Fastest Password Cracking with 36 Cores Amazon Web Services (AWS)
Fastest password cracking with 36 cores amazon web services (AWS) Package name on AWS (c4.8xlarge) for some password cracking-related activities.
I’m sharing some benchmarks with hashcat and John the Ripper with 36 cores. In order to use 36 core instances, you’ll need to use an HVM (hardware virtual machine) enabled machine image. For that, we’re gonna need Ubuntu 14.04 LTS image.
How to setup hashcat?
Usually, the GPU version of hashcat is the tool of choice for me when it comes to password cracking. However, on this occasion, I was interested in experimenting and benchmarking with CPUs only.
The setup for multicore hashcat is pretty straightforward. Installing libgmp3-dev was required in order to run multicore. Multiple core support is provided by default. You’ll need to download p7zip-full to extract the download a bit further on (7z).
sudo apt-get update sudo apt-get install -y libgmp3-dev p7zip-full
After this, it was just a case of downloading and installing the latest version of hashcat.
wget http://hashcat.net/files/hashcat-0.49.7z 7z x hashcat-0.49.7z
The EULA needed to be accepted before proceeding with using hashcat, here’s a quick copy-paste way to get the prompt up, I guess:
./hashcat-cli64.bin -a 0 -m 0 examples/A0.M0.hash examples/A0.M0.word
‘OH NO! I got this!’
./hashcat-cli64.bin: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory
No, you didn’t, because you did the apt-get install from earlier…
Benchmarks
Benchmarking is simple enough with hashcat using the –benchmark or -b option. Here’s the output (it’s a bit long):
./hashcat-cli64.bin
Initializing hashcat v0.49 with 36 threads and 32mb segment-size...
Device...........: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz
Instruction set..: x86_64
Number of threads: 36
Hash type: MD4
Speed/sec: 442.76M words
Hash type: MD5
Speed/sec: 380.02M words
Hash type: SHA1
Speed/sec: 218.86M words
Hash type: SHA256
Speed/sec: 110.37M words
Hash type: SHA512
Speed/sec: 43.28M words
Hash type: SHA-3(Keccak)
Speed/sec: 42.93M words
Hash type: GOST R 34.11-94
Speed/sec: 24.99M words
Hash type: SHA-1(Base64), nsldap, Netscape LDAP SHA
Speed/sec: 219.19M words
Hash type: SSHA-1(Base64), nsldaps, Netscape LDAP SSHA
Speed/sec: 197.88M words
Hash type: descrypt, DES(Unix), Traditional DES
Speed/sec: 10.54M words
Hash type: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Speed/sec: 407.68k words
Hash type: sha256crypt, SHA256(Unix)
Speed/sec: 21.27k words
Hash type: sha512crypt, SHA512(Unix)
Speed/sec: 8.49k words
Hash type: bcrypt, Blowfish(OpenBSD)
Speed/sec: 25.86k words
Hash type: Oracle 11g/12c
Speed/sec: 197.28M words
Hash type: NTLM
Speed/sec: 370.22M words
Hash type: DCC, mscash
Speed/sec: 221.91M words
Hash type: NetNTLMv1-VANILLA / NetNTLMv1+ESS
Speed/sec: 356.85M words
Hash type: NetNTLMv2
Speed/sec: 67.54M words
Hash type: EPiServer 6.x < v4
Speed/sec: 180.62M words
Hash type: EPiServer 6.x > v4
Speed/sec: 100.69M words
Hash type: MSSQL(2000)
Speed/sec: 177.41M words
Hash type: MSSQL(2005)
Speed/sec: 181.14M words
Hash type: MSSQL(2012)
Speed/sec: 41.34M words
Hash type: MySQL323
Speed/sec: 624.65M words
Hash type: MySQL4.1/MySQL5
Speed/sec: 120.88M words
Hash type: Oracle 11g/12c
Speed/sec: 197.77M words
Hash type: OSX v10.4, v10.5, v10.6
Speed/sec: 200.04M words
Hash type: OSX v10.7
Speed/sec: 42.08M words
Hash type: OSX v10.8 / v10.9
Speed/sec: 655 words
Hash type: Android PIN
Speed/sec: 204.72k words
Hash type: scrypt
Speed/sec: 979 words
Hash type: Cisco-PIX MD5
Speed/sec: 337.08M words
Hash type: Cisco-ASA MD5
Speed/sec: 311.25M words
Hash type: Cisco-IOS SHA256
Speed/sec: 110.45M words
Hash type: Cisco $9$
Speed/sec: 6.95k words
Hash type: WPA/WPA2
Speed/sec: 18.01k words
Hash type: IKE-PSK MD5
Speed/sec: 75.24M words
Hash type: IKE-PSK SHA1
Speed/sec: 34.08M words
Hash type: Password Safe v3
Speed/sec: 58.87k words
Hash type: AIX {ssha1}
Speed/sec: 2.27M words
Hash type: Radmin2
Speed/sec: 180.72M words
Hash type: HMAC-MD5 (key = $pass)
Speed/sec: 135.34M words
