SlideShare a Scribd company logo

Password Auditing Framework White Chapel

Rob Fuller
Rob Fuller

An intro to the White Chapel password auditing framework project found here: https://github.com/mubix/WhiteChapel

1 of 25
Download to read offline
White Chapel Password Auditing Framework
Current State of Password Cracking 1. Get hashes 2. Crack hashes!! With GPUs!! 3. ... 4. Profit! Ok... and then what...
The 'dark side' to Password Cracking ● Dump/Cracked are either deleted or left scattered around the cracking box ● Clear-text passwords never make it to password cracking box for addition to dictionaries (don't need to be cracked) ● Each team member uses their own methods, tools, and dictionaries
The 'dark side' to Password Cracking - cont'd ● Running the same dictionary over and over is a waste of computer time ● Cross-hash knowledge is that golden nugget that gets forgotten ○ Password "P#$$w0rd1259_%" cracked because LM stored, isn't checked against MySQL hash and goes uncracked because hash type is unrealistic to brute to 14 characters
But why not use one of the online hash databases? ● No way I'm going on unemployment for divulging internal passwords to a 3rd party. ● For the most part they don't allow upload of files ( pwdump / shadow / dictionary ) to do mass lookups/adds ● Not open source. I don't know what or where the things I'm looking up go
What about #{hash_cracking_tool} ● WhiteChapel doesn't try to replace or do cracking better, John The Ripper and Hashcat have teams and community support. ○ Not to mention WAY better at math than me ● WhiteChapel should just be your first (check for any known passwords instantly) and last (import all of your known passwords) stop on the password cracking train
Enter White Chapel my solution to those issues
White Chapel 0.1
White Chapel 1.0
Problem 1: No centralized storage ● WhiteChapel uses ElasticSearch as a backend "database" of passwords and hashes
Problem 2: Clear-Text Passwords ● WhiteChapel allows you to input either dictionaries or single passwords through an easy to use web interface
Problem 3: No team collaboration ● WhiteChapel utilizes a centralized, yet easily clustered Elastic Search backend. ● Joe imports their dictionary ● Alice adds the 20 character password they found in a text file ● Joe finds a MySQL hash that matches that 20 character password ● Alice finds 20 extra passwords using WhiteChapel's mass-lookup due to Joe's dictionary contribution
Problem 4: Re-running same dictionary ● WhiteChapel enables upload of pwdump and hashlist files, this allows for near instant searching of hashes stored in whitechapel, no matter the hash type's cracking speed ● Since ElasticSearch can easily handle billions of what it calls "documents", this can out-pace standard cracking tools
Problem 5: Cross-hash knowledge ● Since WhiteChapel generates all of the supported hash types for all of the passwords inputted, finding where users have re-used passwords can result in new findings ● This is mostly useful beyond the threshold of standard brute-force lengths (passwords over 10 characters) and saves you time processing a "found pass" dictionary.
Installation & Startup
Installation Steps (Dependencies) 1. Ruby 2. ElasticSearch a. Download then run ./bin/elasticsearch -f b. Requires Java or OpenJDK c. http://www.elasticsearch.org/download/ 3. Redis Server a. Download then run ./redis-server --foreground b. http://redis.io/download Both of those options are foreground running, works in screen, but each OS has service based options
Installation Steps 1. git clone repo a. edit elastic.conf for elasticsearch ip/port if different b. edit Rakefile for redis ip/port if different 2. bundle install (to pull ruby gems)
Start the app, queue system and one worker 1. foreman start
Expanding... ● Start more elasticsearch servers ○ elasticsearch/bin/elasticsearch -f ● Start more redis servers ○ redis/redis-server --foreground ● Start more redis-resque workers ○ ./scripts/start_worker.sh ● Start another Sinatra front-end ○ ruby app.rb
Infrastructure
Single-box Setup Sin atr aq e eu ue qu ries ela o sti st cs e rd arc wo h ss pa ds ad tra m na fro rch Si es a sh ticse ha s es ela rat o ne s int ge d Redis worke rp rk er fee passwords fr ulls wo and om queue is d ed wor R ss pa
Scaled Setup
Uber - Scaled Setup
end http://github.com/mubix/whitechapel

Recommended

Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesKislaychd
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesVi Tính Hoàng Nam
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPallavi Sonone
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Listings Update
Listings UpdateListings Update
Listings UpdateTeachStreet
 

Recommended

Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesKislaychd
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesVi Tính Hoàng Nam
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPallavi Sonone
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Listings Update
Listings UpdateListings Update
Listings UpdateTeachStreet
 
