SlideShare a Scribd company logo
1 of 44
GPU Cracking - On the Cheap
Karl Fosaaen
Eric Gruber
Introductions
• Who are we?
‒Karl Fosaaen
‒Eric Gruber
• What do we do?
‒Pen Test
‒Crack Passwords
‒Blog
GPU Cracking on the Cheap
• Defining Terms
‒Science Project
‒GPU
‒Bitcoin
‒Hashes
GPU Cracking on the Cheap
•Hashes
‒ Password123 =
58A478135A93AC3BF058A5EA0E8FDB71
‒ Password1234 =
8C3EFC486704D2EE71EEBE71AF14D86C
58A478135A93AC3BF058A5EA0E8FDB71
≠
8C3EFC486704D2EE71EEBE71AF14D86C
GPU Cracking on the Cheap
• Overview
‒Why do we want to GPU crack
‒Ideal Setup
‒Hardware Selection
‒Construction
‒Operating System
‒Methodology
GPU Cracking on the Cheap
• Why do we want to crack?
‒Pen Testing
‒Password Auditing
•Why do we want to use GPUs?
‒CPU versus GPU
‒Trade Offs
‒The Cloud?
Performance: Brute Force (6 Characters)
0
100
200
300
400
500
600
Minutes for Six Character Brute Force
CPU GPU
Performance: Brute Force (6 Characters)
Performance
• Brute Force Power (8 Characters)
Hash Type Speed
NetNTLMv2 1,877.8 MH/s
SHA1 9,515.4 MH/s
descrypt 11,060.1 kH/s
MD5 19,834.3 MH/s
NTLM 32,930.2 MH/s
GPU Cracking: The Ideal Set Up
• The Ideal Set Up
‒ If Money is no object
GPU Cracking: The Ideal
• Buy one of these
‒ Case, Motherboard, and Power ($3,599.99)
• TYAN B7015F72V2R
‒ Case, Motherboard, and Power ($ 4,649.99)
• Tyan FT77AB7059 (B7059F77AV6R-2T)
GPU Cracking: The Practical Option
• But I’m more like this shadow guy…
GPU Cracking: Building the Rig
Our Current Set Up
GPU Cracking: Building the Rig
GPU Cracking: The Hardware
• GPU Selection
‒ What do we want?
• Reference card versus non-reference
• Stream Processors
• Card Cores
• Processor Speed
• Overclocking
• AMD versus NVIDIA
• Crossfire and SLI – Doesn’t matter here
• These are the Most Important Part of the Rig
‒ So spend some money
GPU Cracking: The Hardware
• 7970 Option
‒ MSI Radeon HD 7970 Twin Frozr ($529.99*)
• Core Clock: 1000MHz
• Stream Processors: 2048 Stream Processors
• Memory Size: 3GB GDDR5
• 7950 Option
‒ XFX Double D Radeon HD 7950 ($419.99*)
• Core Clock: 925MHz
• Stream Processors: 1792 Stream Processors
• Memory Size: 3GB GDDR5
*Newegg prices as of February 2014
GPU Cracking: The Hardware
• Motherboard
‒What to look for
• PCI Express slots
• 16x versus 1x
• Power to the board
• Some have additional power for cards
• Onboard power switch
• Handy for open air cases
GPU Cracking: The Hardware
• Motherboard
‒ ASRock H81 Pro BTC ($130-190*)
*Amazon price variance during January 2014
GPU Cracking: The Hardware
• Risers
‒ Ribbon cable versus USB 3
‒ Preferred: USB 3 risers
• The ribbons are not as reliable
GPU Cracking: The Hardware
•Power for the cards
GPU Cracking: The Hardware
• Power Supply
‒ 1500W is ideal for a couple of cards
‒ Could probably get closer to 1000W
• Just not recommended, or get two
‒ Modular is the easiest to manage
GPU Cracking: The Hardware
• Other Hardware Selection
‒ Processor
• A reasonably powered Intel (i3,i5,i7)
‒ Hard Drive
• SSD for OS
• Non-SSD for cold storage (Dictionaries, etc.)
‒ RAM
• What ever you can afford to put in
• These can all be relatively generic
GPU Cracking: The Case
• Case
‒ This can be pretty open ended
‒ Start with server rack shelving
‒ Check out your local hardware store
• Wire shelving cubes
• Aluminum Rails
‒ Zip ties, bailing wire, bits of string
GPU Cracking: The Case
•Case, case, no case
GPU Cracking: Airflow
GPU Cracking: Building the Rig
• Plan everything out!
GPU Cracking: Building the Rig
• The Initial End Result
GPU Cracking: Building the Rig
• Another Angle
GPU Cracking: Building the Rig
The Current Set Up
GPU Cracking: Building the Rig
GPU Cracking: Final Costs
• Parts list:
Parts Est. Cost
Motherboard $160
Processor (Intel Celeron) $50
RAM (4 GB) $40
Hard Drives $150
Risers (4) $160
Power Supply (1500 W) $360
Video Cards (4) $2,116
Case Materials $20
Total $3,056
GPU Cracking: Final Costs
• Parts list:
Parts Est. Cost
Motherboard $160
Processor (Intel Celeron) $50
RAM (4 GB) $40
Hard Drives $150
Risers (4) $160
Power Supply (1500 W) $360
Video Cards (4) $2,116
Case Materials $20
Total $3,056
GPU Cracking: Software Side
• Operating System
• Cracking Software
Essentially comes down to this
Driver support
• Windows support is generally good for both
AMD and Nvidia
• Linux support is getting better
• Both are good options, unless you’re Linus…
Server Setup
• Windows and Linux work very well for server setups
• Both can be setup as a headless server
• We prefer Linux
‒ Easy to manage
‒ Lightweight
‒ Free
Cracking Software
• We want something free
‒ John
‒ oclHashcat
• John/oclHashcat support GPU cracking with
CUDA/OpenCL
• We use oclHashcat
‒ Frequently updated
‒ Best performance
‒ Supports large number of hash types
Methodology
• Wielding the power responsibly
‒ Brute force isn’t always the best option
Methodology
• Dictionary Attacks
‒ Add in some mangling rules
• Leet Speak
• Password => P@$$vv0rd
• Append Numbers
• Password => Password2014
‒ Double up on dictionaries
• PasswordPassword
‒ Sources
• Wikipedia
• Urban Dictionary
• Alexa Domain Lists
• Crackstation, SkullSecurity, etc.
Methodology
• Masking Attacks
‒ Commonly Used Patterns
‒ Netspi1234 = ?u?l?l?l?l?l?d?d?d?d
• One Upper
• Five Lower
• Four Digits
• Ten characters total, meets complexity
‒ Easy to generate
• Based off of previous cracks, leaks, etc.
Demo
Conclusions
• It can be done
• It’s not that expensive
• Learn from our mistakes
Questions
Questions?
Karl Fosaaen (@kfosaaen)
Eric Gruber (@egru)
http://www.netspi.com/blog
Questions
Thanks!
Karl Fosaaen (@kfosaaen)
Eric Gruber (@egru)

