 running the password village. We wanted to start off getting you up and running with Hashcat on an NVIDIA GPU and then cover some basic attacks. The goal here is to start building a foundation that other talks throughout the village and DEF CON will expand on. So ideally you're going to have a GTX model NVIDIA card and be running Linux. The box we're on here is an AWS instance running the stock Ubuntu 20.04 AMI and it has a Tesla T4, which isn't the greatest card for cracking, but it's going to work for our purposes. So Hashcat supports two modes of operation. You have OpenCL, which is a standard language, meaning that it's going to run on any card or CPU that supports OpenCL. That can be Intel, that can be AMD, that can be NVIDIA and that can be AMD video cards. And then there's CUDA, which is specific to NVIDIA, which will allow us to eke just a bit more performance out of the card and get us some faster crack rates. Since we have an NVIDIA card on this box, we're going to go with the CUDA driver. Now we don't want to use the repo drivers. We don't want to use the repo drivers because the Ubuntu maintainers will include patches to those drivers that may fix a bug for a desktop environment, for instance, but it breaks the compatibility with the CUDA runtime and therefore breaks Hashcat, and we don't want that to happen. So we're going to use the driver that's supplied by NVIDIA and we're going to use the CUDA toolkit version. So we are on Linux. We're on x8664, so 64-bit processor, or 64-bit system. We're running Ubuntu. We're running version 20.04. And then we have a couple of options here. So we have a run file, which is a local install, a local Debian install, which will create a Debian archive on your, or sorry, a Debian repo on your local box, and then you have the network install because we want to maintain compatibility between the CUDA version and the Hashcat release. We don't want to upgrade CUDA as part of a system upgrade on accident and break it. So we're going to go with the local run file. So we're going to copy this WGet line here, paste that in, and then we're going to go ahead and grab our Hashcat binaries. And we're also want the PGP signature so that we can verify that it's legit. And then we're going to want to grab the Hashcat key. So we see here, we've got the fingerprint. Scroll over here a bit. So we've got the fingerprint here and it says that it is on the PGP key servers. So we can use GPG to go ahead and import that key. Okay. And we've got our key. And then let's verify that our download is actually signed and correct. So there we go. We've got a good signature, so we are good there. So we're also going to grab a word list and we're going to grab that from Skull Security and we're going to be using Rocky, which is kind of an old list, but it's also still really good. So let's grab that guy. Let's grab it incredibly slowly. So the next part, we'll go ahead and install the CUDA SDK and it's going to fail the first time we run it because we're on a brand new box that has no dependencies installed at all. So there are some things that the SDK is going to do, like build the NVIDIA driver and it's going to need to have things like GCC and other libraries that it requires in order to do that. So what we're actually going to do is kind of walk through the steps on how we can make sure that we get all of those that that's done. So we're going to do a search for, an apt cache search for the NVIDIA driver and we can see that there are a bunch of them. So let's just say this guy right here is the latest release that seems that Ubuntu has and then we are going to apt get build depth NVIDIA driver 440. So we want to get all the dependencies that NVIDIA driver 440 requires. So we don't have any source listings for non-binary pulls in our app config. So let's go ahead and make that happen. Make sure we get the editor in there as well. We're going to uncomment this and we're going to uncomment this and that's all we need. Do a quick apt update and let's try that again. So we're going to go ahead and let all of that install. So this will allow us to build our driver. We also need to grab one more thing because hashcat is packaged in the seven zip format. We'll need to grab a P7 zip AWS. Thank you. So we'll grab P7 zip as well. Thankfully that didn't take as long and we're going to bypass some of this. So if you run the CUDA SDK installer it has a kind of menu driven interface. We don't want that. So we're going to run it in silent mode and we want to install the driver and the toolkit and this is going to take a minute. Okay, now there's one other step that if we had used the menu driven method it would tell us that we need to add some stuff to our path. So if we look at ldsocomf.comf.d So it already wrote our CUDA library path. So that's good. But it did not write the path update for our profile. So we need to go ahead and add that in. So we'll do a sudo vi slash atc profile.d and we'll call this CUDA.sh. And then in here, we're basically just adding the path to the CUDA binaries to our system path. And then this is going to load every time a new instance is spawned. So we'll go ahead and source accept profile so we get the update. And then we also need to run ldconfig so that it updates the library path. And then let's check Nvidia SMI and make sure that it sees our card and it does. So we've got our Tesla T4 and it is running on the driver version that was supplied with the CUDA SDK, which is 450.51.05, right here. And we can see we're on CUDA version 11. So that's good. So next, let's unpack hashcat. So we're going to 7zip extract hashcat.7zip. And while we're at it, let's go ahead and be on zip to rocky.txt. So let's make sure that hashcat sees our video card now and it does and it sees that it can run in either CUDA or OpenCL mode. It's going to default to the CUDA version here. So we don't need to worry about the OpenCL info below us. And then let's just do a quick benchmark to make sure that actually get running. So we can see that it selected our device. It skipped the OpenCL part of that because it has the CUDA API and there we go. So let's move into doing some simple attacks with hashcat. So we're going to go back to the password village site which is at passwordvillage.org and we are going to grab some NT hashes. So we've got our hashcat examples here. You can copy and paste these off the site and follow along if you are set up to do so. Let's get rid of this. We'll call this NT.hash. We'll paste those guys in using whatever editor you desire. And then we used hash mode 1000 here because I know that 1000 is NTLM. But if you needed to find it, you could do a hashcat help and then grep, we'll do a dash i. So we do a case insensitive search and look for NTLM. And we can see right here NTLM is mode 1000. NetNTLM v1 and v2 are different hash types. Typically you see those coming out of responder which I believe evilmog is going to do a talk on later in the day that will quickly cover those. So we want hashcat.tacm1000 for mode. We want our