GPU based password recovery on Linux. TXLF 2013
-
Upload
brad-richardson -
Category
Technology
-
view
246 -
download
0
description
Transcript of GPU based password recovery on Linux. TXLF 2013
GPU based password
recovery on LinuxBrad Richardson
#whoami
Brad Richardson – Enterprise Systems Engineer - HPC and Cloud
RHCE – Red Hat Certified Engineer #805008158134728
RHCVA - Red Hat Certified Virtualization Administrator
CCAH – Cloudera Certified Administrator for Apache Hadoop
VCP – VMware Certified Professional
Chase Herrington – Enterprise Systems Engineer - HPC and Cloud
RHCE – Red Hat Certified Engineer
RHCVA - Red Hat Certified Virtualization Administrator
LPI 3 – Linux Professional Institute Certification 3
VCP – VMware Certified Professional
Prerequisites
Linux system (RHEL 6.4 used in all examples)
7zip
GPU or GPGPU – AMD preferred for best performance
oclHashcat-plus – supports openCL and CUDA
Catalyst 13.1 (AMD) or CUDA Toolkit 5 (nVidia)
Hardware used in all examples:
Dell PowerEdge R720
nVidia Tesla m2075 GPGPU
2x Intel E5-2620 6-core CPUs @ 2.0GHz
64 GB ECC DDR3 memory
Performance
Server and workstation GPUs not recommended. There is no need for double
precision or ECC memory. Examples include nVidia Tesla, Quadro, or AMD FirePro.
Preferred GPUs – AMD 6990, AMD 5970, or AMD 7970
AMD 6990 md5 hash rate – 6956M c/s – high performance/limited availability
AMD 7970 md5 hash rate - 5470M c/s – high performance/high availability
nVidia tesla m2075 md5 hash rate – 1188M c/s – low performance/high cost
2x Intel Xeon E5-2620 CPU md5 hash rate – 69.1M c/s – very poor performance
AMD vs nVidia
AMD GPUs almost always outperform nVidia for hash cracking.
AMD typically has more cores at slower clock speed than nVidia resulting in better
OpenCL parallelization.
oclHashcat-plus installation
# wget http://hashcat.net/files/oclHashcat-plus-0.13.7z
# 7za x oclHashcat-plus-0.13.7z
# cd oclHashcat-plus-0.13
• For AMD GPUs use oclHashcat scripts
• For nVidia GPUs use cudaHashcat scripts
Brute force guessing#./cudaHashcat-plus64.bin -a 3 -m 0 -1 ?l?u?d --increment -n 160 -u 1024 hashlist
-a 3 = attack method – 3 for brute force
-m 0 = hash type – 0 for md5
-1 ?l?u?d = charset mask - use -1 to define custom charset
?l – abcdefghijklmnopqrstuvwxyz
?u – ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d – 0123456789
?s - !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
--increment = password length increment
-n 160 –u 1024 = GPU specific optimization for gpu-accel and gpu-loops
hashlist = filename for hash list file
Brute force guessing – complex password
• 8 character password with lowercase, uppercase, and numbers took 16 hours,
46 minutes to brute force.
• Same md5 hash using CPU was estimated to take 36 days.
Brute force guessing – simple password
• 7 character password with lowercase chars took 13 seconds to brute force.
• Same md5 hash using CPU was estimated to take 14 hours.
Dictionary guessing
#./cudaHashcat-plus64.bin -a 0 -m 500 -n 160 -u 1000 hashlist wordlist
-a 0 = attach method – 0 for dictionary
-m 500 = hashtype – 500 for md5crypt
-n 160 –u 1000 = GPU specific optimization for gpu-accel and gpu-loops
hashlist = filename for hash list file
wordlist = filename for dictionary word list file
I am using a 15GB word list file
Dictionary guessing is not recommend on fast algorithms like MD4, MD5 or NTLM. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the GPU.
Dictionary guessing on slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU.
Dictionary guessing – md5crypt
• Dictionary attack completed successfully in 16 minutes, 28 seconds
• Same md5crypt hash using CPU completed successfully in 2 hours, 43 minutes.
Advanced hardware examplesDell CloudEdge c410x
• 16x GPGPUs in 4U chassis
• GPGPU only
TYAN FT72B7015
• 8x GPUs in 4U chassis
• GPU and compute
Useful links and resources
oclHashcat-plus http://hashcat.net/oclhashcat-plus/
hashcat wiki http://hashcat.net/wiki/
Catalyst 13.1
http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx
CUDA Toolkit http://developer.nvidia.com/cuda-toolkit
Virtual Cluster (VCL) http://www.mosix.org/txt_vcl.html