Passware Kit Business and Passware Kit Forensic utilize Amazon Elastic Compute Cloud (EC2) – a highly scalable cloud computing platform for accelerated password recovery.
The following instructions will guide you through the process of setting up and connecting the Passware Kit Agent to Amazon EC2.
You will have to follow these instructions for the first set-up of your own Amazon instance. After you have set it up, you will not have to repeat these instructions to launch the instance in the future.
Choose from the instructions below, depending on your operating system:
Windows-Based AMI
Launching an Amazon Instance
- Create an Amazon Web Services account at: https://aws.amazon.com
- Sign in to your AWS account at: https://console.aws.amazon.com. The following start screen appears:
NOTE: Your account region affects how many instances of a particular type you may launch simultaneously. Refer to the “Limits” section at the “EC2 Management Console.” Make sure your desired instance is not limited there. The options in the top right corner will allow you to change your region.
- Pick up the “Elastic Compute Cloud” service by either typing “EC2” in the search field or by clicking "All Services -> Compute -> EC2":
- The “EC2 Management Console” page appears. Click "Launch Instance":
- The “Step 1: Choose AMI” page appears:
Choose any Windows-based AMI with GPU support. For example, choose "Microsoft Windows Server 2016 with NVIDIA GRID Driver." Then click "Select": - Read the AMI description and pricing information carefully. Click "Continue":
- The “Step 2: Choose Instance” page appears:
Choose the required type of instance by filtering them by “GPU Graphics.” In our example, we choose "g3.4xlarge." (this instance is no longer available in EC2). Refer to Step 2 to check the limitations for this instance, based on your account region.
Click "Next: Configure Instance Details."
- The "Step 3: Configure Instance" page appears. Click "Advanced Details" and set up a password (authentication key) for your Passware Kit Agent in the "User Data" field. In our example we type "12345" as a password:
Customize other settings if required. Click "Next: Add Storage." - At the "Step 4: Add Storage" page, choose the settings you need or leave the default settings:
Click "Next: Add Tags." - At the "Step 5: Add Tags" page, choose the settings you need or leave the default settings:
Click "Next: Configure Security Group." - At the “Step 6: Configure Security Group" page, create a new group as displayed below:
Or, you can choose an existing group, instead. The group should have two rules: “RDP” and “Custom UDP Protocol” with port 10776 (before 2024v1 - 10555).
Click "Review and Launch."
- At the “Step 7: Review" page, make sure you have selected the proper instance type, the security group has rules for “RDP” and “UDP/10776,” and the "User Data" field in the “Instance Details” section is not empty. Below is an example of the correct settings:
Click "Launch."
- For security reasons, set up a key pair. You can choose an existing pair or create a new one, as displayed below:
After you have created and downloaded the key pair or chosen an existing key pair, click "Launch Instances."
- The “Instance Launch Status” page appears:
The result of the instance launch is displayed below: - Go to "EC2 Management Console" and click “Instances.” Right-click on the running instance, select "Get Windows Password":
Locate your Key Pair file:
Click "Decrypt Password." Save the displayed fields: “Public DNS,” “User Name,” and “Password” for future reference:
Setting up the Passware Kit Agent on the Amazon Instance
- Using Remote Desktop Connection (RDP), connect to the running instance. Use “Public DNS,” displayed at the previous step, as a computer name:
- Apply a GPU driver timeout patch as instructed at:
https://support.passware.com/hc/en-us/articles/115013622267-GPU-driver-timeout-patch/ - Download a Windows version of Passware Kit Agent from:
https://www.passware.com/distributed/free - Install the Passware Kit Agent on the remote computer. Make sure to enable option "Start Passware Kit Agent when Windows starts," as displayed below:
- Set a new system variable. Right-click on the Start menu, choose “System,” click “Advanced system settings | Environment Variables….” Below the “System variables” section, click
“New…” and set “1” for variable “PASSWARE_AGENT_AMAZON_MODE,” as displayed below: - Set an auto-login option. Right-click on the Start menu, choose “Run,” type "netplwiz," then click “OK.” The following window appears:
At the "Users" tab, uncheck option "Users must enter a user name and password to use this computer," then click “OK.”
At the "Automatically sign in" window, type the corresponding user account password:
- Shut down Windows and close the RDP connection.
