SlideShare uma empresa Scribd logo

GPU Cracking - On the Cheap

NetSPI
NetSPI
Tecnologia
1 de 44
GPU Cracking - On the Cheap Karl Fosaaen Eric Gruber
Introductions • Who are we? ‒Karl Fosaaen ‒Eric Gruber • What do we do? ‒Pen Test ‒Crack Passwords ‒Blog
GPU Cracking on the Cheap • Defining Terms ‒Science Project ‒GPU ‒Bitcoin ‒Hashes
GPU Cracking on the Cheap •Hashes ‒ Password123 = 58A478135A93AC3BF058A5EA0E8FDB71 ‒ Password1234 = 8C3EFC486704D2EE71EEBE71AF14D86C 58A478135A93AC3BF058A5EA0E8FDB71 ≠ 8C3EFC486704D2EE71EEBE71AF14D86C
GPU Cracking on the Cheap • Overview ‒Why do we want to GPU crack ‒Ideal Setup ‒Hardware Selection ‒Construction ‒Operating System ‒Methodology
GPU Cracking on the Cheap • Why do we want to crack? ‒Pen Testing ‒Password Auditing •Why do we want to use GPUs? ‒CPU versus GPU ‒Trade Offs ‒The Cloud?
Performance: Brute Force (6 Characters) 0 100 200 300 400 500 600 Minutes for Six Character Brute Force CPU GPU
Performance: Brute Force (6 Characters)
Performance • Brute Force Power (8 Characters) Hash Type Speed NetNTLMv2 1,877.8 MH/s SHA1 9,515.4 MH/s descrypt 11,060.1 kH/s MD5 19,834.3 MH/s NTLM 32,930.2 MH/s
GPU Cracking: The Ideal Set Up • The Ideal Set Up ‒ If Money is no object
GPU Cracking: The Ideal • Buy one of these ‒ Case, Motherboard, and Power ($3,599.99) • TYAN B7015F72V2R ‒ Case, Motherboard, and Power ($ 4,649.99) • Tyan FT77AB7059 (B7059F77AV6R-2T)
GPU Cracking: The Practical Option • But I’m more like this shadow guy…
GPU Cracking: Building the Rig Our Current Set Up
GPU Cracking: Building the Rig
GPU Cracking: The Hardware • GPU Selection ‒ What do we want? • Reference card versus non-reference • Stream Processors • Card Cores • Processor Speed • Overclocking • AMD versus NVIDIA • Crossfire and SLI – Doesn’t matter here • These are the Most Important Part of the Rig ‒ So spend some money
GPU Cracking: The Hardware • 7970 Option ‒ MSI Radeon HD 7970 Twin Frozr ($529.99*) • Core Clock: 1000MHz • Stream Processors: 2048 Stream Processors • Memory Size: 3GB GDDR5 • 7950 Option ‒ XFX Double D Radeon HD 7950 ($419.99*) • Core Clock: 925MHz • Stream Processors: 1792 Stream Processors • Memory Size: 3GB GDDR5 *Newegg prices as of February 2014
GPU Cracking: The Hardware • Motherboard ‒What to look for • PCI Express slots • 16x versus 1x • Power to the board • Some have additional power for cards • Onboard power switch • Handy for open air cases
GPU Cracking: The Hardware • Motherboard ‒ ASRock H81 Pro BTC ($130-190*) *Amazon price variance during January 2014
GPU Cracking: The Hardware • Risers ‒ Ribbon cable versus USB 3 ‒ Preferred: USB 3 risers • The ribbons are not as reliable
GPU Cracking: The Hardware •Power for the cards
GPU Cracking: The Hardware • Power Supply ‒ 1500W is ideal for a couple of cards ‒ Could probably get closer to 1000W • Just not recommended, or get two ‒ Modular is the easiest to manage
GPU Cracking: The Hardware • Other Hardware Selection ‒ Processor • A reasonably powered Intel (i3,i5,i7) ‒ Hard Drive • SSD for OS • Non-SSD for cold storage (Dictionaries, etc.) ‒ RAM • What ever you can afford to put in • These can all be relatively generic
GPU Cracking: The Case • Case ‒ This can be pretty open ended ‒ Start with server rack shelving ‒ Check out your local hardware store • Wire shelving cubes • Aluminum Rails ‒ Zip ties, bailing wire, bits of string
GPU Cracking: The Case •Case, case, no case
GPU Cracking: Airflow
GPU Cracking: Building the Rig • Plan everything out!
GPU Cracking: Building the Rig • The Initial End Result
GPU Cracking: Building the Rig • Another Angle
GPU Cracking: Building the Rig The Current Set Up
GPU Cracking: Building the Rig
GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
GPU Cracking: Software Side • Operating System • Cracking Software
Essentially comes down to this
Driver support • Windows support is generally good for both AMD and Nvidia • Linux support is getting better • Both are good options, unless you’re Linus…
Server Setup • Windows and Linux work very well for server setups • Both can be setup as a headless server • We prefer Linux ‒ Easy to manage ‒ Lightweight ‒ Free
Cracking Software • We want something free ‒ John ‒ oclHashcat • John/oclHashcat support GPU cracking with CUDA/OpenCL • We use oclHashcat ‒ Frequently updated ‒ Best performance ‒ Supports large number of hash types
Methodology • Wielding the power responsibly ‒ Brute force isn’t always the best option
Methodology • Dictionary Attacks ‒ Add in some mangling rules • Leet Speak • Password => P@$$vv0rd • Append Numbers • Password => Password2014 ‒ Double up on dictionaries • PasswordPassword ‒ Sources • Wikipedia • Urban Dictionary • Alexa Domain Lists • Crackstation, SkullSecurity, etc.
Methodology • Masking Attacks ‒ Commonly Used Patterns ‒ Netspi1234 = ?u?l?l?l?l?l?d?d?d?d • One Upper • Five Lower • Four Digits • Ten characters total, meets complexity ‒ Easy to generate • Based off of previous cracks, leaks, etc.
Demo
Conclusions • It can be done • It’s not that expensive • Learn from our mistakes
Questions Questions? Karl Fosaaen (@kfosaaen) Eric Gruber (@egru) http://www.netspi.com/blog
Questions Thanks! Karl Fosaaen (@kfosaaen) Eric Gruber (@egru)