More Related Content

What's hot

Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster Ceph Community
 
Hostingultraso com (1)
Hostingultraso com (1)Hostingultraso com (1)
Hostingultraso com (1)ayan Maity
 
Overclocking & Economy
Overclocking & EconomyOverclocking & Economy
Overclocking & EconomyAsad Salihi
 
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph clusterCeph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph clusterCeph Community
 
Managing server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password managerManaging server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password managerIgnat Korchagin
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_cephAlex Lau
 
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Kristofferson A
 
Overclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit HoleOverclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit HoleHWBOT
 
NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality Nebraska Library Commission
 
The Database Sizing Workflow
The Database Sizing WorkflowThe Database Sizing Workflow
The Database Sizing WorkflowKristofferson A
 
Build your own computer!
Build your own computer!Build your own computer!
Build your own computer!Martin LaGrow
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computerjtmccollum
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computerjtmccollum
 

What's hot (17)

Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
 
Hostingultraso com (1)
Hostingultraso com (1)Hostingultraso com (1)
Hostingultraso com (1)
 
Overclocking & Economy
Overclocking & EconomyOverclocking & Economy
Overclocking & Economy
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017
 
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph clusterCeph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
 
MySQL Head-to-Head
MySQL Head-to-HeadMySQL Head-to-Head
MySQL Head-to-Head
 
Managing server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password managerManaging server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password manager
 
ceph-barcelona-v-1.2
ceph-barcelona-v-1.2ceph-barcelona-v-1.2
ceph-barcelona-v-1.2
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_ceph
 
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
 
Overclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit HoleOverclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit Hole
 
Ironic
IronicIronic
Ironic
 
NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality
 
The Database Sizing Workflow
The Database Sizing WorkflowThe Database Sizing Workflow
The Database Sizing Workflow
 
Build your own computer!
Build your own computer!Build your own computer!
Build your own computer!
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
 

Viewers also liked

All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One -  A ClickOnce Love Story - Secure360 2015All You Need is One -  A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseSeth Law
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingNetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksNetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 

Viewers also liked (14)

All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One -  A ClickOnce Love Story - Secure360 2015All You Need is One -  A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and Defense
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Thick client application security assessment
Thick client  application security assessmentThick client  application security assessment
Thick client application security assessment
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 

Similar to GPU Cracking Passwords Cheaply Using Open Source Tools

Creating desktop for gaming
Creating desktop for gamingCreating desktop for gaming
Creating desktop for gamingJaimin Thakkar
 
GPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holdsGPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holdsArnon Shimoni
 
Building a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and AcademicsBuilding a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and AcademicsJoshLefebvre1
 
How to build a gaming computer
How to build a gaming computerHow to build a gaming computer
How to build a gaming computerDonald Gillies
 
AMD processors
AMD processorsAMD processors
AMD processorssanthu652
 
5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 Review5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 ReviewLoura Wind
 
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)Ontico
 
Guide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PCGuide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PCMemory4 less
 
Servers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - ThailandServers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - ThailandAruj Thirawat
 
Presentation database on flash
Presentation   database on flashPresentation   database on flash
Presentation database on flashxKinAnx
 
The 2008 Pc Builders Bible
The 2008 Pc Builders BibleThe 2008 Pc Builders Bible
The 2008 Pc Builders BibleSais Abdelkrim
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisMike Pittaro
 
Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis PyData
 
Building an ethereum miner workshop
Building an ethereum miner workshopBuilding an ethereum miner workshop
Building an ethereum miner workshopJose Hernandez
 
Power Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbookPower Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbookPowerSaturdayParis
 
Best laptop values
Best laptop valuesBest laptop values
Best laptop valuesDennis Tan
 
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...Umbra Software
 
introduction to computer hardware
 introduction to computer hardware introduction to computer hardware
introduction to computer hardwareBikramjeet Sidhu
 
A way to visual the best storage media for an application
A way to visual the best storage media for an applicationA way to visual the best storage media for an application
A way to visual the best storage media for an applicationTony Roug
 

Similar to GPU Cracking Passwords Cheaply Using Open Source Tools (20)

Creating desktop for gaming
Creating desktop for gamingCreating desktop for gaming
Creating desktop for gaming
 
GPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holdsGPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holds
 
Building a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and AcademicsBuilding a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and Academics
 
How to build a gaming computer
How to build a gaming computerHow to build a gaming computer
How to build a gaming computer
 
AMD processors
AMD processorsAMD processors
AMD processors
 
5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 Review5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 Review
 
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
 
Guide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PCGuide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PC
 
Servers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - ThailandServers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - Thailand
 
Presentation database on flash
Presentation   database on flashPresentation   database on flash
Presentation database on flash
 
The 2008 Pc Builders Bible
The 2008 Pc Builders BibleThe 2008 Pc Builders Bible
The 2008 Pc Builders Bible
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysis
 
Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis
 
Building an ethereum miner workshop
Building an ethereum miner workshopBuilding an ethereum miner workshop
Building an ethereum miner workshop
 
Power Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbookPower Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbook
 
Best laptop values
Best laptop valuesBest laptop values
Best laptop values
 
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
 
Emulating With JavaScript
Emulating With JavaScriptEmulating With JavaScript
Emulating With JavaScript
 
introduction to computer hardware
 introduction to computer hardware introduction to computer hardware
introduction to computer hardware
 
A way to visual the best storage media for an application
A way to visual the best storage media for an applicationA way to visual the best storage media for an application
A way to visual the best storage media for an application
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

