Fastest Password Cracking with 36 Cores Amazon Web Services (AWS)

Fastest password cracking with 36 cores amazon web services (AWS) Package name on AWS (c4.8xlarge) for some password cracking-related activities.
I’m sharing some benchmarks with hashcat and John the Ripper with 36 cores. In order to use 36 core instances, you’ll need to use an HVM (hardware virtual machine) enabled machine image. For that, we’re gonna need Ubuntu 14.04 LTS image.
How to setup hashcat?
Usually, the GPU version of hashcat is the tool of choice for me when it comes to password cracking. However, on this occasion, I was interested in experimenting and benchmarking with CPUs only.
The setup for multicore hashcat is pretty straightforward. Installing libgmp3-dev was required in order to run multicore. Multiple core support is provided by default. You’ll need to download p7zip-full to extract the download a bit further on (7z).
sudo apt-get update sudo apt-get install -y libgmp3-dev p7zip-full
After this, it was just a case of downloading and installing the latest version of hashcat.
wget http://hashcat.net/files/hashcat-0.49.7z 7z x hashcat-0.49.7z
The EULA needed to be accepted before proceeding with using hashcat, here’s a quick copy-paste way to get the prompt up, I guess:
./hashcat-cli64.bin -a 0 -m 0 examples/A0.M0.hash examples/A0.M0.word
‘OH NO! I got this!’
./hashcat-cli64.bin: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory
No, you didn’t, because you did the apt-get install from earlier…
Benchmarks
Benchmarking is simple enough with hashcat using the –benchmark or -b option. Here’s the output (it’s a bit long):
./hashcat-cli64.bin Initializing hashcat v0.49 with 36 threads and 32mb segment-size... Device...........: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz Instruction set..: x86_64 Number of threads: 36 Hash type: MD4 Speed/sec: 442.76M words Hash type: MD5 Speed/sec: 380.02M words Hash type: SHA1 Speed/sec: 218.86M words Hash type: SHA256 Speed/sec: 110.37M words Hash type: SHA512 Speed/sec: 43.28M words Hash type: SHA-3(Keccak) Speed/sec: 42.93M words Hash type: GOST R 34.11-94 Speed/sec: 24.99M words Hash type: SHA-1(Base64), nsldap, Netscape LDAP SHA Speed/sec: 219.19M words Hash type: SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Speed/sec: 197.88M words Hash type: descrypt, DES(Unix), Traditional DES Speed/sec: 10.54M words Hash type: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5 Speed/sec: 407.68k words Hash type: sha256crypt, SHA256(Unix) Speed/sec: 21.27k words Hash type: sha512crypt, SHA512(Unix) Speed/sec: 8.49k words Hash type: bcrypt, Blowfish(OpenBSD) Speed/sec: 25.86k words Hash type: Oracle 11g/12c Speed/sec: 197.28M words Hash type: NTLM Speed/sec: 370.22M words Hash type: DCC, mscash Speed/sec: 221.91M words Hash type: NetNTLMv1-VANILLA / NetNTLMv1+ESS Speed/sec: 356.85M words Hash type: NetNTLMv2 Speed/sec: 67.54M words Hash type: EPiServer 6.x < v4 Speed/sec: 180.62M words Hash type: EPiServer 6.x > v4 Speed/sec: 100.69M words Hash type: MSSQL(2000) Speed/sec: 177.41M words Hash type: MSSQL(2005) Speed/sec: 181.14M words Hash type: MSSQL(2012) Speed/sec: 41.34M words Hash type: MySQL323 Speed/sec: 624.65M words Hash type: MySQL4.1/MySQL5 Speed/sec: 120.88M words Hash type: Oracle 11g/12c Speed/sec: 197.77M words Hash type: OSX v10.4, v10.5, v10.6 Speed/sec: 200.04M words Hash type: OSX v10.7 Speed/sec: 42.08M words Hash type: OSX v10.8 / v10.9 Speed/sec: 655 words Hash type: Android PIN Speed/sec: 204.72k words Hash type: scrypt Speed/sec: 979 words Hash type: Cisco-PIX MD5 Speed/sec: 337.08M words Hash type: Cisco-ASA MD5 Speed/sec: 311.25M words Hash type: Cisco-IOS SHA256 Speed/sec: 110.45M words Hash type: Cisco $9$ Speed/sec: 6.95k words Hash type: WPA/WPA2 Speed/sec: 18.01k words Hash type: IKE-PSK MD5 Speed/sec: 75.24M words Hash type: IKE-PSK SHA1 Speed/sec: 34.08M words Hash type: Password Safe v3 Speed/sec: 58.87k words Hash type: AIX {ssha1} Speed/sec: 2.27M words Hash type: Radmin2 Speed/sec: 180.72M words Hash type: HMAC-MD5 (key = $pass) Speed/sec: 135.34M words