From idea to exit
From idea to exitFrom idea to exit
From idea to exitNatalie Downe
 
Cascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile BasinCascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile BasinAna Cascao
 
Anger
AngerAnger
Angersutrisno2629
 
Awebowey!!! Agosto2009
Awebowey!!! Agosto2009Awebowey!!! Agosto2009
Awebowey!!! Agosto2009Adrián Chávez
 
Animo3
Animo3Animo3
Animo3sutrisno2629
 
Cascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile BasinCascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile BasinAna Cascao
 
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08guest716604
 
Christmas
ChristmasChristmas
Christmasauladeinformatica7
 
Classification Station
Classification StationClassification Station
Classification StationJake Kotter
 
Profession
ProfessionProfession
Professionsutrisno2629
 
Corporate Lessons
Corporate LessonsCorporate Lessons
Corporate Lessonssutrisno2629
 
Sponges&Cnidarians 08
Sponges&Cnidarians 08Sponges&Cnidarians 08
Sponges&Cnidarians 08Erin Nash
 
My Chemical Romance
My Chemical RomanceMy Chemical Romance
My Chemical Romancecarolina mieses
 
Bingo Numbers
Bingo NumbersBingo Numbers
Bingo Numbersauladeinformatica7
 
The Changing Landscape of Public Relations
The Changing Landscape of Public RelationsThe Changing Landscape of Public Relations
The Changing Landscape of Public RelationsGlen Turpin
 
Cascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile BasinCascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile BasinAna Cascao
 
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...Ana Cascao
 
10 Roses
10 Roses10 Roses
10 Rosessutrisno2629
 
PP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van KoolwijkPP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van Koolwijkmkoolwijk
 
Evaluating of an education program
Evaluating of an education programEvaluating of an education program
Evaluating of an education programu068717
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsRob Fuller
 

More Related Content

Viewers also liked

Cascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile BasinCascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile BasinAna Cascao
 
Cascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile BasinCascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile BasinAna Cascao
 
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08guest716604
 
Classification Station
Classification StationClassification Station
Classification StationJake Kotter
 
Sponges&Cnidarians 08
Sponges&Cnidarians 08Sponges&Cnidarians 08
Sponges&Cnidarians 08Erin Nash
 
The Changing Landscape of Public Relations
The Changing Landscape of Public RelationsThe Changing Landscape of Public Relations
The Changing Landscape of Public RelationsGlen Turpin
 
Cascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile BasinCascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile BasinAna Cascao
 
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...Ana Cascao
 
PP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van KoolwijkPP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van Koolwijkmkoolwijk
 
Evaluating of an education program
Evaluating of an education programEvaluating of an education program
Evaluating of an education programu068717
 

Viewers also liked (20)

From idea to exit
From idea to exitFrom idea to exit
From idea to exit
 
Cascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile BasinCascao&Conway Stockholm Doube Faced Cooperation Nile Basin
Cascao&Conway Stockholm Doube Faced Cooperation Nile Basin
 
Anger
AngerAnger
Anger
 
Awebowey!!! Agosto2009
Awebowey!!! Agosto2009Awebowey!!! Agosto2009
Awebowey!!! Agosto2009
 
Animo3
Animo3Animo3
Animo3
 
Cascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile BasinCascao Arava Hydropolitical Cooperation Nile Basin
Cascao Arava Hydropolitical Cooperation Nile Basin
 
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
Evolving a strategy.. Madan Padaki Nasscom Emerge Conference 29 Sept08
 
Christmas
ChristmasChristmas
Christmas
 
Classification Station
Classification StationClassification Station
Classification Station
 
Profession
ProfessionProfession
Profession
 
Corporate Lessons
Corporate LessonsCorporate Lessons
Corporate Lessons
 
Sponges&Cnidarians 08
Sponges&Cnidarians 08Sponges&Cnidarians 08
Sponges&Cnidarians 08
 
My Chemical Romance
My Chemical RomanceMy Chemical Romance
My Chemical Romance
 
Bingo Numbers
Bingo NumbersBingo Numbers
Bingo Numbers
 
The Changing Landscape of Public Relations
The Changing Landscape of Public RelationsThe Changing Landscape of Public Relations
The Changing Landscape of Public Relations
 
Cascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile BasinCascao London Resisting Hegemony Nile Basin
Cascao London Resisting Hegemony Nile Basin
 
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
AEGIS Conference of African Studies 2011 - Uppsala [The Nile River Basin: in ...
 