GPU Cracking Passwords Cheaply Using Open Source Tools

  • 1. GPU Cracking - On the Cheap Karl Fosaaen Eric Gruber
  • 2. Introductions • Who are we? ‒Karl Fosaaen ‒Eric Gruber • What do we do? ‒Pen Test ‒Crack Passwords ‒Blog
  • 3. GPU Cracking on the Cheap • Defining Terms ‒Science Project ‒GPU ‒Bitcoin ‒Hashes
  • 4. GPU Cracking on the Cheap •Hashes ‒ Password123 = 58A478135A93AC3BF058A5EA0E8FDB71 ‒ Password1234 = 8C3EFC486704D2EE71EEBE71AF14D86C 58A478135A93AC3BF058A5EA0E8FDB71 ≠ 8C3EFC486704D2EE71EEBE71AF14D86C
  • 5. GPU Cracking on the Cheap • Overview ‒Why do we want to GPU crack ‒Ideal Setup ‒Hardware Selection ‒Construction ‒Operating System ‒Methodology
  • 6. GPU Cracking on the Cheap • Why do we want to crack? ‒Pen Testing ‒Password Auditing •Why do we want to use GPUs? ‒CPU versus GPU ‒Trade Offs ‒The Cloud?
  • 7. Performance: Brute Force (6 Characters) 0 100 200 300 400 500 600 Minutes for Six Character Brute Force CPU GPU
  • 8. Performance: Brute Force (6 Characters)
  • 9. Performance • Brute Force Power (8 Characters) Hash Type Speed NetNTLMv2 1,877.8 MH/s SHA1 9,515.4 MH/s descrypt 11,060.1 kH/s MD5 19,834.3 MH/s NTLM 32,930.2 MH/s
  • 10. GPU Cracking: The Ideal Set Up • The Ideal Set Up ‒ If Money is no object
  • 11. GPU Cracking: The Ideal • Buy one of these ‒ Case, Motherboard, and Power ($3,599.99) • TYAN B7015F72V2R ‒ Case, Motherboard, and Power ($ 4,649.99) • Tyan FT77AB7059 (B7059F77AV6R-2T)
  • 12. GPU Cracking: The Practical Option • But I’m more like this shadow guy…
  • 13. GPU Cracking: Building the Rig Our Current Set Up
  • 15. GPU Cracking: The Hardware • GPU Selection ‒ What do we want? • Reference card versus non-reference • Stream Processors • Card Cores • Processor Speed • Overclocking • AMD versus NVIDIA • Crossfire and SLI – Doesn’t matter here • These are the Most Important Part of the Rig ‒ So spend some money
  • 16. GPU Cracking: The Hardware • 7970 Option ‒ MSI Radeon HD 7970 Twin Frozr ($529.99*) • Core Clock: 1000MHz • Stream Processors: 2048 Stream Processors • Memory Size: 3GB GDDR5 • 7950 Option ‒ XFX Double D Radeon HD 7950 ($419.99*) • Core Clock: 925MHz • Stream Processors: 1792 Stream Processors • Memory Size: 3GB GDDR5 *Newegg prices as of February 2014
  • 17. GPU Cracking: The Hardware • Motherboard ‒What to look for • PCI Express slots • 16x versus 1x • Power to the board • Some have additional power for cards • Onboard power switch • Handy for open air cases
  • 18. GPU Cracking: The Hardware • Motherboard ‒ ASRock H81 Pro BTC ($130-190*) *Amazon price variance during January 2014
  • 19. GPU Cracking: The Hardware • Risers ‒ Ribbon cable versus USB 3 ‒ Preferred: USB 3 risers • The ribbons are not as reliable
  • 20. GPU Cracking: The Hardware •Power for the cards
  • 21. GPU Cracking: The Hardware • Power Supply ‒ 1500W is ideal for a couple of cards ‒ Could probably get closer to 1000W • Just not recommended, or get two ‒ Modular is the easiest to manage
  • 22. GPU Cracking: The Hardware • Other Hardware Selection ‒ Processor • A reasonably powered Intel (i3,i5,i7) ‒ Hard Drive • SSD for OS • Non-SSD for cold storage (Dictionaries, etc.) ‒ RAM • What ever you can afford to put in • These can all be relatively generic
  • 23. GPU Cracking: The Case • Case ‒ This can be pretty open ended ‒ Start with server rack shelving ‒ Check out your local hardware store • Wire shelving cubes • Aluminum Rails ‒ Zip ties, bailing wire, bits of string
  • 24. GPU Cracking: The Case •Case, case, no case
  • 26. GPU Cracking: Building the Rig • Plan everything out!
  • 27. GPU Cracking: Building the Rig • The Initial End Result
  • 28. GPU Cracking: Building the Rig • Another Angle
  • 29. GPU Cracking: Building the Rig The Current Set Up
  • 31. GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
  • 32. GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
  • 33. GPU Cracking: Software Side • Operating System • Cracking Software
  • 35. Driver support • Windows support is generally good for both AMD and Nvidia • Linux support is getting better • Both are good options, unless you’re Linus…
  • 36. Server Setup • Windows and Linux work very well for server setups • Both can be setup as a headless server • We prefer Linux ‒ Easy to manage ‒ Lightweight ‒ Free
  • 37. Cracking Software • We want something free ‒ John ‒ oclHashcat • John/oclHashcat support GPU cracking with CUDA/OpenCL • We use oclHashcat ‒ Frequently updated ‒ Best performance ‒ Supports large number of hash types
  • 38. Methodology • Wielding the power responsibly ‒ Brute force isn’t always the best option
  • 39. Methodology • Dictionary Attacks ‒ Add in some mangling rules • Leet Speak • Password => P@$$vv0rd • Append Numbers • Password => Password2014 ‒ Double up on dictionaries • PasswordPassword ‒ Sources • Wikipedia • Urban Dictionary • Alexa Domain Lists • Crackstation, SkullSecurity, etc.
  • 40. Methodology • Masking Attacks ‒ Commonly Used Patterns ‒ Netspi1234 = ?u?l?l?l?l?l?d?d?d?d • One Upper • Five Lower • Four Digits • Ten characters total, meets complexity ‒ Easy to generate • Based off of previous cracks, leaks, etc.
  • 41. Demo
  • 42. Conclusions • It can be done • It’s not that expensive • Learn from our mistakes
  • 43. Questions Questions? Karl Fosaaen (@kfosaaen) Eric Gruber (@egru) http://www.netspi.com/blog