Introduction to GPU Hash Cracking

Regularly while we are surfing on the web we come across with a database cracking incident. If we take a closer look to the cracked passwords we realize that the top used passwords are pretty much the same. These kind of incidents lead us to the conclude that when it comes to passwords humans are predictable. Usually the chosen passwords are unoriginal, using variations of commonly used words (@dmin, p@33word, Password123 etc) and their length is from 1 to 9 in most cases. And on the top of that, many people use the same passwords across all of their web accounts and services, giving hackers access to everything they use. Most people think that they made a unique choice by changing common passwords to something slightly different (like password –> P@ssword321). Cracking tools that implement dictionary attacks with a rule engine, can very easily find these type of passwords. Until recently, the most commonly used dictionary and rule engine tools (like John the Ripper, HashCat etc.) are CPU based. Using modern multicore GPUs we can achieve more than x400 performance acceleration. And this is were cudaHashcat+ and oclhashcat+

Oclhashcat+ is a free dictionary based tool with a rule engine that runs completely on the GPU. Oclhashcat is multiplatform, supporting 32 & 64 bit Linux and Windows architectures providing four seperate .bin/.exe executables. The tool has seperate Cude and OCL versions in order to achieve better performance through code optimization for each architecture.

The full feature list is the following:

    • Free
    • Worlds fastest md5crypt and phpass cracker
    • Worlds first and only GPGPU based rule engine
    • Focuses highly iterated modern hashes
    • Focuses single dictionary based attacks
    • Supports reading words from file
    • Supports reading words from stdin
    • Multi-GPU (up to 16 gpus)
    • Multi-Hash (up to 24 million hashes)
    • Multi-OS (Linux & Windows native binaries)
    • Multi-Platform (OpenCL & CUDA support)
    • Multi-Algo (MD5, md5crypt, phpass, NTLM, DCC, …)

 

Oclhashcat+ supports the following algorithms:

    • MD5
    • phpass, MD5(WordPress), MD5(phpBB3)
    • md5crypt, MD5(Unix), FreeBSD MD5
    • MD4
    • NTLM
    • Domain Cached Credentials

Execution example:

root@testbed:Hashcat$ ./cudaHashcat+32.bin source.hash source.dict -r rules/best64.rule
cudaHashcat+ v0.03 starting...
Hashes: 12
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 64
Platform: NVidia compatible platform found
Device #1: GeForce G 105M, 511MB, 1600Mhz, 1MCU
NOTE: gpu-accel auto-adjusted to: 1
Device #1: Kernel ./kernels/4318/m0000.sm_11.32.cubin
Starting attack in wordlist_mode...
p:  0/12, cs:  1, cr:     0, cl: 10, rt:     21.12ms, s:  12410.36k/s
p:  0/12, cs:  1, cr:     0, cl:  9, rt:     21.20ms, s:  12364.12k/s
p:  0/12, cs:  1, cr:     0, cl:  7, rt:     22.21ms, s:  11802.44k/s
p:  0/12, cs:  1, cr:     0, cl:  7, rt:     20.56ms, s:  12748.33k/s
p:  0/12, cs:  1, cr:     0, cl:  8, rt:     21.08ms, s:  12437.44k/s
p:  0/12, cs:  1, cr:     0, cl:  6, rt:     21.36ms, s:  12270.94k/s
p:  0/12, cs:  1, cr:     0, cl:  7, rt:     22.34ms, s:  11732.19k/s
c871c3ade888d4fadde51e166454a1d9:AhojAhoj
p:  1/12, cs:  1, cr:     0, cl:  6, rt:     20.59ms, s:  12729.76k/s
a0fd873e8d4d6ea19923f8be7a4909c7:Michael2012
p:  2/12, cs:  1, cr:     0, cl:  5, rt:     21.58ms, s:  12146.98k/s
05c04e64497e59be1c0166255ea7c626:alvin2009
p:  3/12, cs:  1, cr:     0, cl:  8, rt:     22.23ms, s:  11790.23k/s
7b20de75b9f20a643ec236b6c684f59c:alexandre2005
e2a3f66b3de94593e2e0a6e5208b55af:anais20072007
d620cb449339aada319d5905e66d7924:azerty130
78e52c06c5357a97e44d616a21321942:augusto2007
p:  7/12, cs:  1, cr:     0, cl:  7, rt:     20.87ms, s:  12560.20k/s
0426b809c0ee71d48407bc86461688d9:brain01
b83d9eaac3770921ebf6dd0c550619c7:boxxer2008
7bf7234ba9620f43cf43c87c13e9a4f6:c0nc0rd1
p: 10/12, cs:  1, cr:     0, cl:  7, rt:     23.78ms, s:  11025.11k/s
p: 10/12, cs:  1, cr:     0, cl:  8, rt:     21.80ms, s:  12024.40k/s
5c6ff789510ac735385c86f24751f095:cortocorto
187655e4c9aff47ec2888f0cc2942efe:daniel179
Started: Mon Apr  4 01:43:55 2011
Stopped: Mon Apr  4 01:43:55 2011

 

Web Sources:

 

DISCLAIMER: I’m not responsible with what you do with this info. This information is for educational purposes only.

 

 

A. Bechtsoudis

1 Comment

[...] PACK we can analyze a password file and create attack masks for programs such as Hashcat (read my introductory post about using oclHashcat). In order to use PACK you will need a system with python support and psyco [...]