p3.16xlarge instance offers decent hardware for cracking hashes. This blog post is a cheat sheet for configuring an instance and start cracking hashes in no time. The
p3.16xlarge instance type isn't available in the instance type list by default, and a support ticket has to be raised to get it enabled for your account ( Probably because it is expensive - 25$/Hour). In my case it only took a few hours to get it enabled.
Turn on the instance and type in the following commands :
sudo apt-get update && sudo apt-get install -y build-essential linux-headers-$(uname -r) p7zip-full linux-image-extra-virtual
This will update everything and install the required packages. Then edit the
/etc/modprobe.d/blacklist-nouveau.conf file and add the following:
blacklist nouveau blacklist lbm-nouveau options nouveau modeset=0 alias nouveau off alias lbm-nouveau off
Then run the following commands
echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf sudo update-initramfs -u sudo reboot
Now all that's left is to download the NVIDIA Drivers and Hashcat.
To install the drivers download the latest version from the NVIDIA website.
wget http://us.download.nvidia.com/tesla/410.104/NVIDIA-Linux-x86_64-410.104.run sudo /bin/bash NVIDIA-Linux-x86_64-410.104.run
To Download Hashcat download the latest version of hashcat
wget https://hashcat.net/files/hashcat-22.214.171.124z 7za x hashcat-126.96.36.199z
You can run Hashcat using
sudo ./hashcat64.bin --args --here
Modes of attacks
There are several approaches to cracking hashes. Given a hash we can either check it against a list of passwords ( word list) or try to brute force all the characters ( Doesn't work well with very long and complex passwords) or Have some modifications done on the existing word list, for example append
123 after every entry in out word list.I will write a separate post on the above mentioned attacks.
Cracking NTLM Hashes
sudo ./hashcat64.bin -m 5500 hash.lst
Cracking NTLM v2 Hashes
sudo ./hashcat64.bin -m 5600 hash.lst
Cracking Kerberos hashes
sudo ./hashcat64.bin -m 13100 hash.lst
Useful word-lists and Framework: