Shulou(Shulou.com)06/02 Report--

Editor to share with you how to use hashcat to crack passwords on multi-GPU systems. I hope you will gain something after reading this article. Let's discuss it together.

I did a penetration test on the Linux server pool just a few days ago, and when I performed this task, I knew there was a high probability of password reuse on these servers. I managed to get shell on one of the servers and get root permissions by using privesc kernel vulnerabilities, and then I was able to take complete control of the server. For other servers, because I know that passwords may be reused, I just need to use the acquired root access to extract / etc/shadow files and I will probably take them down in one fell swoop.

/ etc/shadow file

The / etc/shadow file is one of several hashing algorithms used to store user accounts and their passwords in ciphertext. Each time the user logs in with his password, the system checks the hash algorithm used by the account and performs a hash operation on the password entered by the user, and then compares the output with the stored value in the shadow file. If the result is the same, the user account is verified successfully and the login operation is allowed.

So the first step I need to do now is to analyze the encrypted hash type of the password stored in the shadow file I just recovered.

Linux Hashes

On Linux-like systems, you can learn about common algorithms for password hashing by looking at the following files

/ etc/pam.d/common-password

Here we can see that the hash algorithm is sha512. We can also identify the hash algorithm used by directly looking at the hash stored in the shadow file.

For example

In this file we see a symbol of $6 at the beginning of the hash. The symbol identifies the hash algorithm used to generate it. Depending on the algorithm used, the number of the $symbol can range from 1 to 6.

In addition, we can also get some other information from this line, such as the option salt of the algorithm, and finally the hash password, as shown in the following figure.

What really matters to us here are its algorithms and hash passwords. Salt is a random string used to generate hashes so it can prevent attacks such as rainbow tables. Several other options can also be found in the file. I suggest you learn more about them here. Next we will continue the password cracking process because the other options / parameters in the file have nothing to do with password cracking.

One of the main problems to pay attention to here is the hash algorithm, because we may spend different time cracking passwords according to the hash algorithm used, but it does not necessarily mean that the more advanced algorithm is, the lower the efficiency is.

$1 = MD5 hashing algorithm.$2 = Blowfish Algorithm.$2a = eksblowfish Algorithm$5 = SHA-256 Algorithm$6 = SHA-512 Algorithm

As you can see, the larger the number, the more advanced the hash algorithm. But this does not mean that the more advanced the hash algorithm is, the more difficult it is to crack. But please note that for example, MD5 is an outdated hash algorithm that can be easily cracked by collision attacks, but it will be much more difficult for sha algorithm collision attacks.

Hash cracking

A standard attack against shadow file password cracking is to detect the hash algorithm and then generate a set of hashes based on certain character combinations and compare each of them with the hash we want to crack to see if the match is successful.

Crackers like john the ripper or hashcat basically do this, and they analyze the hashes and then launch some kind of brute force attack on them to get the password. The algorithm is easy to understand. We generate a candite and test it against the hash values. If they don't match, we repeat the process. If we split the dictionary into two identical files and send them to a separate processor, we can triple the speed of the attack, and if we have more CPU, we can speed up n times.

But if you consider the nature of hash generation and comparison operations and combine your practical experience, you will find that parallelization cracking operations through GPU can achieve better results than CPU-based cracking operations.

Why

Because GPU has hundreds of cores, it is perfect for performing these operations. Now I quote Thomas Pornin's explanation.

GPU achieves its excellent performance by using a large number of parallelism across hundreds of cores. This can be achieved through pipeline operations that require multiple cycles for each individual operation to run, but continuous operations can be started and shared instruction decoding like trucks on the highway because many cores will run the same instructions at the same time.

Hashcat can use the power of one or more GPU to crack many different password hashes.

So I decided to use multiple GPU and the linux operating system with hashcat programs to build a dedicated cracking station.

