miami. We discussed a distributed password cracker that we designed and implemented that utilizes redirected browsers to build a swarm of worker nodes. The method which we demonstrated can be implemented using large numbers of otherwise useless stored cross-site scripting vulnerabilities. The client-side worker was implemented as a Java applet in an injected iframe.
Greg and I also showed several methods which can be used on different platforms to trick the Java virtual machine into continuing execution after a client has closed the page where it is embedded. This can be used to maintain large numbers of workers even when the vulnerable sites are not visited for long periods of time.
The following video shows the administrative interface to DistCrypt where we can add and manage password hashes.
You can view the high quality version here.
You can also view the slides from our presentation on the Hacker Halted website here.
where can i get it? it seems to be very nice designed
i would like to test it on my own if it’s not just good looking!
send me a mail if it’s available for download or being sold!
Amazing work, will the final project be open source? “Free” processing is a powerful thing, I have a small side project I have been working on for some time now which is basically the same thing except the processing is provided by PHP supporting free web hosts.
[...] à faire travailler la JVM distante même lorsque la page web infectée a été fermée. Une petite séquence vidéo montre grossièrement comment fonctionne ce « cloud hacking ». Même idée, mais plus de détails [...]