Crazy Fast Password Recovery with Hashcat

Monday, January 02, 2012

Dan Dieterle


I have been playing with Hashcat a little bit today and I am just stunned on how fast it is. Hashcat is an all purpose password cracker that can run off of your GPU or your CPU.

The GPU version, OCLHashcat-plus is touted as the world’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker.

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords.

But just how fast is it?

I took just a simple password: “fred” and fed the NTLM password hash into Hashcat. I used just the slower CPU version and the Bruteforce option. The password was recovered as soon as I hit run (click image to enlarge):

It was so fast, the estimated and elapsed time didn’t even register.

You can also use password dictionaries to use as a guideline for Hashcat. For the next test, I downloaded the “RockYou.txt” password list. This is a list of actual passwords that have been sanitized (usernames removed). I pulled 4 random plain text passwords from RockYou and converted them to Windows NTLM passwords:

elizabeth1 – 6afd63afaebf74211010f02ba62a1b3e
francis123 – 43fccfa6bae3d14b26427c26d00410ef
duodinamico - 27c0555ea55ecfcdba01c022681dda3f
luphu4ever – 9439b142f202437a55f7c52f6fcf82d3

I placed the 4 password hashes into a file called hashes.txt, added in the RockYou plain text password list and fed them into Hashcat (click image to enlarge):

Hashcat recovered all five passwords in about the same amount of time it took to create the display screen, a second, maybe 2 (click image to enlarge):

Remember that these are the NTLM hashes, not Window’s simpler LM hashes.

Add in the GPU version, advanced rules, attack methods, and Hybrid Masks and you really have a powerful tool to recover almost any password.

Cross-posted from Cyber Arms

Possibly Related Articles:
Network Access Control
Information Security
Passwords cracking Software Hacking Tools Penetration Testing Hashes NTLM Data Recovery Hashcat
Post Rating I Like this!
Nathan Bowman I appreciate the amount of computing power this system has, but IMHO this article is sort of misleading people. I wrote an article titled “The Brute Force Misconception” earlier this year, and it explains (with some calculations) why brute forcing passwords shouldn’t be given the hype that it gets sometimes.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.