NT hash file and then we wanna run this against RockU. So it's gonna initialize the device there. It's gonna load the dictionary and then it cracked all our hashes. It cracked all our hashes because these hashes were generated from RockU. So you would expect to get all of those. If you were pulling hashes from the wild, RockU may crack one of them. It may crack none of them or it may crack all of them depending on how good the password policy of the company or the site that was compromised and the hashes were leaked from. So to kind of walk through this a little bit there's a lot going on on the screen here. So we have our hashes up here and we have the associated plain text on the opposite side. So you've got this is a hash. We've got a separator and then we have the plain text of this hash and then we've got 10 of those. So we had a session name of hash cat. If we were doing some session stuff where maybe we wanted to stop this and resume it later this name is important. We're not gonna cover that here. The status would normally be running but since we only had a small sample and we knew the plain text for all of those it cracked them all pretty quick. We were running it against NTLMs. Our hash target was the hash file that we supplied called NT.hash. The guest base meaning the candidate words that we were selecting from came from a file called rocky.text. The speed of our device which is actually pretty slow compared to what we saw up here in the benchmark because it never got fully up to speed. Where are we at here? Right here. As we can see here we were going at about 35.7 billion. That's pretty quick. But down here we were only going at about 7.7 million. So that's mainly because we didn't have enough work to supply the GPU but also because we cracked all the hashes so quickly that it never got a chance to get up to full speed. So we recovered all 10 of our hashes. So we had 10 digest. The hash is also called a digest. It ran through the entire list of words. So we had 14.3 million possible candidates and we exhausted that entire space. It rejected none of them and a rejection can come from a word that's too long. We had a restore point which we didn't use because we're not doing a restore. And then we had the candidates down here. Now in a long run this is going to show what a sample of what words are currently being tried against the hashes. And here we have some hex representation and this is probably because we have colon which is a separator that hash cat uses internally. So it's going to put that into a hex representation so that it doesn't accidentally cut your hash or your plain text in the wrong spot. And then we have our hardware monitor which was telling us some statistics about the card. So it was running at 59 degrees Celsius. It was at 75% utilization. And then our core speed, the memory speed and the bus workload. So that's a very simple dictionary attack. So let's try doing a combinator attack. Now a combinator attack is when you take two word lists and hash cat is going to take one word from one word list and one word from the other word list and smash them together and try that as a candidate. And it's gonna do that for each one. So in very large runs this is not really the best attack to do because it can take years to complete. So if we were to use Rocky with Rocky for instance we're doing 14.3 million to the 14.3 million which ends up being some ridiculous number that we're probably never going to exhaust. The example dictionaries here are actually reasonably small and it's a really good baseline for showing how the attack works. So we can copy this. So we're gonna use A1 which is the attack mode for combinator. These hashes are MD5. So we're gonna say M0. Zero is the mode identifier for MD5. Hash cat provides an example list of hashes. So this is going to be the list of MD5 hashes and then the two example dictionaries which are actually the same dictionary. So we're just gonna specify it twice. You could do this with two different dictionaries. So if you had example.dict and then example1.dict that has some different word set in it, that will work and you could even reverse some it. So let's go ahead and run this. Go ahead and run this with the right name and yeah, that's a lot. So we had, if we go back to our status output here we know all this. We had a file which was example.dict on the left side and a file which was example.dict on the right side. So if you think about it this way, you have example.dict, example.dict. So this is going to be the left side. This is going to be the right side. And then again, hash cat just combined left and right, made a single word out of it, hashed it and then checked it against the list of hashes. So we can see here that we went quite a bit faster this time. So we went at 5.8 billion candidates per second. We recovered 2,906 of 6,494 digest. So just under 45% and we have 3,588 hashes remaining. So the next one we'll do is a brute force. Now, this is going to be a very simple example of a mask attack and we'll talk about mask attacks later. Brute forcing is when we take string and then increment it by either a number or a letter to exhaust a full key space. So in this case, we're doing one, two, three, let's see, one, two, three, four, five, six spaces of all characters. So that's numbers, letters, lower case and uppercase, and then specials. This is again going to be MD5. We're going to use the same example hash set that we used before. A3 is to specify a mask attack or a brute force attack and then get this right the first time. And then we let it run. So you'll see here that the, we're only going to crack six character passwords because we only specified for hash cat to crack six character passwords. And we can say we've got some lower case, we had some numbers, now we've got an uppercase here. So there's an uppercase there, some stuff starting with numbers. So lower case. Okay, so what hash cat was doing in that mode? So we had this mask specified. We said we want to try all possible combinations of all printable ASCII characters on a standard keyboard. So we have 95 of those. So for each one of these positions, it's going to try all 95 possibilities. So if we look at it this way, let's say it starts at one, two, three, four, five, six As, and then it tries one, two, three, four, five, six with a B, and then it tries one, two, three, four, five with a C, and it continues to increment until C gets to Z, and then it shifts by one. So then we have one, two, three, four, B, A, two, three, four, B, B, and so on and so forth. But since we're going so fast, the incrementing of the characters goes ridiculously fast. So that is your basic rundown of the three very basic attack modes that hash cat does. You can go back and take a look at the standard attacks that are specified on the Password Village website if you need help understanding what was going on. And also some examples of how to use the commands for a given attack mode. So that's all we've got for now and hope you join us for the next talk.