Renting GPUs to Crack Password Hashes

Khalid Almuraykhi


When you need to crack password hashes with tools like Hashcat, you usually use your computer or one of your cloud instances. However, to crack password hashes more efficiently with high cracking speed, you need powerful GPUs, and those can be very expensive to buy and may not be affordable to everyone. One of the solutions is to rent cloud instances that have powerful GPUs to do the cracking you need without having to spend a lot of money. This blog will showcase how to rent cloud instances with powerful GPUs (like GeForce RTX3090) to crack password hashes with Hashcat using distributed password cracking.

What is Distributed Password Cracking?

Distributed Password Cracking means you can use and link multiple machines together to run Hashcat and crack the same password hashes. This results in significant password cracking speed that can crack any 8-character password complexity in a few minutes using pure password brute-force. The more machines you link together for password cracking, the faster.

Distributed Password Cracking Tools

There are different tools that support distributed password cracking, most of them use Hashcat engine underneath. One of these tools that extend Hashcat to perform distributed password cracking is Hashtopolis, which we will use in our illustration here as we rent some cloud instances with powerful GPUs and use them there for distributed password cracking.

Please note that you can still follow the article if you have powerful local machines and skip the renting part.


The following description is from the Hashtopolis Github page:

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts:

  • Agent: Python client, easily customizable to suit any need.
  • Server: several PHP/CSS files operating on two endpoints: an Admin GUI and an Agent Connection Point
To install Hashtopolis server, you can follow the tool's wiki page on GitHub.

After installation is finished, you should be able to access the server on port 80 as shown below:
As mentioned above, Hashtopolis works in two parts: server and agent. In the server, you can control the agents and their tasks. On the instances with powerful GPUs, you will install those agents to connect to Hashtopolis server.

For the Hashtopolis server, we have installed it on an instance on DigitalOcean. The agents, however, need to be installed on instances that have powerful GPUs to utilize Hashcat strength to the fullest.

Where to Rent Powerful GPUs?

There are public hosting services that provide you with machines with powerful GPUs, like Amazon and In our case here, we will use as it is easier and cheaper.

As you can see below from, you can rent any machine based on the hardware you need (the more powerful the more expensive the rent):
Renting GPUs and Setting Up the Agents

First, we will rent some GPUs to install our agents on. Before that, let us first show how to automate this process since each machine will need an agent installed.

The agent will be downloaded on the GPU instance then we will provide the URL for the API mentioned at the top, and you will create a new voucher. By default, each agent requires a new voucher, which will be inefficient for our case:
However, there is an option to change that to install multiple agents using one voucher. To do that, go to "Config" then "Server." After that, check that the voucher can be used multiple times:
Now login to your account in and ensure you have a balance to rent machines.

Select your Docker Image from the list or use any docker-machine supported by docker pull (we chose nvidia/opencl):
Select the version:
After that, write your auto-start script so that the agent will connect to the server without you needing to interact with the agent:
The below machines are the ones we rented:
Now when we access our server (hosted on DigitalOcean), we will find our agents (hosted on connecting back to us:
Let's assume we were able to acquire this NTLM hash (BBF915C52E88C1B8D004FA04607C0E46) and the password policy for Active Directory has a minimum 8 characters length. Our objective is to try to brute-force all password possibilities for passwords of length 8 characters (including numbers, small letters, capital letters, and special characters).

Let us create a new Hashlist in which you can create the hash type and the hash for cracking. Go to "Lists" and then "Hashlists":
Give a name for this Hashlist, then choose the hashtype and paste your hash or upload the files of hashes.
Then go to "Tasks" and create "New Task":
Here you specify the task name and what Hashlist you want to crack as well as the Hashcat command. We used brute-force (trying all possibilities), but if you prefer, you can use wordlists, rules, or any other options. You can also upload your file first in the files tab. You can specify the priority if you have more than one task.
Click on the task which you created:
Scroll down until the "Assigned agents":
Now the task was run and completed, and the hash was cracked successfully. As shown below, it only took around 4 minutes to brute-force over 360 billions of password possibilities (360,000,000,000+). We were able to obtain the cleartext password of the NTLM hash BBF915C52E88C1B8D004FA04607C0E46 and it is Kh@lid88.
We run another example as shown below with a different hash:
Also this second hash was successfully cracked and it took 4 minutes only as well. The difference between Task1 and Task2 is that Task2 has more machines, and the password was found in 70% of the search space. Unlike Task1, which was found in 49% of the search space. The cost was around 5$ only for both tasks.

This article showed how to use Hashtopolis with and the ability to crack a password with 1 to 8 characters with only a few dollars. The distributed password crackers GPUs worked together to crack the hash and took only 4 minutes to brute-force an 8-character password of different complexities.

Share this blog
Follow us
Advance your skills by reading the latest blog created by our team.
Other Blogs