Cheap Hash cracking in the cloud

Posted: Friday October 10 2014 @ 11:04am  in Category: Software

As a penetration tester, sometimes you need to check the password strength of a few Hashes you gathered. Why not using AWS for testing your hashes instead of buying expensive hardware?

So, here's my recipie, it's very simple to set up. Follow one of the 'getting-started' tutorials available for Amazon Web Services to get your SSH keys, setup firewall rules, and run the following script to start a nice G2.2xlarge GPU instance:

#!/bin/bash -x

# aws-marketplace/amzn-ami-graphics-hvm-2013.09.1.x86_64-ebs
AMI=ami-1b597c72

ec2-run-instances $AMI -z us-east-1d -k yoursshkey -g yourfwrules -t g2.2xlarge > instances
sleep 10
while true; do
    ec2-describe-instances > instances
    grep running instances && break
    sleep 5
done
INST=`cat instances
grep running
sed -n 1p
cut -f 2`
IP=`cat instances
grep running
sed -n 1p
cut -f 4`

ssh -i yoursshkey.pem ec2-user@$IP "cd /tmp
wget http://rpmfind.net/linux/epel/6/x86_64/p7zip-9.20.1-2.el6.x86_64.rpm
wget http://hashcat.net/files/cudaHashcat-1.31.7z
sudo rpm -ivh p7zip*.rpm
7za x cudaHashcat-1.31.7z
ls
"

Now your virtual server is ready for oclHashcating :-) just run a few commands like this:

ssh -i yoursshkey.pem ec2-user@$IP "cd /tmp/XXXXX
./cudaHashcat-plus64.bin -a 3  20794edc2e5c77a6775f74a5d731fdb5"

What performance do you get for $0.65/hour? About 1.4GH/s for MD5 and 2GH/s for NTLM. Enough to brute force most 8 chars passwords in less than one hour.

Session.Name...: cudaHashcat-plus
Status.........: Running
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3) [8]
Hash.Target....: 20794edc2e5c77a6775f74a5d731fdb5
Hash.Type......: MD5
Time.Started...: Thu Nov 28 19:58:53 2013 (5 secs)
Time.Estimated.: Thu Nov 28 21:06:09 2013 (1 hour, 5 mins)
Speed.GPU.#1...:  1465.6 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 8053063680/5533380698112 (0.15%)
Rejected.......: 0/8053063680 (0.00%)
HWMon.GPU.#1...: 99% Util, 78c Temp, -1% Fan

...
...

Session.Name...: cudaHashcat-plus
Status.........: Running
Input.Mode.....: Mask (?1?2?2?2?2?2?2) [7]
Hash.Target....: b4b9b02e6f09a9bd760f388b67351e2c
Hash.Type......: NTLM
Time.Started...: Thu Nov 28 20:21:21 2013 (5 secs)
Time.Estimated.: Thu Nov 28 20:22:32 2013 (1 min, 2 secs)
Speed.GPU.#1...:  2039.2 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 11408506880/134960504832 (8.45%)
Rejected.......: 0/11408506880 (0.00%)
HWMon.GPU.#1...: 99% Util, 66c Temp, -1% Fan

oclHashCat lite should be even faster but I had problems running it on AWS, and of course you can easily write a script to start a distributed hash brute force on multiple AWS instances.

Have fun!

Bookmark and Share

RSS 2.0 Feed