Recomendados

Autodesk EAGLE and OSH Park
Autodesk EAGLE and OSH ParkAutodesk EAGLE and OSH Park
Autodesk EAGLE and OSH Park
Drew Fustini
 
Automating everything with PowerShell, Terraform, and AWS
Automating everything with PowerShell, Terraform, and AWSAutomating everything with PowerShell, Terraform, and AWS
Automating everything with PowerShell, Terraform, and AWS
Chris Brown
 
StackiFest16: Building a Cart
StackiFest16: Building a CartStackiFest16: Building a Cart
StackiFest16: Building a Cart
StackIQ
 
StackiFest16: Building a Cluster with Stacki - Greg Bruno
StackiFest16: Building a Cluster with Stacki - Greg BrunoStackiFest16: Building a Cluster with Stacki - Greg Bruno
StackiFest16: Building a Cluster with Stacki - Greg Bruno
StackIQ
 
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
DataStax Academy
 
The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?
OVHcloud
 
The latest developments from OVHcloud’s bare metal ranges
The latest developments from OVHcloud’s bare metal rangesThe latest developments from OVHcloud’s bare metal ranges
The latest developments from OVHcloud’s bare metal ranges
OVHcloud
 
Luci, ricci and the rac bc
Luci, ricci and the rac bcLuci, ricci and the rac bc
Luci, ricci and the rac bc
fauzg
 

Recomendados

Autodesk EAGLE and OSH Park
Autodesk EAGLE and OSH ParkAutodesk EAGLE and OSH Park
Autodesk EAGLE and OSH Park
Drew Fustini
 
Automating everything with PowerShell, Terraform, and AWS
Automating everything with PowerShell, Terraform, and AWSAutomating everything with PowerShell, Terraform, and AWS
Automating everything with PowerShell, Terraform, and AWS
Chris Brown
 
StackiFest16: Building a Cart
StackiFest16: Building a CartStackiFest16: Building a Cart
StackiFest16: Building a Cart
StackIQ
 
StackiFest16: Building a Cluster with Stacki - Greg Bruno
StackiFest16: Building a Cluster with Stacki - Greg BrunoStackiFest16: Building a Cluster with Stacki - Greg Bruno
StackiFest16: Building a Cluster with Stacki - Greg Bruno
StackIQ
 
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
Cassandra Day Chicago 2015: DataStax Enterprise & Apache Cassandra Hardware B...
DataStax Academy
 
The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?
OVHcloud
 
The latest developments from OVHcloud’s bare metal ranges
The latest developments from OVHcloud’s bare metal rangesThe latest developments from OVHcloud’s bare metal ranges
The latest developments from OVHcloud’s bare metal ranges
OVHcloud
 
