I am trying to crack users’ passwords on Linux using hashcat-nvidia on Ubuntu. This is easy to set up. Install Hashcat.
(base) ┌─jason-Lenovo-H50-55@jason⬎ └─◉ 5.1-~-09:05-⚫ ◉--[$] ☕ sudo apt install hashcat-nvidia |
Then download some password lists. There are a few here.
https://github.com/danielmiessler/SecLists/tree/master/Passwords These are standard text files.
To crack a password, put the hash in a text file. It should look like this.
$6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn. |
Then run the hashcat program as in the example below.
This does not take very long at all.
(base) ┌─jason-Lenovo-H50-55@jason⬎ └─◉ 5.1-~/Documents-10:28-⚫ ◉--[$] ☕ hashcat -m 1800 -o output.txt hash.txt xato-net-10-million-passwords-1000000.txt hashcat (v6.2.5) starting Successfully initialized NVIDIA CUDA library. Failed to initialize NVIDIA RTC library. * Device #1: CUDA SDK Toolkit not installed or incorrectly installed. CUDA SDK Toolkit required for proper device support and utilization. Falling back to OpenCL runtime. * Device #1: WARNING! Kernel exec timeout is not disabled. This may cause "CL_OUT_OF_RESOURCES" or related errors. To disable the timeout, see: https://hashcat.net/q/timeoutpatch OpenCL API (OpenCL 3.0 CUDA 11.6.134) - Platform #1 [NVIDIA Corporation] ======================================================================== * Device #1: NVIDIA GeForce GTX 1050, 1600/1992 MB (498 MB allocatable), 5MCU Minimum password length supported by kernel: 0 Maximum password length supported by kernel: 256 Hashes: 1 digests; 1 unique digests, 1 unique salts Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates Rules: 1 Optimizers applied: * Zero-Byte * Single-Hash * Single-Salt * Uses-64-Bit ATTENTION! Pure (unoptimized) backend kernels selected. Pure kernels can crack longer passwords, but drastically reduce performance. If you want to switch to optimized kernels, append -O to your commandline. See the above message to find out about the exact limits. Watchdog: Temperature abort trigger set to 90c Host memory required for this attack: 82 MB Dictionary cache hit: * Filename..: xato-net-10-million-passwords-1000000.txt * Passwords.: 1000000 * Bytes.....: 8557632 * Keyspace..: 1000000 Session..........: hashcat Status...........: Cracked Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix)) Hash.Target......: $6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye...p0wqn. Time.Started.....: Mon Jan 30 10:28:46 2023 (0 secs) Time.Estimated...: Mon Jan 30 10:28:46 2023 (0 secs) Kernel.Feature...: Pure Kernel Guess.Base.......: File (xato-net-10-million-passwords-1000000.txt) Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 12193 H/s (8.23ms) @ Accel:64 Loops:256 Thr:32 Vec:1 Recovered........: 1/1 (100.00%) Digests Progress.........: 2048/1000000 (0.20%) Rejected.........: 0/2048 (0.00%) Restore.Point....: 0/1000000 (0.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:4864-5000 Candidate.Engine.: Device Generator Candidates.#1....: 123456 -> frosty Hardware.Mon.#1..: Temp: 39c Fan: 65% Util: 95% Core:1683MHz Mem:3504MHz Bus:4 Started: Mon Jan 30 10:28:45 2023 Stopped: Mon Jan 30 10:28:48 2023 |
Then I was able to get this old password hash cracked easily.
(base) ┌─jason-Lenovo-H50-55@jason⬎ └─◉ 5.1-~/Documents-10:28-⚫ ◉--[$] ☕ cat output.txt $6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.:password |
But this is an old password hash using SHA512. Modern password hashes for a Linux machine use Yescrypt. This can not be cracked with hashcat yet. John the Ripper can crack yescrypt password hashes though, this is very effective to use on more modern passwords. Below I have made a copy of the /etc/shadow file and I am running John the Ripper against it to see if I can crack the passwords in the yescrypt hashes.
(base) ┌─jason-Lenovo-H50-55@jason⬎ └─◉ 5.1-~/Documents-11:13-⚫ ◉--[$] ☕ john shadow --format=crypt -wordlist:xato-net-10-million-passwords-1000000.txt Loaded 6 password hashes with 6 different salts (crypt, generic crypt(3) [?/64]) Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status |
Press s while it is running to check the status of the current cracking job(s).
(base) ┌─jason-Lenovo-H50-55@jason⬎ └─◉ 5.1-~/Documents-11:13-⚫ ◉--[$] ☕ john shadow --format=crypt -wordlist:xato-net-10-million-passwords-1000000.txt Loaded 6 password hashes with 6 different salts (crypt, generic crypt(3) [?/64]) Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:09:07 2% 0g/s 45.43p/s 273.1c/s 273.1C/s 2605..200684 0g 0:00:12:09 3% 0g/s 45.93p/s 276.2c/s 276.2C/s me1234..jesu 0g 0:01:39:31 26% 0g/s 47.02p/s 282.1c/s 282.1C/s mottier1..mortos 0g 0:01:48:00 28% 0g/s 47.04p/s 282.2c/s 282.2C/s fornix..ford1993 |
This will show how far along the cracking process is and what word range it is up to in the wordlist, this process can take a very long time, so be patient.