In this article, I will use the following files for a series of demonstrations

Click to download shadow2

[...] user3122:$1 $FxueP4SH$Fn5lpvorz.XGJ0.aNjPs9/:14968:0:99999:7user6105:$1$ GTMXpwtl$nDHwFc7bNPNh6Z0R6Xn2D1:16813:0:99999:7user7255:$1 $HUu26aGL$AC8YVXyqHmAhkQcXzWwze.:14524:0:99999:7user8167:$1 $Y8JtHBbU$EQvnJ3eu14rLvBfvWhCmJ0:15999:0:99999:7user9880:$1 $WuZBV4XE$p95fTpYm4qYrvyFo1QZlg.:15566:0:99999:7user3133:$1$ cx.Ctgl.$2kV5bIfTfanzowVCOQVJ8/:14383:0:99999:7user6859:$1$ YjpXADgu$SZpQEmQ4dsdMMZtQ0vgen0:17338:0:99999:7user9180:$1 $CabG48K.$uP4nUqVpfqlX3.hxm27R/.:17271:0:99999:7user1795:$1 $7uWjhHle$V5S0g0RlNMqxwUNw4PeRy/:15913:0:99999:7user4566:$1$ iTcKPKG/$96bYX9pEx7Exqq66W2NrY1: 15279:0:99999:7user6653:$1 $XMY2RA1c$k0zPPbRfjm3kOU3i4FRo0.:15257:0:99999:7 [...]

The file contains more than 500 MD5 hash passwords

The following file contains a SHA512 hash password

Click to download single

$6$ fQsjcwyB$N/HCQx9xohBVqkqAQFhVpkg2Bp3Ki51MMZPED4CQ9e/FLx0yRwnMVoaPcY7UtZJAlXjMrUgflazaspzvClaUX.

We will use these files to test hashcat a little bit to check its performance and understand its fundamentals.

Set up

After consideration by me and the team, building a cracking station roughly requires the following components

Motherboard Asus H170 Pro Gaming

CPUCeleron G3900

Memory Kingston ValueRAM DDR4 2133 PC4-17000 4GB CL15

Hard disk Seagate Barracuda 500GB 7.2 rpm

GPU6x AMD RX580

Power supply Seasonic SSR-850PX

The total cost is about 1650 euros.

After the above installation, we decided to install ubuntu 18.04 as the operating system. Ubuntu comes with some standard video drivers, but in order to release all the features of our GPU, we need to download and install its proprietary drivers. You can find them here.

After installing the driver, all that is left is to download the hashcat program.

Set up detection

After downloading hashcat, we can execute it by simply running its main binary. Here I create an alias for hashcat and point to / fullpath/hashcat64.bin.

You can run Hashcat from the command line with many different parameters. First, let's use the "- I" option to check our settings. If we have installed GPU correctly, we should be able to see them and list their properties and driver information for us.

Root@Hassium:/# hashcat-Ihashcat (v5.1.0) starting...OpenCL Info:Platform ID # 1 Vendor: Advanced Micro Devices, Inc. Name: AMD Accelerated Parallel Processing Version: OpenCL 2.1 AMD-APP (2766.4) Device ID # 1 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1411 Memory: 4048 Memory 7867 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4 Device ID # 2 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1340 Memory: 4048 Memory 8155 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4 Device ID # 3 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1411 Memory: 4048 Memory 8155 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4 Device ID # 4 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1411 Memory: 4048 Memory 8155 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4 Device ID # 5 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1411 Memory: 4048 Memory 8155 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4 Device ID # 6 Type: GPU Vendor ID: 1 Vendor: Advanced Micro Devices Inc. Name: Ellesmere Version: OpenCL 1.2 AMD-APP (2766.4) Processor (s): 36 Clock: 1411 Memory: 4048 Memory 8155 MB allocatable OpenCL Version: OpenCL C 1.2 Driver Version: 2766.4root@Hassium:/#

You can see that the test results are normal. Now we can use them to crack the hash.

Benchmark the settings hashcat-b-D 1 and 2

This will benchmark our system, including CPU and all GPU.

Dictionary attack

Dictionary attacks are the simplest and easiest to understand. In dictionary attacks we use a dictionary file that contains multiple potential passwords and we hash each of them and compare them with the hash to be cracked.

In this scenario, hashcat can divide the dictionary into N parts and forward each part to a GPU so that multiple dictionary files can be processed in parallel and our cracking speed is greatly improved.

The password dictionary includes many passwords that people habitually set, which can improve the password cracking success rate and hit rate of the password cracking software and shorten the password cracking time.

Here are some suggestions for the use of password dictionaries:

Some of the most common password dictionaries can be used for large-scale attacks against unknown targets.

Password dictionaries leaked from SN databases are very useful in large-scale and targeted attacks because we are likely to find our targets in some SN.

Customized dictionaries according to the target's hobby personality characteristics are very suitable for targeted attacks.

The commands for hash cracking using dictionaries are as follows

Hashcat-a 0-m 1800 hashes1.txt dic_eng.txt

The-a parameter specifies that the attack mode 0 represents the Straight mode to attempt to crack using the dictionary. The m parameter tells hashcat that the decrypted Hash type 1800 refers to the SHA-512 (Unix) type password and finally the prepared password dictionary file.

