Minimum investment on a descent rig for 16+ character NTLM passwords
#1
Hi,

I wish to attempt to crack NTLM/NTLMv2 hashes extracted from a SAM database via dictionary/wordlist attack to improve my pentesting skills. The passwords will be 16+ characters in length.

* What are the minimum specifications my workstation should have have in terms of CPU, GPU, Memory etc?
* How much money do I need to invest (as a minimum)?
* Is it mainly GPU I need to concern myself of? Would a bitcoin mining rig work for this?

Thank you in advance!
#2
I'd invest in a simple calculator.
#3
(05-08-2018, 09:54 PM)undeath Wrote: I'd invest in a simple calculator.

I'm sorry if my question was stupid. Anything in particular that doesn't make sense?
#4
yes, the password length in combination with "brute force"
#5
to be fair, he could mean "brute force" against a dictionary of common passwords (as opposed to "really" brute forcing all possible combinations...), in which case pass length is likely unimportant?

and sorry I can't answer your question- I don't know anything about the nature of the hashes you're trying to crack... :/

But my rig is ~$3k, nvidia 1080Ti + 8-core i7 + 32G memory. No idea how "optimal" mine is, or how it relates to your specific problem space. Sorry! ¯\_(ツ)_/¯
#6
(05-08-2018, 10:06 PM)phildo Wrote: to be fair, he could mean "brute force" against a dictionary of common passwords (as opposed to "really" brute forcing all possible combinations...), in which case pass length is likely unimportant?

and sorry I can't answer your question- I don't know anything about the nature of the hashes you're trying to crack... :/

But my rig is ~$3k, nvidia 1080Ti + 8-core i7 + 32G memory. No idea how "optimal" mine is, or how it relates to your specific problem space. Sorry! ¯\_(ツ)_/¯

I'm just gonna continue to ask silly questions then (I guess that's how you learn? :-).

How come password length doesn't matter when "brute forcing" (maybe i'm just using the term wrong). I thought that in a pure brute force (non dictionary) attack the utility starts by choosing a random sequence of bytes i.e. 16 bytes, create a hash of that and check it against the NTLM hash. Etc... Same as with a dictionary attack but without any specific words to use.. Would love if someone would educate me a bit on this!

I would however understand if that means way to many different combinations, meaning that for such long passwords a dictionary would be the only option... But I might have misunderstood something very fundamental about how this all works...
#7
"brute force" means "try a, try b, try c, ... try aa, try ab, try ac, ... aaa, aab, aac" all the way to 16 characters. The "get a calculator" comment refers so the possibility space being way way way way too large to accomplish w/ 16 characters, regardless how fast you can crack (within earthly constraints). to put it clearly: length matters here, 16 is way too large.

a "dictionary" attack (unless I'm misunderstanding something...) implies you have a list of passwords to try: "mypassword123", "dogsRcute!", etc... Here the length of the password doesn't matter. The number of passwords in your dictionary _does_.

disclaimer: I really don't know what I'm talking about. but I'm pretty dang confident that if you're _really_ brute forcing 16- you're screwed.
#8
(05-08-2018, 10:21 PM)phildo Wrote: "brute force" means "try a, try b, try c, ... try aa, try ab, try ac, ... aaa, aab, aac" all the way to 16 characters. The "get a calculator" comment refers so the possibility space being way way way way too large to accomplish w/ 16 characters, regardless how fast you can crack (within earthly constraints). to put it clearly: length matters here, 16 is way too large.

a "dictionary" attack (unless I'm misunderstanding something...) implies you have a list of passwords to try: "mypassword123", "dogsRcute!", etc... Here the length of the password doesn't matter. The number of passwords in your dictionary _does_.

disclaimer: I really don't know what I'm talking about. but I'm pretty dang confident that if you're _really_ brute forcing 16- you're screwed.

Thanks for clearing that up. That's also what I assumed - I just didnt know how many guesses hashcat can do per second. I have now removed the word "brute force" from my original question - so hopefully the question makes more sense now Smile
#9
For reference. I've just grabbed a list of 7500 NTLM hashes (which is what you'd dump from a SAM database) from another forum and hit it with my dictionaries using a NVIDIA GeForce 980 Ti.

It took about 5 seconds to run through the short (~200MB) dictionary, and I got 350 hits.

In another 5 minutes, with more dictionaries and attacks, I brought the number of hits up to 1800.

(Would take you longer, since you don't have my dictionaries, of course.)

I wouldn't be able to brute-force 16 characters, but I can probably get 2 out of every 3 passwords in the list in a couple of hours, using dictionaries, masks and rules.

The same jobs would take maybe 4x longer on a budget NVIDIA GeForce 1050 (can get one on newegg for $149.)

The CPU and memory don't really enter. And, with NTLM, the time it takes to run the attack is largely independent of the number of hashes. I could do 700 thousand in the same amount of time it took to do 7 thousand.

It's a different story if you want to do salted hashes. (NTLM hashes you capture over the network are salted, I think.) Or if you want to do WPA. That's really slow. Around these parts we have quite a few Wi-Fi hotspots with default passwords that take 1+ hour to crack with the 980 Ti.
#10
(Sorry if this post is about to go off topic- but now I'm curious!)

(05-08-2018, 11:02 PM)mrfancypants Wrote: ... I can probably get 2 out of every 3 passwords in the list in a couple of hours, using dictionaries, masks and rules. 

Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa55w0rd", etc...), a mask is just "piecewise brute force" ("MyPa55w0rd?d" where ?d means "replace w/ every number"), and a rule is just "character targeted brute force" ("MyPa55w0rd", but try replacing every "a" with "4", "P" with "p", etc...)?

So, you're saying you're confident that this combination (your dictionary, your masks, and your rules) casts a wide enough net (and your hardware runs through them fast enough) as to catch a majority of real-world passwords- right? To be clear- you're not claiming any workaround beyond that?

I guess I'm just incredulous that any dictionary is good enough to get 2 out of 3, and any sufficiently wide mask/ruleset is equally sufficiently impossible to run... is that just my naivety?

(Ok, and also, a quick plug: you might be interested in checking out https://github.com/Phildo/expandpass - lets you really easily generate sensible combinations for password attempts Tongue )   

(05-08-2018, 11:02 PM)mrfancypants Wrote: ...with NTLM, the time it takes to run the attack is largely independent of the number of hashes. I could do 700 thousand in the same amount of time it took to do 7 thousand. 

What am I misunderstanding here? How can it possibly take the same amount of time to run 700,000 vs 7,000?