tinyapps.org / docs / Cracking hashes in the cloud with hashcat

Many guides online explain how to set up AWS, Azure, or Google Cloud instances to crack hashes with hashcat (including my own meager contribution).

There are a couple of obstacles though:

• Having to open a ticket and plead for access to powerful GPU instances
• Having to then wait hours or even days for permission from a human (assuming you are so blessed)
• Getting everything set up properly can be frustrating and burn up valuable time; guides date quickly and sometimes leave out important details

Vast.ai removes all of these obstacles¹, offering "one simple interface to find the best cloud GPU rentals" and promising to "reduce cloud compute costs by 3X to 5X."

It only takes a couple of minutes to set up an account, select a suitable instance and docker image, and start cracking:

1. Create and fund (via Stripe) a Vast.ai account

2. Generate an SSH key pair on your computer:
   ssh-keygen -t rsa -b 4096 -C "vast.ai"
   Generating public/private rsa key pair.
   Enter file in which to save the key (/Users/user/.ssh/id_rsa): /Users/user/.ssh/vast
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /Users/user/.ssh/vast.
   Your public key has been saved in /Users/user/.ssh/vast.pub.
   ...

3. Paste the contents of vast.pub into Account > Change SSH key

4. Client > Create > EDIT IMAGE & CONFIG > scroll down to "Enter the name of a docker image. May be anything supported by docker run." and enter "dizcza/docker-hashcat:latest" (there are many other hashcat docker images to choose from).

5. Use the TFLOPS/$/Hour slider to quickly find high performance instances then click the blue RENT button on desired instance

6. Client > Instances > click the blue CONNECT button and copy the ssh command displayed

7. Paste the ssh command² into your terminal, e.g.,
   ssh -p 12874 [email protected] -L 8080:localhost:8080

8. Paste³ the hash you'd like to crack into a new file, e.g.,

   echo '$ml$28328$7215a1faa91e6196fb53884c4320970d9705ae6f19e5b50e0a24243708629a9b$8e0588decbdb347e0b909a7a1b1bc9470fe7dd37e09a64f9d02b82cfba91116b13d7c172b5a65683ac8d2c873324b8d82255a51ced0792656e766fa1a9c23994' > hash.txt

9. Download and extract a wordlist⁴:

   wget https://github.com/danielmiessler/SecLists/raw/601038eb4ea18c97177b43a757286d3c8a815db8/Passwords/merged.txt.tar.gz && tar xf merged.txt.tar.gz

10. Get cracking:
    hashcat -a 0 -m 7100 --status -o found.txt hash.txt merged.txt

The last time I had this much fun in the cloud was on Slicehost; vast.ai offers the same giddy excitement of a simple, welcoming interface on top of a very powerful, complex service. By contrast, navigating behemoths like AWS, Azure, and GCP is about as much fun as reading a EULA while repeatedly stubbing your toe.

Footnotes

1. So does a Terahash Brutalis if you have $25,499.99 burning a hole in your pocket.
2. In macOS testing, I had to add -i /Users/user/.ssh/vast to the command (was not required under Ubuntu Linux)
3. Use single quotes rather than double quotes
4. Larger wordlists:
   • Weakpass 2.0
   • Rocktastic
   • breachcompilation.txt
   • hashes.org's found lists (via Royce Williams - thank you!)

created: 2019.10.29, updated: 2019.10.30