I'm planning to extend my pentest services to Password Cracking, to be more precise: Cracking Active Directory Passwords, extracted from the customers Active Directory in order to check users passwords.
Now I did some research, but there are so many different ideas and suggestions. Also, a lot of articles are many years old already... From what I know, the new cards from Nvidia are great for Cracking (like the RTX 3080 or the 3090), but I'm not completely sure about it.
Hashes that will be cracked are NTLM hashes then...
My question now is: what hardware should I get? Is it worth building it yourself or can I just buy a premade machine for that? If building myself, what mainboard would I need to get for it? Propably I'd need multiple cards on there, so SLI might be something to think about as well then?
An alternative to buying something, that I though of, was just renting hardware especially for the cracking - as an example at Microsoft Azure, you'd get the Package "ND40rs v2" with 40 cores, 700GB of RAM and 8 x NVIDIA Tesla V100, which should be able to do about 400 - 600 GH/s... that all for 20€ / hour though... Is that worth it?
Some useful information:
- Budget is pretty flexible depending on the resulsts achieved.. I'd say between $5000 and $15000
- Energy consumption of the device is not really relevant
- The amount of hashes to be cracked will very depending on the company.... They could be anything between 20 and 5000 I'd say...
- The target is not cracking ALL passwords, target would be I'd say cracking something between 80 and 90%, as the main purpose is to identify the "weak" passwords, that can be easily cracked.
- I plan using Hashcat for Cracking, using different dictionaries with known passwords first and then using brute force on the passwords on up to 7 or 8 characters (depending on the cracking machine)... I'm free to use other software though, if you can suggest something better
- I wouldn't want the cracking process of one customer (no matter if its 20 or 5000 hashes) to take longer then 2-3 days...Should take shorter, if I'd use the cloud solution (max 24 hours)..
I would appreciate some hints on what to look for :)
