Crazy Fast Password Recovery with Hashcat

I have been playing with Hashcat a little bit today and I am just stunned on how fast it is. Hashcat is an all purpose password cracker that can run off of your GPU or your CPU. The GPU version, OCLHashcat-plus is touted as the world’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker.

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords.

But just how fast is it?

I took just a simple password: “fred” and fed the NTLM password hash into Hashcat. I used just the slower CPU version and the Bruteforce option. The password was recovered as soon as I hit run:

It was so fast, the estimated and elapsed time didn’t even register.

You can also use password dictionaries to use as a guideline for Hashcat. For the next test, I downloaded the “RockYou.txt” password list. This is a list of actual passwords that have been sanitized (usernames removed). I pulled 4 random plain text passwords from RockYou and converted them to Windows NTLM passwords:

elizabeth1 – 6afd63afaebf74211010f02ba62a1b3e
francis123 – 43fccfa6bae3d14b26427c26d00410ef
duodinamico – 27c0555ea55ecfcdba01c022681dda3f
luphu4ever – 9439b142f202437a55f7c52f6fcf82d3

I placed the 4 password hashes into a file called hashes.txt, added in the RockYou plain text password list and fed them into Hashcat:

Hashcat recovered all five passwords in about the same amount of time it took to create the display screen, a second, maybe 2:

Remember that these are the NTLM hashes, not Window’s simpler LM hashes.

Add in the GPU version, advanced rules, attack methods, and Hybrid Masks and you really have a powerful tool to recover almost any password.

~ by D. Dieterle on December 30, 2011.

One Response to “Crazy Fast Password Recovery with Hashcat”

  1. Crazy fast indeed! What’s the speed for more complex passwords – El!zabeth1, say? (Accpeting that that particular one might be more susceptible to a hybrid masking attack)?
    Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: