Ever wanted to use all that AWS compute power for something fun? How about cracking passwords? In this post, I'll walk you through building a formidable cloud-hosted password cracking rig.
It may seem obvious, but first you'll need an active AWS account. You can register for an account here if you don't already have one. Once you have an account, there's one more housekeeping step to take. GPU-backed instances at AWS (in our case, we'll be using one of the P3 type instances), require AWS to allocate an allotment of vCPUs to your account that can be used for launching these instances. So, we'll need to request a limit increase from the default 0 to 32 in order to launch a p3.8xlarge instance. You can request limit increases in AWS on the My Service Quotas page. Refer to our video walkthrough (3:05).
Once your account has been allocated vCPUs, you can now launch a p3.8xlarge instance. Be forewarned, these instances will cost you almost $9,000 dollars if you run it continuously for a month. Do Not Forget To Power This Off when it is not in use. Here are a few other options for GPU-backed systems to consider as well, though from testing and analysis, we've found the 8xlarge to be the best blend of performance and cost.
Configuring Your Instance
Once your account is approved you can now launch your instance (3:40). Here are the basic requirements for your instance:
- Use AMI: ami-0817d428a6fb68645
- Provision at least 250gb of storage (cracking files take up lots of room)
- Optional: Use security groups to restrict access (e.g., ssh) from only desired locations
sudo apt update #collect package updates
sudo apt upgrade #install package updates
sudo apt-get install -y build-essential linux-headers-$(uname -r) p7zip-full linux-image-extra-virtual #install additional packages
sudo [your fav editor] /etc/modprobe.d/blacklist-nouveau.confand add the following lines:
A few more commands:
blacklist nouveau blacklist lbm-nouveau options nouveau modeset=0 alias nouveau off alias lbm-nouveau off
sudo echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf
sudo update-initramfs -u
Configuring Your GPUs
Now we need to download and install our GPU Drivers and SDKs (7:18). Download and install NVIDIA Drivers:
wget https://us.download.nvidia.com/tesla/450.80.02/NVIDIA-Linux-x86_64-450.80.02.run #download
sudo bash NVIDIA-Linux-x86_64-450.80.02.run #install, accept all defaults
wget https://developer.download.nvidia.com/compute/cuda/11.1.0/local_installers/cuda_11.1.0_455.23.05_linux.run #download
sudo bash cuda_11.1.0_455.23.05_linux.run #install, accept all defaults
Download and Run Hashcat
We're almost there! Just quick install of 7zip and a download of hashcat and we're off and running (8:30). Download 7zip:
sudo apt install p7zip-full
To make it easy, here are the remaining lines of code. You can run each one-at-a-time or copy and paste the whole block into the terminal:
sudo cd /opt #move into /opt, this is personal preference, I just keep everything here to make it easy for us sudo wget https://hashcat.net/files/hashcat-22.214.171.124z #download hashcat sudo 7z x hashcat-126.96.36.199z #extract hashcat sudo mv hashcat-188.8.131.52z hashcat #change directory name to just hashcat sudo cd hashcat #move into hashcat directory sudo ./hashcat.bin -b #run hashcat in benchmark mode
Congratulations, if all went well, you should have a working password cracker in AWS. From here, you'll need to get yourself a few wordlists, rules, masks, and of course—some [legally obtained] hashes to crack. If you liked this post and want to see a video on cracking techniques or tips and tricks, comment in the YouTube comment section.
There is also a great cracking guide available on Amazon that contains lots of examples, rules and dictionary sources. Hash Crack: Password Cracking Manual
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.