Thursday, May 31, 2012

GPU password cracking while you game

The other day I was on oclhashcat's website and I noticed one of their advertised features is" Low resource utilization, you can still play games while cracking " which intrigued me, so I figured I'd setup hashcat on my gaming machine and see how it was able to perform. I found a copy of the hashes obtained from the breach and did a simple dictionary attack against it just to see how fast it would perform. The results were pretty promising. Keep in mind that I am using my personal gaming machine that was built on a budget. I think I spent less than $600 for it all. I won't post the full specs, but the video card I am using is a GeForce GTX 460. Let's see how far we were able to push hashcat.

So 4 1/2 million computations per second...not bad! The GPU utilization shows it hovering between 80% and 90%. Granted this is without doing any mangling rules, but is still an impressive number. In case you were wondering I left it running while I played some Diablo 3 and didn't notice any significant impact on the game, although hashcat did slow down a bit while playing. It looks like you can indeed crack passwords and game at the same time.

After getting to know hashcat a bit, I decided to see how well it could crack passwords. Up until this point the only tools I had used for password cracking were John the ripper and Cain.

I took the hashes from the breach and passed a sorted and prioritized dictionary (sorted so the most common passwords are used first, etc.) and did a test to see how many passwords it would get in a second. Here's what I got:

In 1 minute out of 118k we were able to get 21k passwords. Hmm...that's pretty good, let's let it sit for a little longer and see what we can get. I checked back in at the 5 minute mark:

72,937 passwords recovered in 5 minutes. In 5 minutes we were able to recover more than 60% of all the passwords. This is also with a single word list and no mangling rules. Well, if we let it run for the full half hour and go through the word list without any rules, what do we end up getting?

Not too much better sadly. The final number is 75,837 or 64% of the passwords. Not too bad for a 1/2 hour's worth of work.

Let's start utilizing the power of mangling rules now. Just using the stock mangling rules that come with hashcat (in this example i'm using the best64 and the passwordspro rules) let's feed the passwords back into hashcat

After the first pass we jump up to 83k, after the 2nd pass we jump up to 86k. At this point we've spent about 40 minutes attacking these hashes.

Well, that's the time I have to cover hash cat. If you have any questions feel free to leave comments and ask questions.