Hash type: HMAC-MD5 (key = $salt) Speed/sec: 233.42M words Hash type: HMAC-SHA1 (key = $pass) Speed/sec: 66.68M words Hash type: HMAC-SHA1 (key = $salt) Speed/sec: 112.10M words Hash type: HMAC-SHA256 (key = $pass) Speed/sec: 30.67M words Hash type: HMAC-SHA256 (key = $salt) Speed/sec: 58.05M words Hash type: HMAC-SHA512 (key = $pass) Speed/sec: 11.45M words Hash type: HMAC-SHA512 (key = $salt) Speed/sec: 22.37M words Hash type: IPMI2 RAKP HMAC-SHA1 Speed/sec: 68.25M words Hash type: Half MD5 Speed/sec: 309.78M words Hash type: Double MD5 Speed/sec: 170.11M words Hash type: GRUB 2 Speed/sec: 2.33k words Hash type: phpass, MD5(WordPress), MD5(phpBB3), MD5(Joomla) Speed/sec: 292.59k words Hash type: Joomla < 2.5.18 Speed/sec: 313.02M words Hash type: osCommerce, xt:Commerce Speed/sec: 318.75M words Hash type: IPB2+, MyBB1.2+ Speed/sec: 142.57M words Hash type: vBulletin < v3.8.5 Speed/sec: 162.44M words Hash type: SMF > v1.1 Speed/sec: 200.07M words
John the Ripper
I compiled John from the source so there were a few extra steps involved. If I try this again at some point I’ll try and setup the community edition of John for some of the added functionality.
Setup
Since there’s some compiling to do I grabbed build-essential. libssl-dev is required for john.
apt-get update apt-get install build-essential make libssl-dev
Next, I pulled down the latest release of john the ripper (1.8.0 at the time of writing) and extracted it. If you’re using these notes in the future you might have to change the URL below (or at least check to see if there’s a newer version out).
wget http://www.openwall.com/john/j/john-1.8.0.tar.gz tar xvfz john*.tar.gz
Time to compile. The OMPFLAGS need to be uncommented in the make file.
cd john*/src/ vi Makefile
The following lines needed changing…
# gcc with OpenMP #OMPFLAGS = -fopenmp # gcc with OpenMP on 32-bit x86 with SSE2 #OMPFLAGS = -fopenmp -msse2
..to (lines uncommented):
# gcc with OpenMP OMPFLAGS = -fopenmp # gcc with OpenMP on 32-bit x86 with SSE2 OMPFLAGS = -fopenmp -msse2
After changing I saved the file and then run the following to compile.
make clean linux-x86-64
With any luck, the john binary will be in the run folder ready to be played with.
Benchmarks
John comes with a –test option for benchmarking.
./john --test Will run 36 OpenMP threads Benchmarking: descrypt, traditional crypt(3) [DES 128/128 SSE2-16]... DONE Many salts: 38810K c/s real, 1081K c/s virtual Only one salt: 28225K c/s real, 785700 c/s virtual Benchmarking: bsdicrypt, BSDI crypt(3) ("_J9..", 725 iterations) [DES 128/128 SSE2-16]... DONE Many salts: 1358K c/s real, 37751 c/s virtual Only one salt: 958464 c/s real, 27775 c/s virtual Benchmarking: md5crypt [MD5 32/64 X2]... DONE Raw: 318237 c/s real, 8881 c/s virtual Benchmarking: bcrypt ("$2a$05", 32 iterations) [Blowfish 32/64 X2]... DONE Raw: 25488 c/s real, 708 c/s virtual Benchmarking: LM [DES 128/128 SSE2-16]... DONE Raw: 88090K c/s real, 2462K c/s virtual Benchmarking: AFS, Kerberos AFS [DES 48/64 4K]... DONE Short: 520345 c/s real, 520345 c/s virtual Long: 1702K c/s real, 1702K c/s virtual Benchmarking: tripcode [DES 128/128 SSE2-16]... DONE Raw: 16540K c/s real, 527567 c/s virtual Benchmarking: dummy [N/A]... DONE Raw: 81656K c/s real, 81008K c/s virtual Benchmarking: crypt, generic crypt(3) [?/64]... DONE Many salts: 3939K c/s real, 109467 c/s virtual Only one salt: 3305K c/s real, 92308 c/s virtual
Thoughts on AWS
Some of the speeds reported aren’t bad, but not great. Most decent GPUs will do much better against some of the easy algorithms such as MD5, NTLM, etc.
Looking into spot instances on AWS (instances run at cheaper rates when available) could be an option for those automating a password cracking business in the cloud.
This was really just a close look at using a high core count on AWS. Maybe in the future, I’ll get around to delving a bit deeper into this approach to password cracking.
- Large Password Lists: Password Cracking Dictionary’s Download For Free
- Making a Perfect WordList using Crunch with Kali Linux
- Making a Perfect Custom Wordlist Using Crunch