Thursday, January 12, 2012

Using a GPU to hack(brute-force/dictionary)at a salted MD5 hash....

Ive been using john(JtR)for years and one week while my laptop fan was overblowing I thought: there must be a better way than cooking my CPU for a week,that GPU must be able to help so I jumped on the internets and found a few GPU based tools.

I tried hashgpu http://www.golubev.com/hashgpu.htm and hashcat http://hashcat.net/oclhashcat-plus/

I used the OpenCL version of Hashcat+ (there is a cdua version for nivdia cards but I have a ATI) to pick away at a salted MD5 hash.
A good wordlist is your best bet,even try and cewl candidate data for a wordlist before you resort to a bruteforce then you can run mp(on hashcat site too) to generate a brute force char stream to stdout

$mp64 -1 ?l?u?d ?1?1?1?1?1?1?1?1 #Lower,Upper,Digits for 8 chars

#pipe to hashcat (8 char Lower,Upper,Digits bruteforce...take a while)
$mp64 -1 ?l?u?d?s ?1?1?1?1?1?1?1?1 | oclHashcat-plus64 -m 500 hash.txt #dropped the rules mode 500 is md5 unix)

I ran a dictionary based attack on my hash with a ruleset that comes with Hashcat, then I use mp to generate 8 char passwords...and go to bed while it chews away on the hash....how good is this software...and its free

oclHashcat-plus64.exe -m 500 hash.txt example.dict -r rules/best.rule

here is my demo/screen shots....
http://www.youtube.com/watch?v=5LTs_mmne0Q