(image was generated by Stable Diffusion, and is not an accurate representation of our cracking server 🙃)
In the realm of penetration testing, the inevitable task of collecting and cracking password hashes arises. Whether conducting web application testing, uncovering symmetric secrets for JSON Web Tokens (JWTs), or engaging in network penetration testing within an internal network, cracking passwords is an invaluable step in the process. Despite numerous resources offering recommendations for assembling a password cracking machine, there is a scarcity of comprehensive build guides for existing password cracking servers. Especially for those operating on a smaller budget, but trying to get the best bang for their buck.
Join Doug Bigalke and Alex Rodriguez as they delve into this topic and more during the Thrift Store Cracking Server: Popping Hashes Guide webcast on February 27th.
In 2021, with a budget of approximately $12,000, Doug and Alex strategically crafted two password cracking rigs focusing on optimizing performance as well as ensuring a cost-effective approach. One of the other key ideals that was incorporated in their planning was to accommodate for future GPU upgrades. Operating in a fully remote capacity, Alex prioritized the ability to manage servers from a distance, and urged hardware choices aligned with this goal. From a software perspective, they implemented a scarcely discussed technique—PCIe pass-through—but through benchmarks identified it was on par with most hardware configurations. They also were able to leverage Infrastructure as Code (IaC) using Ansible to ensure this process was repeatable.
While this isn’t a comprehensive list, these are some of the people we had in mind when creating this presentation.
Don't miss the opportunity to enhance your knowledge of password cracking hardware. Register now for this unique experience. At Secure Ideas, we are dedicated to enhancing your penetration test experience by sharing insights and techniques to bolster your environment's security, whether you are on the defensive or offensive side. Stay tuned for more detailed blog posts on this topic in the future, and in the meantime, explore our existing blog posts on hardware and passwords