pyrit CUDA nvidia Tutorial + Nvidia overclock instructions

[purehate]

Just to expand on this thread a little. I just ordered 3 295 gtx's so we shall see what they can do in a week or so when I get them.

Tonight I was playing around with the passthrough option which takes words from a textfile and hash's them on the fly and pipes the hash's straight into cowpatty. You can check the pyrit blog for further explanation. I actually took it one step further and tried to pipe the out put of crunch > pyrit and then > cowpatty. This could be very usefull on the fly during a pentest. I have even toyed around with the idea of making a wpa crack box where user could submit cap files to a online web app and then get emailed the results. If anyone is really good at web apps (preferably ruby rails) and would like to throw around some ideas drop me a PM. Anyway so on to the results. Obviously I did a short test for this demo but you could compute a enormous amount of brute force words like this. Obviously brute forcing wpa is still unrealistic but its fun to play. I'm currently trying to figure out at 60,000 k/s how long it would take to brute force a 8 char, all lowercase password. Here's my test

Code:

r00t@infected ~ $ ./crunch 8 8 123456 | pyrit -e NETGEAR -f - passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR
cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA/PSK passphrase.
Starting dictionary attack.  Please be patient.
Using STDIN for hashfile contents.
key no. 10000: 11131143
key no. 20000: 11335211
key no. 30000: 11453262
key no. 40000: 11535435
key no. 50000: 11652122
key no. 60000: 12232413
key no. 70000: 12353454
key no. 80000: 12465164
key no. 90000: 12636253
key no. 100000: 12654635
key no. 110000: 13316255
key no. 120000: 13365643
key no. 130000: 13445163
key no. 140000: 13636424
key no. 150000: 14123612
key no. 160000: 14333322
key no. 170000: 14452353
key no. 180000: 14536235
key no. 190000: 14643246
key no. 200000: 15225263
key no. 210000: 15311412
key no. 220000: 15454615
key no. 230000: 15615226
key no. 240000: 15645413
key no. 250000: 16215322
key no. 260000: 16431136
key no. 270000: 16512311
key no. 280000: 16623324
key no. 290000: 21212636
key no. 300000: 21333152
key no. 310000: 21354664
key no. 320000: 21511433
key no. 330000: 21652143
key no. 340000: 22224141
key no. 350000: 22365142
key no. 360000: 22525524
key no. 370000: 22631223
key no. 380000: 22645352
key no. 390000: 23213255
key no. 400000: 23413215
key no. 410000: 23511653
key no. 420000: 23664532
key no. 430000: 24126645
key no. 440000: 24332655
key no. 450000: 24413634
key no. 460000: 24463124
key no. 470000: 25133613
key no. 480000: 25151615
key no. 490000: 25352313
key no. 500000: 25512152
key no. 510000: 25545421
key no. 520000: 26154141
key no. 530000: 26242353
key no. 540000: 26414546
key no. 550000: 26451114
key no. 560000: 26641151
key no. 570000: 31115456
key no. 580000: 31324355
key no. 590000: 31454432
key no. 600000: 31511245
key no. 610000: 32114234
key no. 620000: 32225163
key no. 630000: 32351325
key no. 640000: 32441513
key no. 650000: 32554132
key no. 660000: 33145616
key no. 670000: 33236462
key no. 680000: 33336253
key no. 690000: 33461611
key no. 700000: 33624253
key no. 710000: 34152241
key no. 720000: 34342611
key no. 730000: 34445611
key no. 740000: 34534644
key no. 750000: 34625254
key no. 760000: 35234526
key no. 770000: 35345566
key no. 780000: 35462352
key no. 790000: 35533136
key no. 800000: 36124542
key no. 810000: 36266234
key no. 820000: 36412145
key no. 830000: 36553165
key no. 840000: 36624645
key no. 850000: 41216544
key no. 860000: 41336516
key no. 870000: 41436164
key no. 880000: 41553465
key no. 890000: 41664235
key no. 900000: 42166332
key no. 910000: 42324446
key no. 920000: 42451366
key no. 930000: 42636115
key no. 940000: 43143663
key no. 950000: 43241324
key no. 960000: 43424541
key no. 970000: 43541465
key no. 980000: 43632455
key no. 990000: 44125243
key no. 1000000: 44342332
key no. 1010000: 44422123
key no. 1020000: 44466642
key no. 1030000: 45134625
key no. 1040000: 45212236
key no. 1050000: 45315542
key no. 1060000: 45412514
key no. 1070000: 45556153
key no. 1080000: 46156141
key no. 1090000: 46216165
key no. 1100000: 46435225
key no. 1110000: 46542632
key no. 1120000: 46625213
key no. 1130000: 51134262
key no. 1140000: 51264224
key no. 1150000: 51422626
key no. 1160000: 51616253
key no. 1170000: 51661435
key no. 1180000: 52142361
key no. 1190000: 52325654
key no. 1200000: 52421145
key no. 1210000: 52554335
key no. 1220000: 53111454
key no. 1230000: 53231425
key no. 1240000: 53432616
key no. 1250000: 53515656
key no. 1260000: 53631632
key no. 1270000: 54125541
key no. 1280000: 54332253
key no. 1290000: 54425525
key no. 1300000: 54613265
key no. 1310000: 54635332
key no. 1320000: 55235662
key no. 1330000: 55314253
key no. 1340000: 55444133
key no. 1350000: 55556611
key no. 1360000: 56111116
key no. 1370000: 56232121
key no. 1380000: 56324643
key no. 1390000: 56543625
key no. 1400000: 56556341
key no. 1410000: 61125635
key no. 1420000: 61265636
key no. 1430000: 61463442
key no. 1440000: 61551154
key no. 1450000: 62133241
key no. 1460000: 62162651
key no. 1470000: 62315316
key no. 1480000: 62512446
key no. 1490000: 62566451
key no. 1500000: 63152536
key no. 1510000: 63266461
key no. 1520000: 63366622
key no. 1530000: 63552344
key no. 1540000: 63626146
key no. 1550000: 64221163
key no. 1560000: 64315625
key no. 1570000: 64451613
key no. 1580000: 64535662
key no. 1590000: 64641531
key no. 1600000: 65242616
key no. 1610000: 65324655
key no. 1620000: 65441114
key no. 1630000: 65535666
key no. 1640000: 66163634
key no. 1650000: 66223465
key no. 1660000: 66342333
key no. 1670000: 66512215
fread: Success
Unable to identify the PSK from the dictionary file. Try expanding your
passphrase list, and double-check the SSID.  Sorry it didn't work out.

