Cisco Blogs


Cisco Blog > Cisco Interaction Network

Cracking Your Passwords With My Video Card.

There a few milestones in my life that I can look back on and know that I have turned a corner. For example;
- When I could no longer recognize the names in the Police Blotter section of the paper; I knew I was older. Although I still see familiar faces on COPS. It’s always good to stay in touch.
- When I could actually taste a difference between good beer and Pabst Blue Ribbon, I knew I could lie to myself better.
- When I heard of CUDA and immediately thought of Compute Unified Device Architecture instead of a bad to bone MOPAR with a Hemi; I knew I crossed into the valley of geek.

CUDA was invented way back in the day by NVIDIA as a way to let the video card process other stuff (in parallel) instead of just video. This is NOT a hack but an actual design framework. NVIDIA has a great site for folks interested in coding with CUDA at: http://www.nvidia.com/object/cuda_home.html This is great news because the support, forums, troubleshooting tools are outstanding! Not every NVIDIA card supports the CUDATM proc so double check with this site to be sure.

I wanted to take CUDA 5 (the latest version as of Oct 2013) out for a test drive so I went out to download the software development kit (SDK) thinking I was going to have to bite the bullet and learn sucky OpenGL or worse…<gulp> DirectX to get this work. Much to my MEGA surprise, CUDA actually uses C for parallel development!! Yee Haa!! I’ll be drinkin’ early tonight! I love writing in C because it is low level enough that I can control how the processor handles the code and it’s easier to spell then other languages. If you’ve been reading my blog for a while, you know the importance I place on grammar… After I read the SDK manual and found out that between the memory and grid/thread dimensions is a parameter called: Warp Size…Warp Size… I. Am. Home.  Warp is cool in both Star Trek and CUDA because it’s a way of grouping threads into blocks, then into grids. This gives us EXCELLENT control of hardware resources.  

Of course on NVIDIA’s site they talk about the great uses for CUDA in industrial, science, medical, saving whales and helping Robb match his shoes to his socks according to mood , geographic biorhythm and astral plane aura mapping.. . Hey that’s all well and good but I am using it to crack passwords baby!! Namely MD5 passwords, why? Because databases and WPAv2 can suck it!!  I played around with this for a while on some custom code I wrote up and noticed about a 10-15% calculation performance increase, not bad. Then I used BarsWF http://3.14.by/en/md5 code (it went open source back in Nov 2010) and wholly smokes I noticed a mega honkin’ increase in password cracking speed for sure. Matter of fact that is the fastest MD5 cracker I have EVER used. Plus it reminds me that I am as good at writing code as a Flowbee is to giving you that Madison Avenue haircut.  Although, I’m just starting to fart around with oclHashCat-Plus and it looks VERY promising!! http://hashcat.net/oclhashcat-plus/  yeah…very promising.  Relaxed and groovy for sure right! Come on! can I get a witness! This is your video code daddy-o!!!

 Back in the day, to get a poor mans type of grid processing muscle I used John the Ripper with the -d distributed switch to run multiple instances on multiple machines but scalability and tolerance of Robb to approve my expense reports wore thin. Although I did build a 120 node Raspberry Pi shade tree super computer which I’ll write about later on…

CUDA is a game changer and allows me a ton of options on a single machine. I added a few CUDA tools to my own home grown ISO like BarsWF, Pyrit, oclHashCat for wireless and Vernoux.

Then my fav canned security ISO; Backtrack  http://www.offensive-security.com/ is released with a few applications that support CUDA! I had to check that out for sure! Lucky for me that the folks at Offensive Security also had a CUDA config guide to walk me thru their CUDA implementation

http://www.backtrack-linux.org/wiki/index.php/CUDA_On_BackTrack

I still need to actually config BT5 to run the CUDA code. So I just followed the guide to build out the framework and it worked great without a hitch. No need to bore you with details you can read in the friggen sweet guide. It’s the results that make the difference here. I fired up CUDA-Multiforcer with the command:

/CUDA-Multiforcer-32 -h MD5 -c ./charsets/charsetnumeric -f ./test_hash_files/hashes-md5-numeric.txt --min=0 --max=500

I listed out this command not to show my CLI skills but to point one the most important arguments. The --min --max argument dedicates systems resources. If you plan on using your CUDA machine for other stuff like gaming, surfing and work stuff, lower the max number accordingly. It’s different for every machine. For my 8600 card, 500 is dedicating max resources. I use 10 for everything else except gaming and truthfully with the demand gaming tugs on a video card I do not game (on that machine) when CUDA is Crackin’. With 1500+ hashes, the tables from BOINC at http://www.freerainbowtables.com I busted thru and recovered the passwords with 96% accuracy in seconds. Impressive! Not as fast as BarsWF but not by much for sure.

You do not have to be a coder to take advantage of CUDA. There are some great canned applications already that will give you immediate success and change the way you look at password cracking.

Jimmy Ray Purser

Trivia File Transfer Protocol
The first document computer password “hack” was in 1962 by Dr. Allan Scherr.  He was looking for more computer time to run his simulations, so he submitted a request to print all passwords via punch card and just enjoyed the access!

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments.


  1. October 17, 2013 at 7:27 am

    I’ve been running hashcat to try and recover an MD5 where I have the hash from one 3750 and that user is the only account on another production 3750 I can’t easily password reset. I’m running it slow because of the heat here in Florida, but it’s taking a while. Either their password is very complex or I’m not hitting the right options/character set.

    I wasn’t aware of the BOINC rainbow tables, thanks for that! I use BOINC or FAH in the winter to keep rooms warm on cooler days since we have electric heat anyway :)

    NOTE: I’ve had sustained computation cause the heatsink compound to dry out/crack and actually separate the heatsink from the CPU/GPU if it was put on too thick.

       0 likes