Luci, ricci and the rac bc
Luci, ricci and the rac bcLuci, ricci and the rac bc
Luci, ricci and the rac bc
fauzg
 
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Community
 
Hostingultraso com (1)
Hostingultraso com (1)Hostingultraso com (1)
Hostingultraso com (1)
ayan Maity
 
Overclocking & Economy
Overclocking & EconomyOverclocking & Economy
Overclocking & Economy
Asad Salihi
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017
Fernando Barrientos
 
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph clusterCeph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Community
 
MySQL Head-to-Head
MySQL Head-to-HeadMySQL Head-to-Head
MySQL Head-to-Head
Patrick McGarry
 
Managing server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password managerManaging server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password manager
Ignat Korchagin
 
ceph-barcelona-v-1.2
ceph-barcelona-v-1.2ceph-barcelona-v-1.2
ceph-barcelona-v-1.2
Ranga Swami Reddy Muthumula
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_ceph
Alex Lau
 
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Kristofferson A
 
Overclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit HoleOverclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit Hole
HWBOT
 
Ironic
IronicIronic
Ironic
Haomeng Wang
 
NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality
Nebraska Library Commission
 
The Database Sizing Workflow
The Database Sizing WorkflowThe Database Sizing Workflow
The Database Sizing Workflow
Kristofferson A
 
Build your own computer!
Build your own computer!Build your own computer!
Build your own computer!
Martin LaGrow
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
jtmccollum
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
jtmccollum
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and Defense
Seth Law
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 

Mais conteúdo relacionado

Mais procurados

Overclocking & Economy
Overclocking & EconomyOverclocking & Economy
Overclocking & Economy
Asad Salihi
 
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Kristofferson A
 
NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality
Nebraska Library Commission
 
The Database Sizing Workflow
The Database Sizing WorkflowThe Database Sizing Workflow
The Database Sizing Workflow
Kristofferson A
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
jtmccollum
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
jtmccollum
 

Mais procurados (17)

Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
Ceph Day Taipei - Delivering cost-effective, high performance, Ceph cluster
 
Hostingultraso com (1)
Hostingultraso com (1)Hostingultraso com (1)
Hostingultraso com (1)
 
Overclocking & Economy
Overclocking & EconomyOverclocking & Economy
Overclocking & Economy
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017
 
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph clusterCeph Day KL - Delivering cost-effective, high performance Ceph cluster
Ceph Day KL - Delivering cost-effective, high performance Ceph cluster
 
MySQL Head-to-Head
MySQL Head-to-HeadMySQL Head-to-Head
MySQL Head-to-Head
 
Managing server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password managerManaging server secrets at scale with SaltStack and a vaultless password manager
Managing server secrets at scale with SaltStack and a vaultless password manager
 
ceph-barcelona-v-1.2
ceph-barcelona-v-1.2ceph-barcelona-v-1.2
ceph-barcelona-v-1.2
 
Performance analysis with_ceph
Performance analysis with_cephPerformance analysis with_ceph
Performance analysis with_ceph
 
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
Oracle Closed World 2010: Graphing the AAS ala EM + doing some cool linear re...
 
Overclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit HoleOverclocking | Going Down the Rabbit Hole
Overclocking | Going Down the Rabbit Hole
 
Ironic
IronicIronic
Ironic
 
NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality NCompass Live: Let's Get Real About Virtual Reality
NCompass Live: Let's Get Real About Virtual Reality
 
The Database Sizing Workflow
The Database Sizing WorkflowThe Database Sizing Workflow
The Database Sizing Workflow
 
Build your own computer!
Build your own computer!Build your own computer!
Build your own computer!
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
 
The steps to building a computer
The steps to building a computerThe steps to building a computer
The steps to building a computer
 

Destaque

All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
NetSPI
 

Destaque (14)

All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
CactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and DefenseCactusCon - Practical iOS App Attack and Defense
CactusCon - Practical iOS App Attack and Defense
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 

Semelhante a GPU Cracking - On the Cheap

GPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holdsGPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holds
Arnon Shimoni
 
Building a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and AcademicsBuilding a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and Academics
JoshLefebvre1
 
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Ontico
 
Guide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PCGuide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PC
Memory4 less
 
Building an ethereum miner workshop
Building an ethereum miner workshopBuilding an ethereum miner workshop
Building an ethereum miner workshop
Jose Hernandez
 
Best laptop values
Best laptop valuesBest laptop values
Best laptop values
Dennis Tan
 
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Software
 
introduction to computer hardware
introduction to computer hardware introduction to computer hardware
introduction to computer hardware
Bikramjeet Sidhu
 

Semelhante a GPU Cracking - On the Cheap (20)

Creating desktop for gaming
Creating desktop for gamingCreating desktop for gaming
Creating desktop for gaming
 
GPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holdsGPU databases - How to use them and what the future holds
GPU databases - How to use them and what the future holds
 
Building a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and AcademicsBuilding a PC Optimized for Gaming and Academics
Building a PC Optimized for Gaming and Academics
 
How to build a gaming computer
How to build a gaming computerHow to build a gaming computer
How to build a gaming computer
 
AMD processors
AMD processorsAMD processors
AMD processors
 
5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 Review5 Best Motherboards for Intel Core i7 6700k in 2023 Review
5 Best Motherboards for Intel Core i7 6700k in 2023 Review
 
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
Как построить видеоплатформу на 200 Гбитс / Ольховченков Вячеслав (Integros)
 
Guide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PCGuide to Build A High-Performance Custom Gaming PC
Guide to Build A High-Performance Custom Gaming PC
 
Servers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - ThailandServers Technologies and Enterprise Data Center Trends 2014 - Thailand
Servers Technologies and Enterprise Data Center Trends 2014 - Thailand
 
Presentation database on flash
Presentation database on flashPresentation database on flash
Presentation database on flash
 
The 2008 Pc Builders Bible
The 2008 Pc Builders BibleThe 2008 Pc Builders Bible
The 2008 Pc Builders Bible
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysis
 
Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis
 
Building an ethereum miner workshop
Building an ethereum miner workshopBuilding an ethereum miner workshop
Building an ethereum miner workshop
 
Power Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbookPower Saturday 2019 B6 - SQL Server installation cookbook
Power Saturday 2019 B6 - SQL Server installation cookbook
 
Best laptop values
Best laptop valuesBest laptop values
Best laptop values
 
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
Umbra Ignite 2015: Graham Wihlidal – Adapting a technology stream to ever-evo...
 
Emulating With JavaScript
Emulating With JavaScriptEmulating With JavaScript
Emulating With JavaScript
 
introduction to computer hardware
introduction to computer hardware introduction to computer hardware
introduction to computer hardware
 
A way to visual the best storage media for an application
A way to visual the best storage media for an applicationA way to visual the best storage media for an application
A way to visual the best storage media for an application
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

