Professional Documents
Culture Documents
https://medium.com/@iraklis/running-hashcat-v4-0-0-in-amazons-aws-
new-p3-16xlarge-instance-e8fab4541e9b
Since that post was created there have been some changes to the offerings in
AWS EC2 leading me write this post.
If you wish to skip ahead I have created scripts to automate the processes in
the rest of this post. They are both in my github and can be downloaded at the
following links.
https://github.com/suidroot/AWSScripts/blob/master/aws-ec2-create-
kracker.sh
https://github.com/suidroot/AWSScripts/blob/master/configure-kracker.sh
For the rest of the article I will cover some of the instance options in EC2,
installation of the needed Linux packages, the basic setup of Hashcat, running
Hashcat, and finally monitoring and benchmarks of an EC2 instance.
G3 – https://aws.amazon.com/ec2/instance-types/g3/
P2 – https://aws.amazon.com/ec2/instance-types/p2/
I found the g3 instances to be the more cost effective tier. For my testing I opted
to use the g3.4xlarge tier. Next to choose the AMI image, appropriate the
appropriate operating system.
AMI images
There are two options that are I tested hashcat on they are both Ubuntu based.
I’m sure there are many other available options that will work too, but I am
familiar with Ubuntu systems. The first option is a standard Ubuntu image,
there is nothing special about this image and it requires configuration to add the
GPU drivers and a little more work.
Standard Ubuntu
The next option is a Deep Learning image, this image is preconfigured with the
GPU drivers and was originally designed for machine learning applications. I
found the the pre-configuration allowed for me skip a few steps in building out a
new system.
An apt cronjob may already be running and you will have to wait it out.
This script will install all the required packages and the Nvidia GPU drivers on a
vanilla Ubuntu installation.
#!/bin/bash
In comparison the previous script there is a much simpler script to prepare the
Deep Learning instance. The main focus is installing the needed archive
extraction tools.
#!/bin/bash
Hashcat Setup
Now we need to download and extract the star of the show Hashcat. The link in
the wget below points to the the most recent version as of writing however you
might want to check to see if there is a more recent version at the main site:
https://hashcat.net/hashcat/
wget https://hashcat.net/files/hashcat-5.1.0.7z
7z x hashcat-5.1.0.7z
Download wordlists
You will need some wordlists for hashcat to use to crack passwords, he
commands listed are for some wordlists I like to use when cracking. You should
however add whichever lists are your favories.
mkdir ~/wordlists
git clone https://github.com/danielmiessler/SecLists.git ~/wordlists/seclists
wget -nH http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 -O ~/wordlists/r
cd ~/wordlists
bunzip2 ./rockyou.txt.bz2
cd ~
Running hashcat
Now it is time to run hashcat and crack some passwords. When running hashcat
I had the best performance with the arguments-O -w 3. Below is an example
command line I’ve used inclusing a rules file.
./hashcat-5.1.0/hashcat64.bin --username -m 1800
./megashadow256.txt wordlists/rockyou.txt -r hashcat-
5.1.0/rules/best64.rule -O -w 3
The nvidia-smi utility can be used to show the GPU processor usage and what
processes are utilizing the GPU(s). The first example is is showing an idle GPU.
+-----------------------------------------------------------------------------+
| Processes: GPU Memory |
| GPU PID Type Process name Usage |
|=============================================================================|
| No running processes found |
+-----------------------------------------------------------------------------+
This example shows a GPU being used by hashcat.
+-----------------------------------------------------------------------------+
| Processes: GPU Memory |
| GPU PID Type Process name Usage |
|=============================================================================|
| 0 11739 C ./hashcat-5.1.0/hashcat64.bin 817MiB |
+-----------------------------------------------------------------------------+
* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
You can use --force to override, but do not report related errors.
nvmlDeviceGetFanSpeed(): Not Supported
Hashmode: 0 - MD5
Hashmode: 3000 - LM
Hashmode: 500 - md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) (Iterations: 1000)