You can find some useful dictionaries here.

Let's try this attack against our single.txt hash file.

Hashcat64.bin-a 0-m 1800 / hashes/single.txt / dicts/rockyou-75.txtcat hashcat.potfileStarted: Mon Apr 15 19:19:15 2019 [2KStopped: Mon Apr 15 19:19:44 2019

You can see that there was no result from 19:19:15 to 19:19:44.

Let's try it with the shadow2.txt file

Echo "" > / home/cherrysan/hashcat-5.1.0/hashcat.potfile/home/cherrysan/hashcat-5.1.0/hashcat64.bin-a 0-m 500 / hashes/shadow2 / dicts/dic_eng.txtcat / home/cherrysan/hashcat-5.1.0/hashcat.potfiledateStarted: Mon Apr 15 19:59:40 2019 [2KStopped: Mon Apr 15 20:03:13 2019

There are also no results.

Combined attack

The advantage over a single dictionary file attack combination attack is that they can use a combination of two files to create new words and then use them to generate a hash and execute the attack.

Hashcat-a 1-m 1800 hashes2.txt english_names.txt years.txt

For example, in our example, we can combine all the words in the common_english_names dictionary with all the years from 1900 to 2018, which will result in the following combination

James1999john1982maria1978 [...]

This can be very useful because many people tend to use passwords such as nameYear, especially if their registered pages / systems require alphanumeric passwords.

Let's try this attack again against our single.txt hash file.

Hashcat64.bin-A1-m 500 / hashes/shadow2 / dicts/noms_sense_accents.txt / dicts/anys.txtcat hashcat.potfiledateStarted: Mon Apr 15 20:03:13 2019 [2KStopped: Mon Apr 15 20:23:15 2019 $1 $B15.1/Vy$wF4/SG.DtqdYhSPwge4gf.:Joan1995 $1 $ssG4kpwe$knWPdtFJ7S2YrtxMd.lcI.:Lluis1999 $1 $dha8Ks6T$8YMKv7.bxz0SXMa1dpUZG.:Laura2008 $1$ LXoiQGrz$JGh7n4IrXgpW/jspXye3m/:Eduard1986 $1 $zqmt75IJ$8iWYtnAczWg0AfVPir1A0.:Xavier2013

You can see that the password has been successfully cracked.

Blasting / masking attack

If we are unlucky that the password dictionary does not contain the target password, the cracker will still blast the hash to generate all the character combinations and test them one by one. For example:

Abcd [...]

And then

[...] aabbabccc1 [...]

Until the password is found or the point of death is reached.

This will be very tedious and time-consuming. What if we know that our target password is six characters? what if we already know what the first character is?

Hashcat-a 3-m 500 hashes1.txt? l?l?l

The following command will attack the hashes1.txt file containing the md5 hash to test every 3-letter combination.

We can use the following parameters as masks

? l = abcdefghijklmnopqrstuvwxyz?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ?d = 0123456789roomh = 0123456789abcdef?H = 0123456789ABCDEF?s = «space »! "# $% &'() * +, -. /:; @ [\] ^ _ `{|} ~ a =? l?u?d?s?b = 0x00-0xff

Please note that we can use fixed characters in the mask, such as

? 1?l?l?l?l?l19?d?d

The mask will generate the following keyspace key space

Aaaaaa1900-Zzzzzz1999hashcat64.bin-a 3-m 1800 / hashes/single.txt? l?l?l?l?d?d?dcat hashcat.potfileStarted: Mon Apr 15 19:19:49 2019 [2KStopped: Mon Apr 15 19:21:15 2019 $6$ fQsjcwyB$N/HCQx9xohBVqkqAQFhVpkg2Bp3Ki51MMZPED4CQ9e/FLx0yRwnMVoaPcY7UtZJAlXjMrUgflazaspzvClaUX.:hack123

You can see that we found the hash in less than 4 minutes.

Let's try it in the shadow2 file

Echo "" > / home/cherrysan/hashcat-5.1.0/hashcat.potfile/home/cherrysan/hashcat-5.1.0/hashcat64.bin-a 3-m 500 / hashes/shadow2? l?l?lcat / home/cherrysan/hashcat-5.1.0/hashcat.potfiledateStarted: Mon Apr 15 20:23:15 2019 [2KStopped: Mon Apr 15 20:32:52 2019

The combination of three characters did not find the password.