10 Roses
10 Roses10 Roses
10 Roses
 
PP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van KoolwijkPP pechicutcha Mart van Koolwijk
PP pechicutcha Mart van Koolwijk
 
Evaluating of an education program
Evaluating of an education programEvaluating of an education program
Evaluating of an education program
 

More from Rob Fuller

Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsRob Fuller
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersRob Fuller
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish TurnsRob Fuller
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRob Fuller
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxRob Fuller
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 HoursRob Fuller
 

More from Rob Fuller (16)

Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's Assets
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
 
GiTFO
GiTFOGiTFO
GiTFO
 
NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for Pentesters
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish Turns
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual Pwnership
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNS
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: Firefox
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 

Password Auditing Framework White Chapel

  • 2. Current State of Password Cracking 1. Get hashes 2. Crack hashes!! With GPUs!! 3. ... 4. Profit! Ok... and then what...
  • 3.
  • 4. The 'dark side' to Password Cracking ● Dump/Cracked are either deleted or left scattered around the cracking box ● Clear-text passwords never make it to password cracking box for addition to dictionaries (don't need to be cracked) ● Each team member uses their own methods, tools, and dictionaries
  • 5. The 'dark side' to Password Cracking - cont'd ● Running the same dictionary over and over is a waste of computer time ● Cross-hash knowledge is that golden nugget that gets forgotten ○ Password "P#$$w0rd1259_%" cracked because LM stored, isn't checked against MySQL hash and goes uncracked because hash type is unrealistic to brute to 14 characters
  • 6. But why not use one of the online hash databases? ● No way I'm going on unemployment for divulging internal passwords to a 3rd party. ● For the most part they don't allow upload of files ( pwdump / shadow / dictionary ) to do mass lookups/adds ● Not open source. I don't know what or where the things I'm looking up go
  • 7. What about #{hash_cracking_tool} ● WhiteChapel doesn't try to replace or do cracking better, John The Ripper and Hashcat have teams and community support. ○ Not to mention WAY better at math than me ● WhiteChapel should just be your first (check for any known passwords instantly) and last (import all of your known passwords) stop on the password cracking train
  • 8. Enter White Chapel my solution to those issues
  • 11. Problem 1: No centralized storage ● WhiteChapel uses ElasticSearch as a backend "database" of passwords and hashes
  • 12. Problem 2: Clear-Text Passwords ● WhiteChapel allows you to input either dictionaries or single passwords through an easy to use web interface
  • 13. Problem 3: No team collaboration ● WhiteChapel utilizes a centralized, yet easily clustered Elastic Search backend. ● Joe imports their dictionary ● Alice adds the 20 character password they found in a text file ● Joe finds a MySQL hash that matches that 20 character password ● Alice finds 20 extra passwords using WhiteChapel's mass-lookup due to Joe's dictionary contribution
  • 14. Problem 4: Re-running same dictionary ● WhiteChapel enables upload of pwdump and hashlist files, this allows for near instant searching of hashes stored in whitechapel, no matter the hash type's cracking speed ● Since ElasticSearch can easily handle billions of what it calls "documents", this can out-pace standard cracking tools
  • 15. Problem 5: Cross-hash knowledge ● Since WhiteChapel generates all of the supported hash types for all of the passwords inputted, finding where users have re-used passwords can result in new findings ● This is mostly useful beyond the threshold of standard brute-force lengths (passwords over 10 characters) and saves you time processing a "found pass" dictionary.
  • 17. Installation Steps (Dependencies) 1. Ruby 2. ElasticSearch a. Download then run ./bin/elasticsearch -f b. Requires Java or OpenJDK c. http://www.elasticsearch.org/download/ 3. Redis Server a. Download then run ./redis-server --foreground b. http://redis.io/download Both of those options are foreground running, works in screen, but each OS has service based options
  • 18. Installation Steps 1. git clone repo a. edit elastic.conf for elasticsearch ip/port if different b. edit Rakefile for redis ip/port if different 2. bundle install (to pull ruby gems)
  • 19. Start the app, queue system and one worker 1. foreman start
  • 20. Expanding... ● Start more elasticsearch servers ○ elasticsearch/bin/elasticsearch -f ● Start more redis servers ○ redis/redis-server --foreground ● Start more redis-resque workers ○ ./scripts/start_worker.sh ● Start another Sinatra front-end ○ ruby app.rb
  • 22. Single-box Setup Sin atr aq e eu ue qu ries ela o sti st cs e rd arc wo h ss pa ds ad tra m na fro rch Si es a sh ticse ha s es ela rat o ne s int ge d Redis worke rp rk er fee passwords fr ulls wo and om queue is d ed wor R ss pa
  • 24. Uber - Scaled Setup