Amazon EC2 GPU HVM Spot Instance Password Cracking – Hashcat Setup Tutorial

Amazon EC2 instances are a nice way to do some powerful password cracking if you don’t have better options available. While it may not be the cheapest route you can get a nice high powered Tesla GPU cracking machine going for ~0.60$ per hour at the time of this writing.

The biggest annoyance is setting up the drivers and getting Hashcat on the machine. The time it takes for you to debug Nvidia driver issues and other dependencies takes away from what could be cracking time! In order to fix this issue I’ve created a bash script based off of the blog post here and updated it with all the latest drivers/hashcat version.

Quick Setup Instructions

First, log in to your Amazon EC2 management console.

Spot Requests > [ Request Spot Instances ] > Communit Market AMIs > Search for “ami-4fad7426″ or “ubuntu 11.10 hvm” > Select > All instance types > All instance types > Next: Configure Instance Details > Set Maximum Price (see current going rates and decide for yourself what you can pay) > Review and Launch > Launch

One your spot instance has been fulfilled, SSH into the box by doing “ssh -l ubuntu -i key.pem AMAZON_EC2_IP” and run the quick setup bash script.

The Bash script:

# ami-4fad7426
# Must be run as root (obviously)
sudo apt-get update
sudo apt-get install gcc g++ build-essential linux-headers-`uname -r`
sudo apt-get install freeglut3 freeglut3-dev p7zip-full
wget http://developer.download.nvidia.com/compute/cuda/5_0/rel-update-1/installers/cuda_5.0.35_linux_64_ubuntu11.10-1.run
chmod a+x cuda_5.0.35_linux_64_ubuntu11.10-1.run
sudo sh ./cuda_5.0.35_linux_64_ubuntu11.10-1.run --verbose
sudo echo "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/bin/cuda\"" | sudo tee /etc/environment
sudo echo "/usr/local/cuda/lib64" | sudo tee -a /etc/ld.so.conf.d/cuda.conf
sudo echo "/usr/local/cuda/lib" | sudo tee -a /etc/ld.so.conf.d/cuda.conf
sudo ldconfig
cd /usr/local/cuda/samples/1_Utilities/deviceQuery
sudo make
sudo ./deviceQuery
cd ~
wget http://us.download.nvidia.com/XFree86/Linux-x86_64/319.76/NVIDIA-Linux-x86_64-319.76.run
chmod +x NVIDIA-Linux-x86_64-319.76.run
sudo ./NVIDIA-Linux-x86_64-319.76.run
wget http://hashcat.net/files/oclHashcat-1.01.7z
7za x oclHashcat-1.01.7z

You should now have a nice ready to use Hashcat cracking box!

Output of my running instance:

[s]tatus [p]ause [r]esume [b]ypass [q]uit => s
Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3) [8]
Hash.Target....: File (crackme.txt)
Hash.Type......: MD5
Time.Started...: Fri Jan 24 15:38:13 2014 (35 mins, 24 secs)
Time.Estimated.: Fri Jan 24 16:23:37 2014 (8 mins, 44 secs)
Speed.GPU.#1...:  1044.8 MH/s
Speed.GPU.#2...:  1046.0 MH/s
Speed.GPU.#*...:  2090.7 MH/s
Recovered......: 3/7 (42.86%) Digests, 0/1 (0.00%) Salts
Progress.......: 4437019983872/5533380698112 (80.19%)
Rejected.......: 0/4437019983872 (0.00%)
HWMon.GPU.#1...: 99% Util, -1c Temp, -1% Fan
HWMon.GPU.#2...: 99% Util, -1c Temp, -1% Fan

Be kind, warm up those chilly folks at Amazon a few degrees with your GPU cracking 😉

Need some word lists?

https://wiki.skullsecurity.org/Passwords

http://www.teamctfu.com/wordlist.html

Matthew Bryant (mandatory)

Matthew Bryant (mandatory)
Security researcher who needs to sleep more. Opinions expressed are solely my own and do not express the views or opinions of my employer.