Recently some pretty major advances have come around in the world of GPU based hash cracking. Up untill now there was not much for Linux which would utilize multi GPUs to crack password hashs. This has been changed with the release of Oclhashcat. The release of oclhashcat signifies a signifigant jump in the speed on linux based GPU systems. There is also a cpu based version called hashcat but for this article I will be reviewing oclhashcat
make: *** No rule to make target -largtable2, needed by ../../bin/linux/release/CUDA-Multiforcer. Stop.
When attempting to compile the CUDA Multiforcer on CentOS Linux I ran into an error because the argtable2 package was not installed on the server. The CUDA Multiforcer application is a security audit tool used to check the strength of MD4, MD5, NTLM, and SHA1 password hashes. The CUDA Multiforcer attempts to brute force one of those types of hashes by attempting every combination of characters specified such as lowercase only characters, lowercase characters and numbers, etc. This tool can be extremely beneficial for checking the strength of user passwords for various operating systems and/or applications that store their passwords in a MD4, MD5, NTLM, or SHA1 hash. As you can see in the below error the issue appears to be with argtable2 which is not a package available with the default yum repositories on CentOS. Below I display the error and describe what repository to install to be able to use yum to install the argtable2 RPM package.
With the release of the new Question-Defense online NTLM, MD5 and MD4 cracker I decide to write a quick how to on grabbing the hash’s from a windows system. In order for this to work you need at least one username and logon of a user with admin privileges. I may in the future write a article on how to escalate your privileges from a user to a admin, but for the sake of this article will assume you know at least one admin user log on.
I have decided to do a few pieces on password auditing over the next few days as sort of a follow up to some of my previous articles on passwords. By writing these , I hope to encourage people to use longer more secure passwords and not to worry so much about the convenience of a short easy to remember password.