Summary In this post I will talk about how to make password cracking accessible to people who don't want to make the investment in video cards and GPU hardware resources. This post will mostly be a tutorial, geared toward people who are in a pinch and need to quickly standup a powerful hashcat environment.
The problem that led me down this path
I was recently working on an issue that required me to recover the password of a zip file. The zip file was created programmatically by a utility; which I had to the source code for. This meant I had the character set used and a fixed password length. I decided to fire up hashcat on my Mac Book Pro with my AMD Radeon Pro 560X. To my surprise, I was greeted with the error below;
Against the advice of the error message, I used the --force syntax to override the error. This yielded no usable results, it ended up making hashcat unstable and produced some false positives (I thought I had cracked the hash quickly).
After trying the to borrow some video hardware from a few co-workers (windows machines), I quickly determined I was going to need a lot more power!
Enter vast.aiAfter some research online, I discovered Vast.ai. Vast.ai is a docker-based peer GPU rental market. The premise behind the business is they will rental you video cards of your choosing for an hourly rate. The video card resources are provided by users of their platform, and there is a large quantity of options to choose from.
First you will need to create an account on vast.ai, and add some money. The payment information is handled via stripe, and you can add notification on when your balance gets below a certain point. I started off with a small balance for testing.
Generate an ssh key-pair for access
Access to your docker image will be handled over an SSH connection. I find it easiest to establish the ssh connection from a computer running linux or MacOS (You could use puttygen on a windows machine). We will need to generate an ssh key-pair from the computer you will connect with.
Open a terminal on a linux or macOS and issue the command below:
ssh-keygen -t rsa -b 4096 -C "vast.ai"