GPU Password Cracking

TL;DR

This guide shows you how to use a graphics card (GPU) to speed up password cracking. It covers installing Hashcat, finding the right hash type, and running basic attacks. Warning: Using these tools against systems without permission is illegal.

1. Install Hashcat

Hashcat is a popular tool for password cracking that supports GPUs. The installation process varies depending on your operating system:

• Windows: Download the installer from the official website and follow the instructions.
• Linux (Debian/Ubuntu): Use apt:

  sudo apt update
  sudo apt install hashcat

• macOS: Download from the official website or use a package manager like Homebrew.

2. Identify the Hash Type

You need to know what type of hash you’re dealing with (e.g., MD5, SHA256, bcrypt). This information is crucial for telling Hashcat how to crack it.

• If you have a password dump: Look for clues in the file name or documentation.
• If you’re attacking a live system: You might need to research the application or service to find out what hashing algorithm it uses. Common hash types and their Hashcat modes are listed here.

3. Basic Attack with a Wordlist

The simplest attack uses a wordlist – a file containing potential passwords.

1. Download a wordlist: RockYou.txt is a common choice, but it’s large (several GB). You can find it online or create your own.
2. Run Hashcat: Use the following command as an example:

   hashcat -m 0 hashfile wordlist.txt

   • `-m 0` specifies MD5 (change this to match your hash type).
   • `hashfile` is the path to your file containing the hashes.
   • `wordlist.txt` is the path to your wordlist.

4. Using a Rule-Based Attack

Rules modify words from a wordlist, creating more potential passwords.

1. Download rules: Hashcat comes with several rule files (e.g., best64.rule). They are usually located in the rules/ directory within your Hashcat installation.
2. Run Hashcat with a rule:

   hashcat -m 0 hashfile wordlist.txt -r rules/best64.rule

   • `-r rules/best64.rule` applies the best64 rule set to your wordlist.

5. GPU Selection

Hashcat automatically detects and uses available GPUs. You can specify which GPUs to use with the --device option.

• List available devices:

  hashcat --devices

• Use specific GPUs:

  hashcat -m 0 hashfile wordlist.txt --device 0,1

  • `–device 0,1` uses GPU 0 and GPU 1.

6. Mask Attack

A mask attack tries all possible combinations of characters within a specified length.

1. Run Hashcat with a mask:

   hashcat -m 0 hashfile ?d?d?d?d?d?d

   • `?d` represents a digit (0-9). This example tries all 6-digit combinations.
   • You can use other characters like `?l` for lowercase letters, `?u` for uppercase letters, and `?s` for symbols.

7. Important Considerations

• Hashcat is resource-intensive: Password cracking can take a long time, even with a powerful GPU.
• Legal implications: Only crack passwords you have permission to test.
• Wordlist quality: The effectiveness of your attack depends heavily on the wordlist used.
• cyber security best practices: Strong, unique passwords are essential for protecting your accounts.