- Go to "EC2 Management Console" and click “Instances.” Choose the stopped instance and start it by right-clicking the instance and choosing “Instance State | Start”:
Save "Public DNS (IPv4)" and "IPv4 Public IP" values from the “Description” tab below for future reference.
Running Passware Kit Forensic
- Run Passware Kit Forensic. At “Tools | Options | Hardware” enable option "Network and Amazon Cloud Units," then click "+ Amazon Unit." In the "Public IP" field, type the "Public DNS (IPv4)" or "IPv4 Public IP" value from the previous step. In the "Аuthentication Key" field, type the password from Step 8 of these instructions:
Click "Add Unit," then “Save.”
NOTE: To avoid typing a new Amazon Agent IP each time you run an Amazon instance, you have the option to purchase a static IP address.
- Launch a password recovery process with Passware Kit. The Amazon Agent is displayed at the “Resources” tab:
The “Log” tab also displays the status of the Amazon Agent: - If you need to change the password for your Amazon instance, go to "EC2 Management Console," right-click on the required instance, stop it, then click "View/Change User Data":
Change the password and click “Save”:
NOTE: After the instance is launched, you will be charged by Amazon. Make sure to stop the instance after the password is recovered or when you no longer need to run the Amazon Agent.
Linux-Based AMI
Launching an Amazon Instance
- Create an Amazon Web Services account at: https://aws.amazon.com
- Sign in to your AWS account at: https://console.aws.amazon.com. The following start screen appears:
NOTE: Your account region affects how many instances of a particular type you may launch simultaneously. Refer to the “Limits” section at the “EC2 Management Console.” Make sure your desired instance is not limited there. The options in the top right corner will allow you to change your region.
- Pick up the “Elastic Compute Cloud” service, either by typing “EC2” in the search field, or by clicking "All Services -> Compute -> EC2":
- The “EC2 Management Console” page appears. Click "Launch Instance":
- The “Step 1: Choose AMI” page appears:
Choose any Linux-based AMI. For example, choose "Ubuntu 18.04 LTS – Bionic," then click "Select": - Read the AMI description and pricing information carefully. Click "Continue":
- The “Step 2: Choose Instance” page appears:
Choose the required type of instance by filtering them by “GPU Graphics.” In our example, we choose "g3.4xlarge." (this instance is no longer available in EC2). Refer to Step 2 to check the limitations for this instance based on your account region.
Click "Next: Configure Instance Details."
- The "Step 3: Configure Instance" page appears. Click "Advanced Details" and set up a password (authentication key) for your Passware Kit Agent in the "User Data" field. In our example, we type "12345" as a password:
Customize other settings if required. Click "Next: Add Storage." - At the "Step 4: Add Storage" page, choose the settings you need or leave the default settings:
Click "Next: Add Tags." - At the "Step 5: Add Tags" page, choose the settings you need or leave the default settings:
Click "Next: Configure Security Group." - At the “Step 6: Configure Security Group" page, create a new group, as displayed below:
Or, you can choose an existing group, instead. The group should have two rules: “SSH” and “Custom UDP Protocol” with port 10776 (before 2024v1 - 10555).
Click "Review and Launch."
- At the “Step 7: Review" page, make sure you have selected the proper instance type, the security group has rules for “SSH” and “UDP/10776,” and the "User Data" field in the “Instance Details” section is not empty. Below is an example of the correct settings:
Click "Launch."
- For security reasons, set up a key pair. You can choose an existing pair or create a new one, as displayed below:
After you have created and downloaded the key pair or chosen an existing key pair, click "Launch Instances."
- The “Instance Launch Status” page appears:
The result of the instance launch is displayed below: - Go to "EC2 Management Console" and click “Instances.” Right-click on the running instance, then select "Connect":
You can choose to connect with a Java SSH client directly from your browser, as displayed below:
However, the following instructions refer to option “Standalone SSH Client” (Putty):
Connecting to the Amazon Instance
- Download Putty from https://www.putty.org/ and install it on your computer.
- Run “puttygen.exe” from the Putty folder. Click “File | Load Private Key” and load the saved key from Step 13:
Click “Save Private Key” in order to save the key in Putty format: - Run “pageant.exe” from the Putty folder. Add the key generated at the previous step:
- Run “putty.exe” from the Putty folder. Type the Host Name from step 15:
Click “Open.”
- Log into the system as "ubuntu":
NOTE: These instructions refer to Ubuntu commands. If you run a different Linux distributive, use the corresponding system-specific commands.
