GPU Password Cracking Hype

by | Nov 7, 2014 | Password Cracking

Ditch the CPU for password cracking even if you have an overclocked Extreme Intel Core i7, they just aren’t made for password cracking since they only contain a small number of cores. Instead set your sights on a high powered graphics cards with with the primary aim of finding cards with a high number of cores, for instance the GeForce GTX TITAN Z features a whopping 5760 cores. Imagine the insane speeds of password cracking with all those cores working harmoniously in parallel to crack a password. A professional setup might include a few graphics cards per rig or if you are really serious you might want to branch out into a distributed cracking network using multiple machines.

I give you a real world example of how the GPU saves you so much time, on a recent an internal penetration test we conducted a wireless network assessment and part of this test was to assess the wireless password key strength and identify how easy it is to crack. We captured the all important WPA2 handshake and loaded up our password cracking software oclHastcat. We were using a relatively small password list that contained about 14,000,000+ passwords, using Hashcat which utilises the graphics card, we were able to munch through the entire list in about three and a half minutes. As a test we ran the same password list using aircrack-ng which utilises the CPU and the same key took 45 minutes to crack, an eternity! A larger 14GB password list was later used to actually crack the password, since our quick hit password list didn’t yield any promising results, always worth a try though :).

Hashcat Animation

Hashcat Animation

oclHashcat password cracker for the graphics card is a great piece of software that supports the the two major graphics card vendors AMD and Nvidea, it’s not just limited to wireless password cracking, it pretty much does it all from NTLM, MD5, SHA, Whirlpool, Truecrypt to name a few. Hashcat has two main types of attack which are dictionary attack and rule based brute-force attack. Be sure to check you have the latest graphics card drivers installed and checkout the benchmark feature.

So I leave you with the thought of… buy yourself a good Graphics Card or three 🙂

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

GitHub Activity

 

Follow JUMPSECLabs

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.

You may also like…

Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon

Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. We will give a brief explanation of the vulnerabilities and an example of Sysmon configuration rules to log exploitation attempts, along with the rationale behind them so you can adapt them to your existing configuration if needed.

Advisory CVE-2020-13769 – Ivanti Unified Endpoint Manager SQL injection

A number of web components in Endpoint Manager do not properly sanitize user input when executing SQL queries, leaving the application vulnerable to injection attacks towards the underlying database. On a standard installation with default options, the account used to query the database is database administrator.

Share This