ohpc VS john

We have plenty of licensed RHEL, but in isolated environments the hurdle of connecting to a Satellite server or their subscription hub on the internet is too high -- at least with Rocky and the ilk available. For this set up, the licensing model doesn't match reality, at least not easily.

Are we really going to build out compatible configuration management, monitoring, logging, etc? -- it's not a seamless transition. How much time do we have to put towards this?

And yes -- there is software compatibility issues. Look at the OpenHPC software distribution, it's designed for SUSE or Enterprise Linux: https://github.com/openhpc/ohpc/wiki/2.X

I recommend you just stick with HPC centric tools are workflows. Your scientists aren’t going to learn k8s as you said. SLURM is the scheduler you want and if you’re new to HPC, I recommend taking a look at https://openhpc.community

the general consensus is that pam_slurm_adopt is the better module (that's just one dude's opinion but his citations are good) - the advantage is that not only will it gatekeep SSH access, it'll also drop their SSH session into the cgroups that are constraining the user's resource limits, which also means their CPU usage will show up in sacct for the job (if the user has multiple jobs running on a node their ssh session may get dropped into the wrong one, no help for that)

Check this: https://openhpc.community/ (this helped me a lot when I started. I'm no longer the admin of such systems)

Overall, if you're already in a RedHat-based environment, an installation of OpenHPC is pretty straightforward. Their reference implementation assumes you have a head node for the scheduler that all other nodes NAT through, but that's not a 100% requirement as much as a common setup. It also assumes you can reformat the compute nodes and dedicate them to HPC work, so if you need to keep the systems available as normal workstations, you'll need to deviate a bit. You could also use the OpenHPC instructions as a guide for what packages to install, but it may take longer to get everything right.

https://github.com/openhpc/ohpc/wiki/1.3.X Newer versions of OpenHPC don't seem to releasing XCat guides anymore unfortunately.

John The Ripper

🔗Kali Linux Wordlist: What you need to know 🔗crunch 🔗WordLists - Kali-Tools 🔗WordLists - GitLab - repository 🔗John - Kali-Tools . 🔗Openwall -github repository -John 🔗John-The-Ripper-Tutorial - Techy Rick 🔗Openwall -John - Offical Website . 🔗Hash Cat - Wiki 🔗Cap 2 Hashcat 🔗Markov - Chain 🔗Hash Cat - Forums 🔗Security Stack Exchange - Question 260773 🔗StationX - How to use Hashcat 🔗MSF/Wordlists - charlesreid 🔗MSFConsole 🔗How to use hashcat 🔗MSF/Wordlists - charlesreid1 🔗Where do the words in /usr/share/dict/words come from? 🔗SCOWL (Spell Checker Oriented Word Lists) 🔗The spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ 🔗password-encryption 🔗Secure-Programs SHA-1 🔗What-are-computer-algorithms 🔗What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com 🔗kali-linux-wordlist-what-you-need-to-know

Ok, both John the ripper, hashcat and other tools seem to support extracting the hash, or directly trying to discover the password.

With the root hash you can crack the root password using tools like John The Ripper[0]. More generally, I assume, this exploit can be used to read any arbitrary files on the system, bypassing regular access control, and plenty of other stuff you aren't supposed to be able to do as a non-privileged user.

0: https://www.openwall.com/john/

use (John the Ripper)[https://github.com/openwall/john] and (rockyou.txt)[https://github.com/rockyou.txt]

this actually seems to have been reported as a bug and fixed years ago but it is still affecting me on a version freshly downloaded from the AUR, is there a way around this or another program i can use?

John the Ripper

Since I used to work for the employer in question, I decide to crack my own password-protected pay statements. I downloaded and built John the Ripper jumbo and then all I had to do was run a few commands after looking at the documentation, and there was my SIN number almost instantly.

However, most credential brute forcing takes place offline against a leaked database from some site. A program like John the Ripper is used to try hashing each word in a dictionary until it matches the entries in the database. Because this all happens offline, there's no mechanism in place to delay the attempts or lock the user out.