Setting up the Passware Kit Agent on the Amazon Instance
- Install GPU drivers by running the following commands:
After the system restarts, login again with SSH, as in Step 20.$ sudo apt-get update
$ sudo apt install ubuntu-drivers-common ocl-icd-opencl-dev
$ sudo ubuntu-drivers autoinstall
$ sudo reboot
- Download a Linux version of Passware Kit Agent from:
https://www.passware.com/distributed/free/
The archive can be transferred to the instance by using the “pscp.exe” tool from the Putty folder. On the host computer, run the command:
$ pscp.exe passware-kit-agent-64bit.tar.gz ubuntu@<amazon_instance_public_ip>:/home/ubuntu/
Or, you can download the archive directly, instead. Run the following command:
$ wget https://demo.passware.com/files/passware-kit-agent-64bit.tar.gz
Extract the archive by running the command:
$ tar -xvzf passware-kit-agent-64bit.tar.gz
- Copy the following files to “folder /home/user”:
$ sudo mkdir -p /home/user
$ sudo cp passware-kit-agent-64bit/passware-kit-agent /home/user/passware-kit-agent
$ sudo cp passware-kit-agent-64bit/agent.conf /home/user/agent.conf
$ sudo cp passware-kit-agent-64bit/agentwrapper.sh /home/user/agentwrapper.sh
$ sudo /home/user/passware-kit-agent -l
Make sure Passware Kit Agent detects the GPU by running the following command:
"passware-kit-agent -l":
If no GPU cards are listed, refer to Step 21 and make sure the drivers are installed correctly.
- Set up the Passware Kit Agent as a daemon:
$ sudo cp passware-kit-agent-64bit/init-debian.sh /etc/init.d/passware-kit-agent
$ sudo update-rc.d passware-kit-agent defaults
Set up the firewall rules (port before 2024v1 -10555):
$ sudo ufw enable
$ sudo ufw allow ssh
$ sudo ufw allow 10776/udp
$ sudo ufw status
- Set up the environment variable. Open file “/etc/environment” for editing:
$ sudo vim /etc/environment
Add record “PASSWARE_AGENT_AMAZON_MODE=1” as displayed below:
- Set up the core dump generation:
$ echo "core.%t.%e.%p" | sudo tee /proc/sys/kernel/core_pattern
- If necessary, edit the configuration file of the Passware Kit Agent. Below are the instructions to create the simplest configuration file:
$ sudo mkdir -p /home/user/passware/settings
$ sudo mkdir -p /home/user/passware/tmp
$ sudo mkdir -p /home/user/passware/update
$ sudo vim /home/user/agent.conf
In Vim Editor, replace the contents of the “agent.conf” file with the following text:
[General]
AgentSettingsFolder = ./passware/settings
LogsFolder = ./passware/tmp
UpdatesFolder = ./passware/update
[Network]
ConnectionMode = auto
- Reboot the instance, either by running the SSH command "sudo reboot", or by going to "EC2 Management Console," clicking “Instances,” right-clicking the instance, and selecting “Instance State | Reboot”:
- Go to "EC2 Management Console" and click “Instances.” Choose the stopped instance and start it by right-clicking the instance and choosing “Instance State | Start”:
Save "Public DNS (IPv4)" and "IPv4 Public IP" values from the “Description” tab below for future reference.
Running Passware Kit Forensic
- Run Passware Kit Forensic. At “Tools | Options | Hardware” enable option "Network and Amazon Cloud Units" and click "+ Amazon Unit." In the "Public IP" field, type the "Public DNS (IPv4)" or "IPv4 Public IP" value from the previous step. In the "Аuthentication Key" field, type the password from Step 8 of these instructions:
Click "Add Unit," then “Save.”
NOTE: To avoid typing a new Amazon Agent IP each time you run an Amazon instance, you have the option to purchase a static IP address.
- Launch a password recovery process with Passware Kit. The Amazon Agent is displayed at the “Resources” tab:
The “Log” tab also displays the status of the Amazon Agent. - If you need to change the password for your Amazon instance, go to "EC2 Management Console," right-click the required instance, stop it, then click "View/Change User Data":
Change the password and click “Save”:
NOTE: After the instance is launched, you will be charged by Amazon. Make sure to stop the instance after the password is recovered or when you no longer need to run the Amazon Agent.
Comments
0 comments
Please sign in to leave a comment.