Hash cracking using GPU 101

0xdom
Nerd For Tech
Published in
6 min readMay 4, 2021

--

if you are reading this article then you must be known about the craze of GPU cracking, well what is actually GPU cracking and why is it better than CPU cracking? why bitcoin miners are using GPU cracking what is the reason behind that? And why you should learn GPU cracking to help yourself to grow your knowledge in the ethical hacking field. All of these questions will be answered in this article.

topics covered:

  • CPU vs GPU at computing
  • How hashes are cracked?
  • Best tool
  • The cheapest way to GPU hash cracking
  • Best wordlist

Before diving into cracking, first of all, we need To know the difference between CPU cracking vs GPU cracking you need to know what are they?

The main difference between CPU and GPU is that CPU is used to perform a wide range of tasks more quickly but are limited to instances of tasks that can be running but with the GPU on the other hand GPU is designed to perform the complex mathematical operations GPU can run thousands of the instances at the same time.

CPU vs GPU at computing

CPU usually has 4 -8 cores although a CPU core is much faster than a GPU core, GPUs can perform parallel instructions on multiple sets of data because GPU has hundreds of the cores.

src

GPU can do faster processing of data than CPU because they’re designed with thousands of processor cores running simultaneously, GPUs enable massive parallelism where each core is focused on making efficient calculations.

The GPU ran at 1450 MHz, can crack for a grand total of about 160 million SHA-1 hashes (computations) per second. src

Whereas CPU (a quad-core 2.4 GHz Intel Core2), could achieve about 48 million SHA-1 hashes per second.

So I hope now you know why GPU cracking is preferred over CPU cracking.

how hashes are cracked?

so before learning about cracking hashes we need to know how what actually is a hash and how hashes are generated.

what is a hash?

src

A hash function is any function that can be used to map data of arbitrary size to fixed-size values which can be called a hash. Wikipedia

And Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. but the hashes can’t be retrieved back to their original form as it happens in decryption (both are completely different things).

Hashing makes it a more secure way for storing passwords. The bad thing about such “cleartext” storage of passwords is that it induces a vulnerability in the case of an attack model where the attacker could get read-only access to the server data.

If the website is vulnerable to SQL injection your passwords might be shown as clear text to attackers. So now you know why hashing is important.

Hash cracking

Hashing algorithms such as Microsoft LM hashes, MD4, MD5, SHA, MySQL, Cisco PIX, etc. make a set of mathematical operations on the clear text password (by converting it to integer format) and produce a fixed length of the arbitrary size of data which is known as a hash.

The fun part is if you input the same value to the hashing algorithm it will produce the same hash but even if you made a small change in your value the hash will be completely different. let's see it in action.

Notice the difference between hash values when I just changed the small ‘h’ to capital ‘H’.

This is how the passwords are hashed but with different and stronger algorithms. So don’t use weak hashing algorithms!

Ok now here's the catch if we copy the hash value and decrypt it in the md5 decrypter it will return you the original value.

So what the hashing algorithms doing is, it's hashing each word with a different combination from its dictionary and comparing these hashes with our given hash until both the hashes are matched and the output is shown to us (which is our original hash).

Basically, it's brute-forcing the hash until it finds the original hash which matches our given hash, and hence decrypting it. Keep in mind that to decrypt a hash the wordlist should contain the value you’re trying to decrypt or every possible combination should be made to decrypt the hash.

So that's why for the faster cracking of the hash you need more computing power which is provided by GPU as each core of GPU is focused on making efficient calculations.

you can use this tool to learn about hash cracking in the fun way, CyberChef

So now you know how hashes are cracked and why GPU is better at cracking the password.

Best tool

Some of you might have already guessed what the best tool is going to be, and obviously, it's Hashcat.

Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat

The best thing about hashcat is it can make use of your GPU for more efficient hash cracking. you can find the usage of hashcat here. you should consider learning this tool it can help you in long run.

The cheapest way to GPU hash cracking

And now comes the most important point where can you get the GPU if you don’t have one and in the cheapest way possible?

The best way is to get hold of a GPU but if you don’t have the budget you can buy from the services which sell cloud computing, like AWS cloud services.

But you can benefit from cloud computing if you’re using it for the short term you would not want to burn your whole money on the cloud if you're doing it for long terms, if long terms are your main goal go make yourself a cracking station.

keep in mind that I'm not endorsing you to do any illegal activity with the information given here, nor do I support this behavior.

Best wordlist

Now, for your cracking journey, you would require a good wordlist and you may come up with your own wordlist in the future but here's the starter.

You can download some of the best Wordlists for Hashcat from Crackstation a website that specializes in de-hashing passwords.

Crackstations Wordlists are the result of a historical password hash leak from Linkedin and other sites.
My favorite wordlist from Crackstation is real human-small I like this wordlist because it contains a list of real human passwords that have been leaked online.

You can find wordlist in kali Linux on this path

cd /usr/share/wordlists

you can use these wordlists for cracking the hashes.

So there you have it hash cracking using GPU 101 I hope the information given here was easily digestable if it was make sure you follow me for such a interesting information.

--

--

0xdom
Nerd For Tech

I'm a cybersecurity aspirant currently working on my skills, wannabe hacker.