Passwords hashing is used to secure passwords. Hashing is a common technique across various software and tools.
Hashing is used as a security mechanism for preventing plain text information known to others. It’s mathematically impossible to calculate a plain text for Hash since hashing is a one-way process.
Still, there are different ways exist that can crack the hash and retrieve your password or other sensitive information that may have been hashed.
Hashing technique is mostly applicable to protect password like information since its a one-way process.
You may also want to check out – how to learn hacking and cracking.
This is a simple tutorial that will explain how hash cracking works.
Why Password Hashing Is Considered Secure
Hashing is a one-way process. This guarantees that the hash of a plain text value can be generated however the process can not be reversed. Most software and websites use this way to store password since the user knows the password. Whenever they need to authenticate the user, they generate the hash of user input and match it with a stored password.
This mechanism guarantees that even the software provider themselves do not know your password.
However, there are hacking and cracking tools as well as other techniques described below that may be able to find out your password from a hash.
Today we will learn about Cracking the Hashes using CPU and GPU.
- CPU: Central Processing Unit
- GPU: Graphical Processing Unit
We will cover:
- What is a Hash?
- What is the need for a Hash?
- Why Hash over Encryption or Encoding?
- Hardware configuration
- Tools required
- Hash cracking [CPU]
- Hash cracking [GPU]
- Hash cracking using Search engine
- Why such a difference?
What Is A Hash?
A. A Cryptographic function that converts a data or file of arbitrary length or size to a fixed length, which is considered practically impossible to invert. see Wikipedia
What Is The Need Of A Hash?
A major use of Hash is in the security field. To provide security or privacy to the user who is using any service of a company.
For example, You are using Gmail, Facebook, Twitter, eBay, Amazon or Online payment portals like Paypal. Where you use the service by providing your credentials(username/password)
There are basically 2 reasons:
- Making it difficult for hackers to recover/retrieve Password, Online service(Gmail,eBay, etc) or even Wi-Fi.
- Checking for the file verification. see SHA1 here
Even If a company’s security is breached (Hacked), then also the user’s credentials are safe(only if you use a strong password)
Why Hash Over Encryption And Encoding?
Imagine a scenario, which perhaps happens to almost every Big banner, take it Google, Facebook, Yahoo! etc.
A website is compromised and User’s data(credentials) is compromised.
What is the thing that will make you worry when you come to know that if you are a registered user on that site? Yes! your Password (might be the master password, for all your accounts).
Now, It is in service provider’s hand to provide security to their consumers. Hence, Hashing is the solution.
How? well, you might be familiar with these terms:
- Encoding/Decoding
- Encrypt/Decrypt
and now, Hashing
Not going into the details, I will tell you a basic and most important feature of Hash which makes Hash much different and important over Encoding and Decoding. and that is :
Encoded text/file can be Decoded, Encrypted text/file can be Decrypted, But hashed text/file can never be De-hashed.
Yes, Hash, unlike Encryption/Encoding, is a One-way process i.e when a text/file goes through the Cryptographic hash function, it is converted into a fixed character length.
Example: md5 type hash has a character length of 32, where
SHA1 has a character length of 40. If we hash a string, say “test123″, md5 and SHA1 hash for “test123″ will be
md5(“test123″) : CC03E747A6AFBBCBF8BE7668ACFEBEE5
SHA1(“test123″) : 7288EDD0FC3FFCBE93A0CF06E3568E28521687BC
Length differs from md2, md4 to SHA256, SHA512 and so on. Hashing your Wi-Fi password is also secured using a hash function named PBKDF2(Password-Based Key Derivation Function)
Hardware Configuration
Hardware used in this tutorial:
- Laptop with 4 GB RAM
- Nvidia Graphic card 1 GB
Tools Required
Software used in this tutorial:
- Windows 8, 32-bit
- Cain & Abel (CPU based cracker).
- igHashGPU (GPU based cracker), download here
- Nvidia graphics driver, for igHashGPU, download here
Hash Cracking [CPU]
Cain & abel is a multi-purpose tool. It is used for various purpose like
- Sniffing
- Hash calculating
- Hash recovery(this tutorial)
- ARP spoofing
- WiFi hacking, using hardware called
AirPcap - and so on.
We will take MD5(Message Digest 5) cracking as an example to keep it simple and easy to understand. Install Cain & abel, then follow the instruction along, step-by-step:
- Open Cain & abel
- Press Alt+C to open the Hash calculator
- Type in “test123” and hit [ENTER], here “test123″ is our test string
- You should see something similar,
Here we got the MD5, and other Hash for string “test123″ i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5. select and copy the MD5 hash. NOTE: Hashing is Case sensitive, Hash for “Test123” will be absolutely different.