1670168 passphrases tested in 171.54 seconds:  9736.04 passphrases/second

[purehate]

Just to further prove the usefulness of this I just used the same password list the church of the wifi used to make their tables in my experiment.

Code:

r00t@infected ~ $ pyrit -e NETGEAR -f final-wordlist.txt passthrough | cowpatty -d - -r wpa-01.cap -s NETGEAR
cowpatty 4.3 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA/PSK passphrase.
Starting dictionary attack.  Please be patient.
Using STDIN for hashfile contents.
key no. 10000: 123456pnb
key no. 20000: 1Tokenof

Code:

key no. 970000: waegbarer
key no. 980000: withstood
key no. 990000: yc26njw4xd
fread: Success
Unable to identify the PSK from the dictionary file. Try expanding your
passphrase list, and double-check the SSID.  Sorry it didn't work out.

990100 passphrases tested in 104.51 seconds:  9473.97 passphrases/second

As you can see I blew through their list of the most common passwords in 104 seconds. Pretty cool stuff.

[SWFu64]

3 x 295 gtx's, nice!

I'm a web developer by trade (AJAX, PHP, MySQL etc), I've no experence as yet with RoR but been meaning to check it out, I'll go raid amazon and have a read. I'll be more than willing to help on the project if I can.

[intertan]

Just to expand on this thread a little. I just ordered 3 295 gtx's so we shall see what they can do in a week or so when I get them.

