Many guides online explain how to setup AWS, Azure, or Google Cloud instances to crack hashes with hashcat (including my own meager contribution).
There are a couple of obstacles though:
Vast.ai removes all of these obstacles1, offering "one simple interface to find the best cloud GPU rentals" and promising to "reduce cloud compute costs by 3X to 5X."
It only takes a couple of minutes to setup an account, select a suitable instance and docker image, and start cracking:
Create and fund (via Stripe) a Vast.ai account
Generate an SSH key pair on your computer:
ssh-keygen -t rsa -b 4096 -C "vast.ai"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/vast.
Your public key has been saved in /Users/user/.ssh/vast.pub.
Paste the contents of vast.pub into Account > Change SSH key
Client > Create > EDIT IMAGE & CONFIG > scroll down to "Enter the name of a docker image. May be anything supported by docker run." and enter "dizcza/docker-hashcat:latest" (there are many other hashcat docker images to choose from).
Use the TFLOPS/$/Hour slider to quickly find high performance instances then click the blue RENT button on desired instance
Client > Instances > click the blue CONNECT button and copy the ssh command displayed
Paste the ssh command2 into your terminal, e.g.,
ssh -p 12874 firstname.lastname@example.org -L 8080:localhost:8080
Paste3 the hash you'd like to crack into a new file, e.g.,
echo '$ml$28328$7215a1faa91e6196fb53884c4320970d9705ae6f19e5b50e0a24243708629a9b$8e0588decbdb347e0b909a7a1b1bc9470fe7dd37e09a64f9d02b82cfba91116b13d7c172b5a65683ac8d2c873324b8d82255a51ced0792656e766fa1a9c23994' > hash.txt
Download and extract a wordlist4:
wget https://github.com/danielmiessler/SecLists/raw/601038eb4ea18c97177b43a757286d3c8a815db8/Passwords/merged.txt.tar.gz && tar xf merged.txt.tar.gz
hashcat -a 0 -m 7100 --status -o found.txt hash.txt merged.txt
The last time I had this much fun in the cloud was on Slicehost; vast.ai offers the same giddy excitement of a simple, welcoming interface on top of a very powerful, complex service. By contrast, navigating behemoths like AWS, Azure, and GCP is about as much fun as reading a EULA while repeatedly stubbing your toe.
-i /Users/user/.ssh/vastto the command (was not required under Ubuntu Linux)
created: 2019.10.29, updated: 2019.10.30