Cracking passwords on the go over cloud cheaply

Hello friends! Often during penetration tests or CTFs or maybe just trying to break into someone’s WiFi, you must have came across a situation where you needed to crack hashes. And if your system does not have a good GPU, I am sure you must have desperately wished you had a powerful GPU that would crack the hash in moments. Even if you have a descent GPU, you need a cooling mechanism if you want to run it for long because the excessive heat generated may damage the GPU.

Did it ever occur to you if all of the cracking process could be handed over to cloud and you can just sit back and relax ?!

Yes! It’s indeed possible. And in fact at a way cheaper cost than you would possibly imagine.

For the purpose of this tutorial, we would be using Azure cloud. And if you are a student Microsoft Azure provides 100$ in credit. You can use these credits to get a virtual machine in cloud.

As you must be aware cracking hashes with use of GPU is way faster than with CPU. Azure provides VMs for various purposes. The N series VMs comes with Nvidia graphics card. They can be used to crack hashes on the go.

Now you must be wondering that buying a VM on cloud, that too one having GPU must have sky-high price. But you would be surprised after seeing the following price estimate. Note that although the monthly price of the machine is quite high, but we just need it for few hours till the password/hash gets cracked, so it’s quite affordable.

I have chosen the NC6 Promo instance in the azure price calculator. The price for 2 hours is just 0.95$. Not even a complete dollar. Amazing!!

Let’s go step by step how to setup VM in cloud from scratch and set everything up.

Firstly, you must either have the Azure credits as previously mentioned or add your Credit Card. Login with your Microsoft account here. https://portal.azure.com

After logging in goto Virtual Machines > Create a Virtual Machine.

You would be presented with various options for the VM configuration. In the resource group select a group if you have previously created already. And if not, then create a new one and choose it. Next, give your virtual machine a name you like. Choose a region you like or you can just keep the default. In the Image part, choose either Ubuntu 16.04 LTS or Ubuntu 18.04 LTS. In size select Standard NC6 PROMO.

You can either use password or choose to login with a key. Set the options accordingly. In management tab, turn off boot diagnostics. Leave the other options as it is and press Review + Create button.

It will take some time for the VM to be deployed. Get yourself a cup of coffee meanwhile and relax.

After the VM is deployed, login with SSH. Check Nvidia graphics card with the following command.

lspci | grep -i NVIDIA

Now we need to install CUDA drivers. Run the following commands in order to install them.

CUDA_REPO_PKG=cuda-repo-ubuntu1604_10.0.130-1_amd64.deb

wget -O /tmp/${CUDA_REPO_PKG} http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64/${CUDA_REPO_PKG} 

sudo dpkg -i /tmp/${CUDA_REPO_PKG}

sudo apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64/7fa2af80.pub 

rm -f /tmp/${CUDA_REPO_PKG}

sudo apt-get update

sudo apt-get install cuda-drivers

If you get an error in the apt-key command like the one show below, then simply remove the ‘s’ in https to make it http.

The installation will take some time. Once it’s finished reboot the machine with sudo reboot now command.

Reconnect to the VM once rebooted with ssh and type nvidia-smi to check whether the drivers are succesfully installed. If you get the output as follows, you are good to go.

Next, we need to install everyone’s favorite hash cracking tool hashcat. Use the following commands to get it and compile it.

git clone https://github.com/hashcat/hashcat.git

cd hashcat

make

When we perform the benchmark for WPA2 using ./hashcat –benchmark -m 2500, the cracking speed observed is 85765 H/s. Awesome!

Now we will try to crack the password of a cap file captured from a WiFi Access Point. Note that to crack password from cap file with hashcat, it should be converted to hccapx. You can do that here.

You would also need a wordlist to perform a dictionary attack. Download the rockyou.txt with this command.

wget https://www.scrapmaker.com/data/wordlists/dictionaries/rockyou.txt

Once the list is downloaded, you can pass following command to start cracking it. Replace file.hccapx with the name of your own hccapx file.

./hashcat -m 2500 file.hccapx rockyou.txt

The time estimated is seen to be nearly 3 mins. The whole of Rockyou.txt can be tested in just 3 minutes! Mindblowing!!!

And voilà !! In just over a minute we managed to crack the password.

If the password is not cracked by simply providing the rockyou.txt file, pass in rule as follows.

./hashcat -m 2500 hashcat.hccapx rockyou.txt -r rules/best64.rule

The best64 rule performs various combinations with the words in the file. With it, it would take around 4 hours which is still reasonable. The same command would have taken like a day on a average system. Another advantage is you can simply keep it running in the cloud and go do your tasks and come back to see later if it’s cracked.

In this way you can easily crack passwords on the go from anywhere easily. Happy cracking your hashes! 😀