I've always been fascinated by brute force attacks and the tech behind it. For quite some time now, I've been using my Unix-based virtual machine to crack the hashes that I find throughout my CTF journey. Recently, I was speaking to one of my co-workers regarding this and he suggested to use my host pc instead.
I stopped gaming couple months ago and I have an RTX 2080 that's doing nothing other than running a couple virtual machines. Thus, I've decided to try and use my graphics card to crack some hashes!
A GPU has hundreds of cores that can be used to compute mathematical functions in parallel. A CPU usually has 4-8 cores. Although a CPU core is much faster than a GPU core, password hashing is one of the functions that can be done in parallel very easily. This is what gives GPUs a massive edge in cracking passwords.
To aid in password cracking, the open source project HASHCAT was born! It was known as the Advanced Password Recovery Tool. The time it may take to crack a password will vary from a few hours to thousands of years, depending on the type of hash involved (which crypto technology was used) and the character length of the original password. That is why I'm going to try and speed it up with the help of my GPU.
HashCat Installation
This is pretty straight forward as they have compiled binaries and executables on their website. However, the problem lies in the driver and its version. OpelCL drivers can cause lots of issues where it may result in hashcat now being able to detect the GPU for cracking.
I first went ahead and got the latest driver that was available for my GPU from here.
Its labeled as Game Ready as RTX 2080 is a gaming oriented card 😢.
Once that's done, I proceeded to get the latest HashCat binaries from their site.
Followed by that, I had to confirm if my GPU was detected by HashCat.
HashCat's man page reveals that the option -I can be used to list info regarding detected backend API devices.
😢Yes I'm running windows on my host machine. Would love to switch but....Office Suite😡😈
Now that my devices was detected and ready to go, I went ahead and created some hashes to crack!
Password Cracking
I will be using this word list to crack all of the passwords in the next few sections. This wordlist might be a little outdated. However, it was heavily used in CTF-like environments. [RockYou.Txt]
MD5
For the MD5 hash, I will be trying to crack the password superman.
HashCat Cracking
The MD5 hash was cracked in less than a second and program ran through over 3 million words throughout that timeframe.
SHA2-256
For the SHA2-256 hash, I will be trying to crack the password 2adorable4u.
HashCat Cracking
The program was able to run through over 12 million entries within less than a second and crack the hash!
NTLM
For the NTLM hash, I will be trying to crack the password $coke$.
HashCat Cracking
NTLM cracking took a second but was able to run through a little over 12 million entries in that given period.
Comparison
Cracking VIA GPU
Cracking VIA CPU (Virtual Machine)
GPU Cracking took about 57 seconds whereas cracking with the CPU took about 11.5 Minutes
Conclusion
Even super strong hashing techniques cant save weak passwords 😿! I was able to learn that I can possibly crack passwords at a faster rate by using my GPU which was previously used to run call of duty and valorant😂. Its fascinating what technologies can be used for nowadays. I could either use it to harmlessly play video games or go around cracking hashes 😈! But then again, this was just for my learning :) Looking forward to doing more with these kinda techhh.
~Nee