Mixed attack

Hashcat also gives us an interesting attack scenario called "hybryd attack". In mixed attacks, we can use masks to combine words in the dictionary with certain characters.

Hashcat-a 6-m 500 hashes1.txt dic_eng.txt? Dempd-I

In this attack, we attack the md5 hash value stored in hashes1.txt by combining each word in dict_eng.txt with two digits. We will generate the following words:

[...] chair12tree99cat11 [...]

Note that we can append a mask after or before the dictionary name depending on where the mask is used to generate other characters after or before each word.

Below I will use a file containing more than 500 hashes of MD5 passwords that you can download here.

We can use the following command to try a mixed attack.

Hashcat-a 6-m500 / hashes/shadow2 / dicts/rockyou-75.txt? Dempd-iroot@Hassium:/# hashcat-a 6-m500 / hashes/shadow2 / dicts/rockyou-75.txt? Dyogd-ihashcat (v5.1.0) starting...OpenCL Platform # 1: Advanced Micro Devices, Inc.===* Device # 1: Ellesmere, 4048A 7864 MB allocatable, 36MCU * Device # 2: Ellesmere, 4048Inc.===* Device 8155 MB allocatable, 36MCU * Device # 3: Ellesmere, 4048Inc.===* Device 8155 MB allocatable, 36MCU * Device # 4: Ellesmere 4048 MB allocatable 8155 MB allocatable, 36 MCU * Device # 5: Ellesmere, 4048 MD5 8155 MB allocatable, 36 MCU * MCU # 6: Ellesmere, 4048 Chara 8155 MCU, 36MCU [...] Session.: hashcatStatus.: RunningHash.Type.: md5crypt, MD5 (Unix) Cisco-IOS $1 $(MD5) Hash.Target.: / hashes/shadow2Time.Started.: Sun Apr 14 23:15:14 2019 (13 secs) Time.Estimated...: Sun Apr 14 23:19:14 2019 (3 mins, 47 secs) Guess.Base.: File (/ dicts/rockyou-75.txt), Left SideGuess.Mod.: Mask (d) [1] Right SideGuess.Queue.Base.: 1 Guess.Queue.Mod..: 1 (100.000%) Speed.#1.: 241.6 kH/s (0.88ms) @ Accel:32 Loops:31 Thr:64 Vec:1Speed.#2.: 173.8 kH/s (0.48ms) @ Accel:16 Loops:15 Thr:64 Vec:1Speed.#3.... .: 231.3 kH/s (0.90ms) @ Accel:32 Loops:31 Thr:64 Vec:1Speed.#4.: 241.3 kH/s (0.84ms) @ Accel:32 Loops:31 Thr:64 Vec:1Speed.#5.: 237.2 kH/s (0.84ms) @ Accel:32 Loops:31 Thr:64 Vec:1Speed.#6. .: 237.9 kH/s (0.85ms) @ Accel:32 Loops:31 Thr:64 Vec:1Speed.#*.: 1363.2 kH/s

In our 6-GPU cracking station, the attack lasted about an hour and we cracked 15 passwords.

Hardware.Mon.#1..: Temp: 36c Fan: 16% Core: 300MHz Mem: 300MHz Bus:0Hardware.Mon.#2..: Temp: 72C Fan: 40% Core:1340MHz Mem:2000MHz Bus:0Hardware.Mon.#3..: Temp: 36c Fan: 16% Core: 300MHz Mem: 300MHz Bus:0Hardware.Mon.#4..: Temp: 40c Fan: 16% Core: 300MHz Mem: 300MHz Bus:0Hardware.Mon.#5..: Temp: 37c Fan: 16% Core: 300MHz Mem: 300MHz Bus: Temp: 43c Fan: 16% Core: 300MHz Mem: 300MHz Bus:0Started: Sun Apr 14 22:15:36 2019Stopped: Sun Apr 14 23:13:59 2019

If you look closely, you will find that all passwords end in two digits.

