Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Hash Cracking

Featured Replies

I was wondering if anyone had considered using unRAID for hash-cracking leveraging GPUs.

I now have two available NVIDIA cards that I could install for cracking hashes.

Any thoughts on whether NVIDIA drivers would work in unRAID or would that just be an unfeasible idea?

Just a friendly reminder - according to the Forum Rules, especially #5, no illegal or hurtful activity is allowed here, and I believe that would include the facilitation of activities that could be hurtful to persons or entities by hash-cracking others passwords.  Please be very careful here.    :)

  • Author

To be clear, I am a penetration tester that does this for a living, not some script-kiddie trying to "pwn the interwebz". I understand your concern, but there is nothing strictly illegal in cracking hashes. This is also more for research purposes, as I use AWS for cracking client hashes. I don't want to play around on AWS because I have to pay for that. I already have usable (albeit, not extremely fast) NVIDIA cards that aren't purposed elsewhere anymore that would be "cheaper".

So, any ideas on a method of facilitating the installation of the proprietary NVIDIA drivers?

 

"activities that could be hurtful to persons or entities"

Ummm...but usenet and bit-torrent dockers are perfectly acceptable? That seems silly. If cracking hashes is "potentially harmful", shouldn't pirating media also be "potentially harmful" and unacceptable?

"activities that could be hurtful to persons or entities"

Ummm...but usenet and bit-torrent dockers are perfectly acceptable? That seems silly. If cracking hashes is "potentially harmful", shouldn't pirating media also be "potentially harmful" and unacceptable?

 

I used to read comp.os.minix articles last millennium from the command line using the tin newsreader and I'm quite disturbed by what Usenet has become and how people now pay a subscription for the privilege of downloading pirated material in high definition automatically. I now understand why people insist on redacting their diagnostics before posting here. It's an aspect of home NAS usage I find quite distasteful.

 

On the other hand, I've been trying to crack RC5 ciphers for years and for fun, mostly via the distributed.net project, and first with CPUs and then with GPUs. There's nothing sinister about that at all and the 72-bit version is proving to be extremely difficult to crack by brute force alone. I can't help the OP, I'm afraid, because I use AMD GPUs with other OS distributions, but I thought his comments deserved some support. My unRAID servers are just used to store my lifetime's accumulated documents, photographs, music and video, every single file either created by me or else paid for and legitimate, with the original stored away and available as proof.

  • Author

"activities that could be hurtful to persons or entities"

Ummm...but usenet and bit-torrent dockers are perfectly acceptable? That seems silly. If cracking hashes is "potentially harmful", shouldn't pirating media also be "potentially harmful" and unacceptable?

 

I used to read comp.os.minix articles last millennium from the command line using the tin newsreader and I'm quite disturbed by what Usenet has become and how people now pay a subscription for the privilege of downloading pirated material in high definition automatically. I now understand why people insist on redacting their diagnostics before posting here. It's an aspect of home NAS usage I find quite distasteful.

 

On the other hand, I've been trying to crack RC5 ciphers for years and for fun, mostly via the distributed.net project, and first with CPUs and then with GPUs. There's nothing sinister about that at all and the 72-bit version is proving to be extremely difficult to crack by brute force alone. I can't help the OP, I'm afraid, because I use AMD GPUs with other OS distributions, but I thought his comments deserved some support. My unRAID servers are just used to store my lifetime's accumulated documents, photographs, music and video, every single file either created by me or else paid for and legitimate, with the original stored away and available as proof.

 

 

Thank you for the support.

We do a lot of hash-cracking for our testing because passwords really are a great attack vector. Even Domain Admins, whether people or service accounts, still use very poorly chosen passwords. Getting access to a Domain Controller via an authenticated user or...null sessions (which are actually still out there) is an extremely easy way to start password attacks. Hash-cracking an entire domain worth of hashes gives the client the added benefit of knowing how well training goes, or just how poorly they still choose passwords. Applications like pipal give very good statistics on passwords.

I did consider getting AMD cards this time because they have always had a significant advantage in GPU cracking over NVIDIA. I think my choice was 1 part NVIDIA "fanboi" and 1 part always used NVIDIA, so I know how to get it all working.

I spent some time yesterday comparing hash-cracking speeds on CPU vs GPU and also speeds of a few different hashes. We also looked at how the reporting for speeds is different between hashcat and oclhashcat, which seemed strange. Right now, I manage about 4 billion hashes/second on NTLM. Looking at some of the rigs online with 8 AMD graphics cards, they are getting around 120 billion. It's all very interesting and I am by no means a cryptography expert, but I definitely am interested in learning more and experimenting to understand things a little better.

 

Anyway...I suppose I am getting off-topic. Thanks again for helping explain there's isn't necessarily anything evil in cracking hashes.

  • Author

So, it occurred to me that it may be possible to just use a Debian VM with GPU pass-through to accomplish this.

Is it possible to pass-through 2 GPUs to a single VM?

So, it occurred to me that it may be possible to just use a Debian VM with GPU pass-through to accomplish this.

Is it possible to pass-through 2 GPUs to a single VM?

As long as your hardware supports vt-d you should be able to pass through two GPUs.

  • Author

Ah, great. Thank you for the help.

Unfortunately, I am traveling this week. Once I get back, I will give it a shot though.

To be clear, I am a penetration tester that does this for a living, not some script-kiddie trying to "pwn the interwebz". I understand your concern, but there is nothing strictly illegal in cracking hashes. This is also more for research purposes, as I use AWS for cracking client hashes. I don't want to play around on AWS because I have to pay for that. I already have usable (albeit, not extremely fast) NVIDIA cards that aren't purposed elsewhere anymore that would be "cheaper".

So, any ideas on a method of facilitating the installation of the proprietary NVIDIA drivers?

 

"activities that could be hurtful to persons or entities"

Ummm...but usenet and bit-torrent dockers are perfectly acceptable? That seems silly. If cracking hashes is "potentially harmful", shouldn't pirating media also be "potentially harmful" and unacceptable?

Howdy, health issues have limited me lately, but just want to say - no problem.  You presented valid uses, and very valid points!  Certain 'gray areas' have become entrenched here, and changes if any would have to come from the top, not me.

  • Author

Sure. I definitely understand the need for Lime Technology to be clear that they aren't encouraging illegal activities.

However, something more inquisitory and less accusatory would have been nice. I could have explained what I was doing, as opposed to suddenly having to defend myself.

Anyway, not a big deal. I would have been more butthurt if I had been banned or my post removed.

Sidenote, I still haven't found time to get the old cards into unRAID. Not that anyone cares. Ha.

  • 6 years later...

I know it's been a while but I'm curious what progress was made and if you found any docker containers to meet your needs.  I'm starting my search for hash cracking docker containers and this is one of the first posts to come up.  I'm thinking of starting a second unraid box to run CTFs and pen testing challenges among my friends and was wondering what kind of stuff would be out there to help accomplish this goal. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.