Computing Power to the People

The Official Qarnot Blog

< Back

Hashcat on Qarnot – documentation


by Rémi Bouzel - October 28, 2021 - Documentation

Introduction

 
Hashcat is an opensource password cracking software which relies on GPU power. Password cracking makes it possible to identify passwords from their hashes. Its purpose might be to help a user to recover a forgotten password, to gain unauthorized access to a system, or to act as a preventive measure, for instance by checking if passwords used within a company are strong enough.
 
 

Versions

The test case uses Hashcat 6.2.4:

Release year Version
2021 6.2.4

If you are interested in another version, please send us an email at qlab@qarnot.com.

 

Prerequisites

  • Please ensure that you have created a Qarnot account here and retrieve your Qarnot authentication token on the same page
  • Install Qarnot’s Python SDK here

Note: in addition to the Python SDK, Qarnot provides C# and Node.js SDKs and a Command Line Interface.

 

Test case

Let’s suppose the scenario where we obtained the following list of hashed passwords and we would now like to crack them:
 
    eb61eead90e3b899c6bcbe27ac581660
    958152288f2d2303ae045cffc43a02cd
    2c9341ca4cf3d87b9e4eb905d6a3ec45
    75b71aa6842e450f12aca00fdf54c51d
    031cbcccd3ba6bd4d1556330995b8d08
    b5af0b804ff7238bce48adef1e0c213f
    dc647eb65e6711e155375218212b3964

The goal of this test case will be to find out what passwords are hidden behind these hashes. For this, we will compare it to a words list.
You can download both inputs (target hashes and words list) here. You need to unzip it to be able to launch the computation on Qarnot.
 

Launching the case

Once everything is set up, use the following script to launch the password cracking computation on Qarnot.

hashcat.py

Make sure you have copied your authentication token in the script (instead of <<<MY_SECRET_TOKEN>>>) to be able to launch the task on Qarnot.

Finally, make sure that the input files are in the same folder named dataset-hashcat/. Your working directory should look like this:

  • dataset-hashcat/:
    • target_hashes.txt: list of hashed passwords to crack
    • wordslist.txt: list of passwords to test
  • hashcat.py: Python script to run the computation on Qarnot

To launch this script, you just need to open a terminal in your working directory and execute python3 hashcat.py & .

 

Results

At any given time, you can monitor the status of your task on the Console:

Once the computation is done, the result will be downloaded locally in hashcat-results/cracked.txt with the following content, unveiling the hashes and the password hidden behind:
 
    eb61eead90e3b899c6bcbe27ac581660:HELLO
    dc647eb65e6711e155375218212b3964:Password
    031cbcccd3ba6bd4d1556330995b8d08:GuessMe
 
If you wish to find the other passwords, you can run this payload with bigger words lists available on the internet.

Wrapping up

That’s it! If you have any questions, please contact qlab@qarnot.com and we will help you with pleasure!

comments

Leave a Reply

Your email address will not be published. Required fields are marked *