Root@Hassium:/# results$1 $JrP2iymU$eYDr3NGC5oeC5KXzJ5sOS1:formula1 $1$ orXTfMnG$aEjNn4oiGnkfiShgrmQnL.:porter12 $1$ mL..oCwu$smQSyDwZ8rSp9lHMAfT0C.:selina23 $1 $/ Vz5N88k$VDbyNM8Wi2a8cyxoRn/Fw0:Carlos19 $1 $cfu8erpl$oZqC.eoJenwKCHTtpAh8B/:christian97 $1$ HXWAWpWX$D/aYEUMoYY0MbHAz9GeU10:Gerard92 $1 $p3nC5zRF$JJCUomPP/OW8eSKF3T9Wq.:christian97 $1$ vN.IdLhf$bgYb/A.BL3kQlVvw9F/uV1:Cristina89 $1 $XUESKy2m$2HSDdaa16bUMF.4uA4C1a1:daring98 $1$ YjpXADgu$SZpQEmQ4dsdMMZtQ0vgen0:fenix15 $1 $R1Rei8kR$8cv/GcdJLp6ju/pNjIsUR0:triplet09 $1 $7uWjhHle$V5S0g0RlNMqxwUNw4PeRy/:tennis00 $1 $R7Jo6E5t$8THfWXDbNyq1JYWHHNKRf/:alexito31 $1 $NWevu8U1 $MpsKwxPEhWltwI7GOP9qI0:toledo00 $1 $JAJl4tUI$Ir2DCRoPNFIeFgecgzAgy1:Mustang69root@Hassium:/# Rule-based attacks

Hashcat's rules engine coupled with its GPU cracking capabilities makes it superior to many other similar tools such as john the ripper.

The rule-based attack process is very simple. First we select a word dictionary as the "base point" of the attack, and then select a file that contains one or more rules. The program will use these rules to perform transformations on each word provided in the dictionary to enhance our attacks and maximize our chances of success.

So the rules basically change the words in the dictionary. The key idea behind the rule system is that, for example, you may have a file that contains the most commonly used English names.

[...] paulannejohnjanedavid [...]

Of course, these names can be used as passwords, but it is not common to use "david" directly as a password. People prefer to use the following passwords

[...] Paul12aNne9999daviDj0hn1 [...]

As you can see, attacks based on dictionaries and masks are not enough to crack these passwords based on our English dictionary. We can generate some kind of script to convert dictionaries to add those passwords or similar transformations, but this will be a very lengthy process.

Hashcat's rules engine can easily do this kind of work. The beginning of the "best64.rules" file that comes with hashcat is as follows

# nothing, reverse, case... Base stuff:ruT0## simple number append$0 $1 $2 $3 $4 $5 $6 $7 $8 $9 million # special number append$0 $0 $0 $1 $0 $0 $2 $1 $1 $1 $2

As you can see, a typical rule file contains one or more rules. Rules can perform different transformations on words, such as adding uppercase / lowercase letters, and so on.

The following table lists some rules and their meanings

Symbolic meaning: do nothing l convert all letters to lowercase c uppercase the rest t change the uppercase and lowercase of all letters in the word TN change the case of the nth letter in the word the lowercase C uppercase the rest u convert all letters to uppercase

We may want to add some symbols to the beginning or end of the word, and we can use these symbols.

Symbolic meaning $X add a character ^ X at the end of the word add a character before the word

A simple attack on the shado2 file using the best64 rule file and the English dictionary t is as follows

Hashcat-a 0-m 500 hashes1.txt dic_eng.txt-r rules\ best64.rule

The results are as follows

Hashcat64.bin-a 0-m 500 / hashes/shadow2 / dicts/dic_eng.txt-r / rules/best64.rulecat hashcat.potfileStarted: Tue Apr 16 02:47:06 2019 [2KStopped: Tue Apr 16 07:08:17 2019 $1 $JrP2iymU$eYDr3NGC5oeC5KXzJ5sOS1:formula1 $1$ orXTfMnG$aEjNn4oiGnkfiShgrmQnL.:porter12 $1 $u1b.Wvye$TVvT1Xnl7FeJY9kxyUB3J1:vaina$1 $7uWjhHle$V5S0g0RlNMqxwUNw4PeRy/:tennis00 $1 $NWevu8U1 $MpsKwxPEhWltwI7GOP9qI0:toledo00

As you can see, rule-based attacks can take a lot of time, depending on the rules and dictionaries you use. Our attack lasted more than six hours and cracked five passwords. Note that these passwords are diverse with uppercase and lowercase letters, ending numbers and simple English words.

Password setting recommendation

Use longer strings

Use larger character sets of letters, numbers, symbols

Do not use any characters that may be relevant to you as a password or part of a password

In addition, you can choose a long phrase that is easy to remember as the secret and use the password manager and two-factor authentication

The following chart is a supplement to my suggestion and is very useful

If I had more free time, I would keep this article updated, because hashcat is really an excellent program.

After reading this article, I believe you have a certain understanding of "how to use hashcat to crack passwords on multi-GPU systems". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.