GPU Cracking - On the Cheap

  • 1. GPU Cracking - On the Cheap Karl Fosaaen Eric Gruber
  • 2. Introductions • Who are we? ‒Karl Fosaaen ‒Eric Gruber • What do we do? ‒Pen Test ‒Crack Passwords ‒Blog
  • 3. GPU Cracking on the Cheap • Defining Terms ‒Science Project ‒GPU ‒Bitcoin ‒Hashes
  • 4. GPU Cracking on the Cheap •Hashes ‒ Password123 = 58A478135A93AC3BF058A5EA0E8FDB71 ‒ Password1234 = 8C3EFC486704D2EE71EEBE71AF14D86C 58A478135A93AC3BF058A5EA0E8FDB71 ≠ 8C3EFC486704D2EE71EEBE71AF14D86C
  • 5. GPU Cracking on the Cheap • Overview ‒Why do we want to GPU crack ‒Ideal Setup ‒Hardware Selection ‒Construction ‒Operating System ‒Methodology
  • 6. GPU Cracking on the Cheap • Why do we want to crack? ‒Pen Testing ‒Password Auditing •Why do we want to use GPUs? ‒CPU versus GPU ‒Trade Offs ‒The Cloud?
  • 7. Performance: Brute Force (6 Characters) 0 100 200 300 400 500 600 Minutes for Six Character Brute Force CPU GPU
  • 8. Performance: Brute Force (6 Characters)
  • 9. Performance • Brute Force Power (8 Characters) Hash Type Speed NetNTLMv2 1,877.8 MH/s SHA1 9,515.4 MH/s descrypt 11,060.1 kH/s MD5 19,834.3 MH/s NTLM 32,930.2 MH/s
  • 10. GPU Cracking: The Ideal Set Up • The Ideal Set Up ‒ If Money is no object
  • 11. GPU Cracking: The Ideal • Buy one of these ‒ Case, Motherboard, and Power ($3,599.99) • TYAN B7015F72V2R ‒ Case, Motherboard, and Power ($ 4,649.99) • Tyan FT77AB7059 (B7059F77AV6R-2T)
  • 12. GPU Cracking: The Practical Option • But I’m more like this shadow guy…
  • 13. GPU Cracking: Building the Rig Our Current Set Up
  • 15. GPU Cracking: The Hardware • GPU Selection ‒ What do we want? • Reference card versus non-reference • Stream Processors • Card Cores • Processor Speed • Overclocking • AMD versus NVIDIA • Crossfire and SLI – Doesn’t matter here • These are the Most Important Part of the Rig ‒ So spend some money
  • 16. GPU Cracking: The Hardware • 7970 Option ‒ MSI Radeon HD 7970 Twin Frozr ($529.99*) • Core Clock: 1000MHz • Stream Processors: 2048 Stream Processors • Memory Size: 3GB GDDR5 • 7950 Option ‒ XFX Double D Radeon HD 7950 ($419.99*) • Core Clock: 925MHz • Stream Processors: 1792 Stream Processors • Memory Size: 3GB GDDR5 *Newegg prices as of February 2014
  • 17. GPU Cracking: The Hardware • Motherboard ‒What to look for • PCI Express slots • 16x versus 1x • Power to the board • Some have additional power for cards • Onboard power switch • Handy for open air cases
  • 18. GPU Cracking: The Hardware • Motherboard ‒ ASRock H81 Pro BTC ($130-190*) *Amazon price variance during January 2014
  • 19. GPU Cracking: The Hardware • Risers ‒ Ribbon cable versus USB 3 ‒ Preferred: USB 3 risers • The ribbons are not as reliable
  • 20. GPU Cracking: The Hardware •Power for the cards
  • 21. GPU Cracking: The Hardware • Power Supply ‒ 1500W is ideal for a couple of cards ‒ Could probably get closer to 1000W • Just not recommended, or get two ‒ Modular is the easiest to manage
  • 22. GPU Cracking: The Hardware • Other Hardware Selection ‒ Processor • A reasonably powered Intel (i3,i5,i7) ‒ Hard Drive • SSD for OS • Non-SSD for cold storage (Dictionaries, etc.) ‒ RAM • What ever you can afford to put in • These can all be relatively generic
  • 23. GPU Cracking: The Case • Case ‒ This can be pretty open ended ‒ Start with server rack shelving ‒ Check out your local hardware store • Wire shelving cubes • Aluminum Rails ‒ Zip ties, bailing wire, bits of string
  • 24. GPU Cracking: The Case •Case, case, no case
  • 26. GPU Cracking: Building the Rig • Plan everything out!
  • 27. GPU Cracking: Building the Rig • The Initial End Result
  • 28. GPU Cracking: Building the Rig • Another Angle
  • 29. GPU Cracking: Building the Rig The Current Set Up
  • 31. GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
  • 32. GPU Cracking: Final Costs • Parts list: Parts Est. Cost Motherboard $160 Processor (Intel Celeron) $50 RAM (4 GB) $40 Hard Drives $150 Risers (4) $160 Power Supply (1500 W) $360 Video Cards (4) $2,116 Case Materials $20 Total $3,056
  • 33. GPU Cracking: Software Side • Operating System • Cracking Software
  • 35. Driver support • Windows support is generally good for both AMD and Nvidia • Linux support is getting better • Both are good options, unless you’re Linus…
  • 36. Server Setup • Windows and Linux work very well for server setups • Both can be setup as a headless server • We prefer Linux ‒ Easy to manage ‒ Lightweight ‒ Free
  • 37. Cracking Software • We want something free ‒ John ‒ oclHashcat • John/oclHashcat support GPU cracking with CUDA/OpenCL • We use oclHashcat ‒ Frequently updated ‒ Best performance ‒ Supports large number of hash types
  • 38. Methodology • Wielding the power responsibly ‒ Brute force isn’t always the best option
  • 39. Methodology • Dictionary Attacks ‒ Add in some mangling rules • Leet Speak • Password => P@$$vv0rd • Append Numbers • Password => Password2014 ‒ Double up on dictionaries • PasswordPassword ‒ Sources • Wikipedia • Urban Dictionary • Alexa Domain Lists • Crackstation, SkullSecurity, etc.
  • 40. Methodology • Masking Attacks ‒ Commonly Used Patterns ‒ Netspi1234 = ?u?l?l?l?l?l?d?d?d?d • One Upper • Five Lower • Four Digits • Ten characters total, meets complexity ‒ Easy to generate • Based off of previous cracks, leaks, etc.
  • 41. Demo
  • 42. Conclusions • It can be done • It’s not that expensive • Learn from our mistakes
  • 43. Questions Questions? Karl Fosaaen (@kfosaaen) Eric Gruber (@egru) http://www.netspi.com/blog