You got those pesky hashes after a while setting in the customer networks. But your laptop GPU is not good enough to crack them in reasonable time? If so read further as this will be a quick reference on how to step by step start cracking hashes in the cloud using P2 powerful AWS instances from your console.
Disclamer:Remember to check your ROE or NDA whether there is an information if you can exfiltrate customer password hashes to external entities like AWS Cloud. If not sure ask…
First things first. What do we need?
- AWS Account – if you don’t have one – create one for free. Add your or your company Credit Card details.
- Few $$$ depends on how long you want to use your cloud instance, or how big budget of your project you will want to spend on it. Will use P2 instances below their current price model as of today 1/29/2020
Launching P2 Instance
- Sign in to AWS account
- Services > Compute > EC2
- “Launch Instance”
- Type ubuntu in search box and scroll down to “Ubuntu Server 18.04 LTS (HVM), SSD Volume Type – ami-02df9ea15c1778c9c (64-bit x86) / ami-07a3c7461cc82f8ff (64-bit Arm) ” > Select (64 bit (x86)
- Scroll down to “p2.XXXXX” > “Review and Launch”
- “Create a new key pair” > you will need to SSH to your box and download
- Acknowledge you got the key pair and “Launch Instances”
- Click View Instances
Login to your box
After a while you will see that you have your instance state running. You can login and start configuring
$ chmod 400 yourdownloaded_key_pair.pem $ ssh -i yourdownloaded_key_pair.pem ubuntu@DNS_OF_YOUR_INSTANCE
Get necessary packages
$ sudo apt-get update && sudo apt-get install -y build-essential linux-source linux-headers-$(uname -r) p7zip-full linux-image-extra-virtual
Disable Nouveau driver
Since we will use Nvidia drivers we need to disable Nouveau kernel driver.
$ echo "blacklist nouveau blacklist lbm-nouveau options nouveau modeset=0 alias nouveau off alias lbm-nouveau off" | sudo tee -a /etc/modprobe.d/blacklist-nouveau.conf >/dev/null $ echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf >/dev/null $ sudo update-initramfs -u
Get Nvidia driver
For latest drivers check here: http://download.nvidia.com/XFree86/Linux-x86_64/latest.txt
$ wget http://us.download.nvidia.com/XFree86/Linux-x86_64/440.44/NVIDIA-Linux-x86_64-440.44.run $ chmod +x NVIDIA-Linux-x86_64-440.44.run $ sudo ./NVIDIA-Linux-x86_64-440.44.run --ui=none --no-questions --silent -X $ sudo reboot
Check driver is working after reboot
$ sudo nvidia-smi
Get Hashcat and unzip
$ wget https://hashcat.net/files/hashcat-184.108.40.206z $ 7za x hashcat-220.127.116.11z
Check hashcat if it see your GPU
$ cd hashcat-5.1.0 $ sudo ./hashcat64.bin -I
$ sudo ./hashcat64.bin -b
Download or upload your wordlists
$ wget https://github.com/danielmiessler/SecLists/raw/601038eb4ea18c97177b43a757286d3c8a815db8/Passwords/merged.txt.tar.gz $ tar xf merged.txt.tar.gz
Upload or paste in your hashes
$ scp -i yourdownloaded_key_pair.pem hashes.txt ubuntu@DNS_OF_YOUR_INSTANCE:~/hashcat/
Start cracking your hashes depends on your needs…
$ sudo ./hashcat64.bin -w 3 -m 500 -o cracked.txt hashes.txt merged.txt -r ./rules/best64.rule
I hope you find it useful on how to start cracking hashes from the cloud when you are out of fast GPUs and want to get jobs done.
Stopping problem – vCPU capacity limits
Depends on your subscription plan and its history you might get above message while starting p2 instance
Got to your EC2 dashboard -> Limits -> Calculate vCPU limit
then select your instance type you wish to run for example: p2.8xlarge. For that case I needed new limit of 32 vCPUs
After that hit: Request limit increase you will be taken to support center to fill up case (ticket).
Pick your region, select Primary instance type (for us All P instances) and fill new value limit you had calculated in previous step (example 32 vCPUs). In “case description” field write why you need it, For me description: “cracking hashes” was good enough.
Wait for response from support, it didn’t took long them long. For me it was around 30 minutes and I could start instance. But all that depends on your AWS account history, for new account they might propose you a lower values of vCPU’s “for start”