Tonight I was playing around with the passthrough option which takes words from a textfile and hash's them on the fly and pipes the hash's straight into cowpatty. You can check the pyrit blog for further explanation. I actually took it one step further and tried to pipe the out put of crunch > pyrit and then > cowpatty. This could be very usefull on the fly during a pentest. I have even toyed around with the idea of making a wpa crack box where user could submit cap files to a online web app and then get emailed the results. If anyone is really good at web apps (preferably ruby rails) and would like to throw around some ideas drop me a PM. Anyway so on to the results. Obviously I did a short test for this demo but you could compute a enormous amount of brute force words like this. Obviously brute forcing wpa is still unrealistic but its fun to play. I'm currently trying to figure out at 60,000 k/s how long it would take to brute force a 8 char, all lowercase password.

I have thought of that as well. Right now I am thinking of getting 4 gtx295's with the foxconn destroyer which has 4 pcix16 dual slots and on board video.
I wont be able to do anything till late July, hopefully our dollar gets on par again soon.[/QUOTE]



Sorry didn't mean to do that one

on a side note asus has a 6@16x pcie board, downside is that they are single space http://ca.asus.com/products.aspx?l1=...97&modelmenu=1

ok they have shown a 7 pci slot board math wise 19800pmk per card 19800*6=11880pmk's 19800*7=138600pmk's. assuming you can get them all to work even with the 965 i7. set it up in Antarctica to keep it cool.

[Tharp94895]

Success!!! Finally after getting back in and analyzing the xorg file i found that i had a problem in there and i installed pyrit and compiled the cuda kernels again and that did it...

Code:

   
root@bt:~# pyrit benchmark
The Pyrit commandline-client (C) 2008 Lukas Lueg 
This code is distributed under the GNU General Public License v3

The ESSID-blobspace seems to be empty; you should create an ESSID...

Running benchmark. This may take a while...
Benchmark done after 6.63 seconds. Reporting on cores:
CUDA-Device 'GeForce GTX 260': 10672.68 PMKs/s, 84.76% occupancy
CUDA-Device 'GeForce GTX 260': 9941.85 PMKs/s, 60.66% occupancy
CUDA-Device 'GeForce GTX 260': 10195.17 PMKs/s, 73.94% occupancy

All done. 22614.93 PMKs/s total.
root@bt:~#

Now i need some help trying to overclock the other 2 cards, because i put coolbits in all 3 cards but only shows 1 of them....


Sorry can't post pic haven't got 15 posts yet

[bgalfond]

very happy with my results!

Code:

root@bt:/pentest/password/pyrit# python pyrit.py benchmark
The Pyrit commandline-client (C) 2008 Lukas Lueg  XXXXXXX
This code is distributed under the GNU General Public License v3

The ESSID-blobspace seems to be empty; you should create an ESSID...
Available cores: 'Standard CPU', 'Nvidia CUDA'
Testing CPU-only core 'Standard CPU' (1 CPUs)...  273.09 PMKs/s

Testing GPU core 'Nvidia CUDA' (Device 'GeForce 8800 GTS 512')...  6695.98 PMKs/s

cpu is e8400 dual core @ 3.0 GHz. Unfortunately it is hot again where I live so I nixed the @ 4.0 OC. Now it seems not even worth it, just tweak the graphics card!

Thanks!

[intertan]

you ever get those 295's?

I ordered my board to fit 4 of them and still planning to get the 4 when I get back from school. I may get 1 or 2 while I am in school.

there are 2 things I am wondering can I have it go to airolib-ng instead of cowpatty?

and if I get a amd 9950 with 4 gtx 295 will crunch output be to slow to utilize the full power of these cards.

[purehate]

you ever get those 295's?

I ordered my board to fit 4 of them and still planning to get the 4 when I get back from school. I may get 1 or 2 while I am in school.

there are 2 things I am wondering can I have it go to airolib-ng instead of cowpatty?

and if I get a amd 9950 with 4 gtx 295 will crunch output be to slow to utilize the full power of these cards.

The problem with airolib is that the export from pyrity to the airolib style file takes about 25 times as long than exporting to cowpatty format. This is a limitation of sqlite and has nothing to do with either pyrit or aircrack.

I have one of the 295's so far. Still waiting on the other to. The ones that come with the backplate already installed are on backorder I guess.

[hm2075]

at 60,000 k/s for a password that is all lower case and 8 chars

41 days according to pswcalc

[smurof]

8 characters with 26 possible letters each ~= 208.000.000.000 PMKs. That's worth around 9.000 gigabytes depending on your filesystem.