Renting GPUs to Crack Password Hashes
Khalid Almuraykhi
15/9/2022
15/9/2022
Introduction
When you need to crack password hashes with tools like Hashcat, you usually use your computer or one of your cloud instances. However, to crack password hashes more efficiently with high cracking speed, you need powerful GPUs, and those can be very expensive to buy and may not be affordable to everyone. One of the solutions is to rent cloud instances that have powerful GPUs to do the cracking you need without having to spend a lot of money. This blog will showcase how to rent cloud instances with powerful GPUs (like GeForce RTX3090) to crack password hashes with Hashcat using distributed password cracking.
When you need to crack password hashes with tools like Hashcat, you usually use your computer or one of your cloud instances. However, to crack password hashes more efficiently with high cracking speed, you need powerful GPUs, and those can be very expensive to buy and may not be affordable to everyone. One of the solutions is to rent cloud instances that have powerful GPUs to do the cracking you need without having to spend a lot of money. This blog will showcase how to rent cloud instances with powerful GPUs (like GeForce RTX3090) to crack password hashes with Hashcat using distributed password cracking.
What is Distributed Password Cracking?
Distributed Password Cracking means you can use and link multiple machines together to run Hashcat and crack the same password hashes. This results in significant password cracking speed that can crack any 8-character password complexity in a few minutes using pure password brute-force. The more machines you link together for password cracking, the faster.
Distributed Password Cracking Tools
There are different tools that support distributed password cracking, most of them use Hashcat engine underneath. One of these tools that extend Hashcat to perform distributed password cracking is Hashtopolis, which we will use in our illustration here as we rent some cloud instances with powerful GPUs and use them there for distributed password cracking.
Please note that you can still follow the article if you have powerful local machines and skip the renting part.
Hashtopolis
The following description is from the Hashtopolis Github page:
Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts:
After installation is finished, you should be able to access the server on port 80 as shown below:
Distributed Password Cracking means you can use and link multiple machines together to run Hashcat and crack the same password hashes. This results in significant password cracking speed that can crack any 8-character password complexity in a few minutes using pure password brute-force. The more machines you link together for password cracking, the faster.
Distributed Password Cracking Tools
There are different tools that support distributed password cracking, most of them use Hashcat engine underneath. One of these tools that extend Hashcat to perform distributed password cracking is Hashtopolis, which we will use in our illustration here as we rent some cloud instances with powerful GPUs and use them there for distributed password cracking.
Please note that you can still follow the article if you have powerful local machines and skip the renting part.
Hashtopolis
The following description is from the Hashtopolis Github page:
Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts:
- Agent: Python client, easily customizable to suit any need.
- Server: several PHP/CSS files operating on two endpoints: an Admin GUI and an Agent Connection Point
After installation is finished, you should be able to access the server on port 80 as shown below:
As mentioned above, Hashtopolis works in two parts: server and agent. In the server, you can control the agents and their tasks. On the instances with powerful GPUs, you will install those agents to connect to Hashtopolis server.
For the Hashtopolis server, we have installed it on an instance on DigitalOcean. The agents, however, need to be installed on instances that have powerful GPUs to utilize Hashcat strength to the fullest.
Where to Rent Powerful GPUs?
There are public hosting services that provide you with machines with powerful GPUs, like Amazon and Vast.ai. In our case here, we will use Vast.ai as it is easier and cheaper.
As you can see below from Vast.ai, you can rent any machine based on the hardware you need (the more powerful the more expensive the rent):
For the Hashtopolis server, we have installed it on an instance on DigitalOcean. The agents, however, need to be installed on instances that have powerful GPUs to utilize Hashcat strength to the fullest.
Where to Rent Powerful GPUs?
There are public hosting services that provide you with machines with powerful GPUs, like Amazon and Vast.ai. In our case here, we will use Vast.ai as it is easier and cheaper.
As you can see below from Vast.ai, you can rent any machine based on the hardware you need (the more powerful the more expensive the rent):
Renting GPUs and Setting Up the Agents
First, we will rent some GPUs to install our agents on. Before that, let us first show how to automate this process since each machine will need an agent installed.
The agent will be downloaded on the GPU instance then we will provide the URL for the API mentioned at the top, and you will create a new voucher. By default, each agent requires a new voucher, which will be inefficient for our case:
First, we will rent some GPUs to install our agents on. Before that, let us first show how to automate this process since each machine will need an agent installed.
The agent will be downloaded on the GPU instance then we will provide the URL for the API mentioned at the top, and you will create a new voucher. By default, each agent requires a new voucher, which will be inefficient for our case:
However, there is an option to change that to install multiple agents using one voucher. To do that, go to "Config" then "Server." After that, check that the voucher can be used multiple times:
Now login to your account in Vast.ai and ensure you have a balance to rent machines.
Click "EDIT IMAGE & CONFIG…":
Click "EDIT IMAGE & CONFIG…":
Select your Docker Image from the list or use any docker-machine supported by docker pull (we chose nvidia/opencl):
Select the version:
After that, write your auto-start script so that the agent will connect to the server without you needing to interact with the agent:
The below machines are the ones we rented:
Now when we access our server (hosted on DigitalOcean), we will find our agents (hosted on Vast.ai) connecting back to us:
Let's assume we were able to acquire this NTLM hash (BBF915C52E88C1B8D004FA04607C0E46) and the password policy for Active Directory has a minimum 8 characters length. Our objective is to try to brute-force all password possibilities for passwords of length 8 characters (including numbers, small letters, capital letters, and special characters).
Let us create a new Hashlist in which you can create the hash type and the hash for cracking. Go to "Lists" and then "Hashlists":
Let us create a new Hashlist in which you can create the hash type and the hash for cracking. Go to "Lists" and then "Hashlists":
Give a name for this Hashlist, then choose the hashtype and paste your hash or upload the files of hashes.
Then go to "Tasks" and create "New Task":
Here you specify the task name and what Hashlist you want to crack as well as the Hashcat command. We used brute-force (trying all possibilities), but if you prefer, you can use wordlists, rules, or any other options. You can also upload your file first in the files tab. You can specify the priority if you have more than one task.
Click on the task which you created:
Scroll down until the "Assigned agents":
Now the task was run and completed, and the hash was cracked successfully. As shown below, it only took around 4 minutes to brute-force over 360 billions of password possibilities (360,000,000,000+). We were able to obtain the cleartext password of the NTLM hash BBF915C52E88C1B8D004FA04607C0E46 and it is Kh@lid88.
We run another example as shown below with a different hash:
Also this second hash was successfully cracked and it took 4 minutes only as well. The difference between Task1 and Task2 is that Task2 has more machines, and the password was found in 70% of the search space. Unlike Task1, which was found in 49% of the search space. The cost was around 5$ only for both tasks.
Conclusion
This article showed how to use Hashtopolis with Vast.ai and the ability to crack a password with 1 to 8 characters with only a few dollars. The distributed password crackers GPUs worked together to crack the hash and took only 4 minutes to brute-force an 8-character password of different complexities.
Conclusion
This article showed how to use Hashtopolis with Vast.ai and the ability to crack a password with 1 to 8 characters with only a few dollars. The distributed password crackers GPUs worked together to crack the hash and took only 4 minutes to brute-force an 8-character password of different complexities.
Share this blog
Follow us
Advance your skills by reading the latest blog created by our team.
Other Blogs