- Click on Cracker tab, then select MD5 Hashes column in the left.
then right click and select Add to list.
- Paste the copied MD5 hash and hit [ENTER]
- Now, Hash is added to list. Right click on hash and select Brute-Force attack
- Set max length to 7 and click Start, and you should see this
.
Here I have set the Max length of the password to be 7 to just test the output of the tool, and cracking speed of the CPU. See the Password/Second CPU is testing: 6.3M (approx) and the remaining time i.e total time which will take CPU to recover the original string is 3.5 hours.
It is too lame to wait for 3.5 hours for a small string test123 of the length of 7 characters with no special characters. isn’t it? well, here comes the GPU cracking to put some speed in the process!
Hash Cracking [GPU]
igHashGPU is a password recovery tool specialized for ATI (RV) and nVidia (Cuda) based cards. It recovers password of hashes which are used over the internet(weak), example md4/md5/SHA1.
Let’s get started,
We have the MD5 string for test123 i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5
Follow the instructions along, step-by-step:
- Download and extract igHashGPU. Go to folder
- Right click and edit the file “example.cmd“. It is the example file for testing GPU speed of recovering MD5 password.
- Paste the MD5 code in the file after h: and it should look like this : ighashgpu.exe /h:CC03E747A6AFBBCBF8BE7668ACFEBEE5 /t:md5 /c:sd /min:4 /max:7
- Close file. Click save and yes.
- Select “Example.cmd” and hit [ENTER].
- A command prompt window will open like this
.
See the CURSPD(Current speed), ~50 Million. Nice! but not good, isn’t it? see the battery symbol in the lower right corner. The laptop is running on battery.
- See what happens when I plug in the charger, notice the clock and speed.
WHOA! See the difference! from 50M to 195M passwords/second, isn’t it great ? from 6.3M pass/sec to 195M pass/sec. That’s a big Jump.
What you think how long it would have taken to recover the Password ?
Just 5 minutes and 53 seconds. See how much time we saved by using GPU. From 3+ hrs to just 5 minutes. isn’t it amazing?
also see the average speed also, 62,847 Million passwords/second.
CPU: ~3 hrs with 6M pass/sec GPU: ~6 min with 195M pass/sec
You might ask, Hey! can we crack this even faster? well, the answer is Yes you can(not always though). How?
Hash Cracking Using Search Engine [Google]
We had MD5 string copied, right? what you need to do is very simple.
Just paste and search the MD5 string i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5 on Google. and you’re done!
Notice the text string “test123” and the Hash. So simple to recover the string from MD5, no?
Now see the time above, it took us to recover the original string. Just 0.31 seconds. not even a second. Wow! that’s great.
You might be thinking why such a difference? here’s the answer
Why Such A Difference?
The difference in the speed is due to the architecture of the 3.
- CPU: Uses 4 cores(Shared with system processes) at maximum, 8-cores in some cases.
- GPU: Used 96 cores (In this case).
All the 96 cores(Parallel processing units) were 100% dedicated for the password recovery process unlike CPU, which was simultaneously handling the complete OS including background processes, GUI(mapping of pixels on screen), and many other processes.
Even if the CPU stop handling those, then also it won’t match GPU’s performance. difference because of the #of cores i.e 96 vs. 4 or 8
Latest GPU’s that I have seen comes with more than 400 cores. It can take you more than a billion passwords/second to recover the MD5 hashed string.
Google Don’t Crack The Hash.
Yes!, Google doesn’t crack/recover the string. It sends a request for the specific Text input i.e the hash in our case, to all the servers, takes the response back and displays the result according to the page rank of the site.
There are plenty of online crackers, which can be used to crack a variety of hashes. They search their Database for the hash you have entered.
If the string of hash is already recovered by them, they will give it to you, else you have to pay to avail the service.
An email is sent if the string has been recovered.
So, what Google does is sending a request to all these servers and displaying you the result. Result of the hash already cracked.
It certainly becomes the Top priority for hash cracking. Search google first, if you didn’t find the password, go for GPU cracking.
Still didn’t succeed? Try CloudCraker, crackStation, HashKiller
You can google “Online hash cracker” for more results.
Note: Cracking speed varies depending on factors like:
GPU configuration, ATI graphics cards are the best for this task.
Hash type, for SHA1 it will be even lesser and for WPA hash cracking it goes down to 4000 Pass/sec on my graphics card. see this list. My card’s performance is near to GeForce 8800 GTS (CUDA)
Interested in WPA cracking, or WiFi pentesting? Follow my WiFi Security and Pentesting Series
Hope you found this tutorial helpful. Let me know in the comment section.
Thanks!
- Updated On June 2019: Fixed Broken links and updated minor typos.