Hash type: HMAC-MD5 (key = $salt)
Speed/sec: 233.42M words
Hash type: HMAC-SHA1 (key = $pass)
Speed/sec: 66.68M words
Hash type: HMAC-SHA1 (key = $salt)
Speed/sec: 112.10M words
Hash type: HMAC-SHA256 (key = $pass)
Speed/sec: 30.67M words
Hash type: HMAC-SHA256 (key = $salt)
Speed/sec: 58.05M words
Hash type: HMAC-SHA512 (key = $pass)
Speed/sec: 11.45M words
Hash type: HMAC-SHA512 (key = $salt)
Speed/sec: 22.37M words
Hash type: IPMI2 RAKP HMAC-SHA1
Speed/sec: 68.25M words
Hash type: Half MD5
Speed/sec: 309.78M words
Hash type: Double MD5
Speed/sec: 170.11M words
Hash type: GRUB 2
Speed/sec: 2.33k words
Hash type: phpass, MD5(WordPress), MD5(phpBB3), MD5(Joomla)
Speed/sec: 292.59k words
Hash type: Joomla < 2.5.18
Speed/sec: 313.02M words
Hash type: osCommerce, xt:Commerce
Speed/sec: 318.75M words
Hash type: IPB2+, MyBB1.2+
Speed/sec: 142.57M words
Hash type: vBulletin < v3.8.5
Speed/sec: 162.44M words
Hash type: SMF > v1.1
Speed/sec: 200.07M words
John the Ripper
I compiled John from the source so there were a few extra steps involved. If I try this again at some point I’ll try and setup the community edition of John for some of the added functionality.
Setup
Since there’s some compiling to do I grabbed build-essential. libssl-dev is required for john.
apt-get update apt-get install build-essential make libssl-dev
Next, I pulled down the latest release of john the ripper (1.8.0 at the time of writing) and extracted it. If you’re using these notes in the future you might have to change the URL below (or at least check to see if there’s a newer version out).
wget http://www.openwall.com/john/j/john-1.8.0.tar.gz tar xvfz john*.tar.gz
Time to compile. The OMPFLAGS need to be uncommented in the make file.
cd john*/src/ vi Makefile
The following lines needed changing…
# gcc with OpenMP #OMPFLAGS = -fopenmp # gcc with OpenMP on 32-bit x86 with SSE2 #OMPFLAGS = -fopenmp -msse2
..to (lines uncommented):
# gcc with OpenMP OMPFLAGS = -fopenmp # gcc with OpenMP on 32-bit x86 with SSE2 OMPFLAGS = -fopenmp -msse2
After changing I saved the file and then run the following to compile.
make clean linux-x86-64
With any luck, the john binary will be in the run folder ready to be played with.
Benchmarks
John comes with a –test option for benchmarking.
./john --test
Will run 36 OpenMP threads
Benchmarking: descrypt, traditional crypt(3) [DES 128/128 SSE2-16]... DONE
Many salts: 38810K c/s real, 1081K c/s virtual
Only one salt: 28225K c/s real, 785700 c/s virtual
Benchmarking: bsdicrypt, BSDI crypt(3) ("_J9..", 725 iterations) [DES 128/128 SSE2-16]... DONE
Many salts: 1358K c/s real, 37751 c/s virtual
Only one salt: 958464 c/s real, 27775 c/s virtual
Benchmarking: md5crypt [MD5 32/64 X2]... DONE
Raw: 318237 c/s real, 8881 c/s virtual
Benchmarking: bcrypt ("$2a$05", 32 iterations) [Blowfish 32/64 X2]... DONE
Raw: 25488 c/s real, 708 c/s virtual
Benchmarking: LM [DES 128/128 SSE2-16]... DONE
Raw: 88090K c/s real, 2462K c/s virtual
Benchmarking: AFS, Kerberos AFS [DES 48/64 4K]... DONE
Short: 520345 c/s real, 520345 c/s virtual
Long: 1702K c/s real, 1702K c/s virtual
Benchmarking: tripcode [DES 128/128 SSE2-16]... DONE
Raw: 16540K c/s real, 527567 c/s virtual
Benchmarking: dummy [N/A]... DONE
Raw: 81656K c/s real, 81008K c/s virtual
Benchmarking: crypt, generic crypt(3) [?/64]... DONE
Many salts: 3939K c/s real, 109467 c/s virtual
Only one salt: 3305K c/s real, 92308 c/s virtual
Thoughts on AWS
Some of the speeds reported aren’t bad, but not great. Most decent GPUs will do much better against some of the easy algorithms such as MD5, NTLM, etc.
Looking into spot instances on AWS (instances run at cheaper rates when available) could be an option for those automating a password cracking business in the cloud.
This was really just a close look at using a high core count on AWS. Maybe in the future, I’ll get around to delving a bit deeper into this approach to password cracking.
- Large Password Lists: Password Cracking Dictionary’s Download For Free
- Making a Perfect WordList using Crunch with Kali Linux
- Making a Perfect Custom Wordlist Using Crunch
