|
Extreme GPU Bruteforcer
IMPORTANT! You may use this software for the recovery of your own forgotten passwords only!
Program Description
INI File Parameters
Demo Version Restrictions
License Agreement
FAQ
The software recovers passwords from hashes of different types using GPU. That allows reaching outstanding attack speeds:
| No. | Algorithm | Average Speed (when attacking one hash on NVIDIA GTS250) |
| 1 | MD5 | 426 million p/s |
| 2 | MD4 | 610 million p/s |
| 3 | LM | 48 million p/s |
| 4 | NTLM | 570 million p/s |
| 5 | SHA-1 | 85 million p/s |
| 6 | MySQL | 710 million p/s |
| 7 | MySQL5 | 66 million p/s |
| 8 | SHA-256 | 65 million p/s |
| 9 | SHA-384 | 13 million p/s |
| 10 | SHA-512 | 13 million p/s |
| 11 | RAdmin v2.x | 210 million p/s |
| 12 | GOST R 34.11-94 | 0.2 million p/s |
| 13 | md5(md5($pass)) | 165 million p/s |
| 14 | sha1($salt.sha1($pass)) | 30 million p/s |
| 15 | substr(md5($pass),8,16) | 400 million p/s |
| 16 | substr(md5($pass),16,16) | 390 million p/s |
| 17 | md5(sha1($pass)) | 75 million p/s |
| 18 | sha1(md5($pass)) | 75 million p/s |
| 19 | sha256(md5($pass)) | 45 million p/s |
| 20 | Domain Cached Credentials | 250 million p/s |
| 21 | MD5(APR) | 0.2 million p/s |
| 22 | MD5(Unix) | 0.21 million p/s |
| 23 | DES(Unix) | 1.7 million p/s |
| 24 | MD5(phpBB3) | 0.2 million p/s |
| 25 | MD5(Wordpress) | 0.05 million p/s |
| 26 | md5($pass.$salt) | 400 million p/s |
| 27 | md5($salt.$pass) | 320 million p/s |
| 28 | md5(md5($pass).$salt) | 155 million p/s |
| 29 | md5(md5($salt).$pass) | 295 million p/s |
| 30 | md5($salt.md5($pass)) | 130 million p/s |
| 31 | md5($salt.$pass.$salt) | 305 million p/s |
| 32 | md5(md5($pass).md5($salt)) | 109 million p/s |
| 33 | md5(md5($salt).md5($pass)) | 109 million p/s |
| 34 | md5(1.$pass.$salt) | 138 million p/s |
| 35 | md5($username.0.$pass) | 257 million p/s |
| 36 | sha1($pass.$salt) | 80 million p/s |
| 37 | sha1($salt.$pass) | 90 million p/s |
| 38 | sha1(strtolower($username).$pass) | 90 million p/s |
| 39 | sha256($pass.$salt) | 55 million p/s |
| 40 | sha256($salt.$pass) | 55 million p/s |
| 41 | sha512($pass.$salt) | 11 million p/s |
| 42 | sha512($salt.$pass) | 11 million p/s |
| 43 | md5($unicodepass) | 400 million p/s |
| 44 | SAPB | 25 million p/s |
| 45 | sha1(sha1($salt.$pass)) | 39 million p/s |
| 46 | SSHA-1 | 80 million p/s |
| 47 | substr(md5($pass),12,20) | 390 million p/s |
| 48 | md5($username.LF.$pass) | 320 million p/s |
| 49 | sha1(sha1($pass)) | 35 million p/s |
| 50 | SHA-1(Oracle) | 64 million p/s |
| 51 | MSSQL(2005) | 64 million p/s |
| 52 | sha256(sha1($pass)) | 23 million p/s |
| 53 | md5($unicodepass.$salt) | 310 million p/s |
| 54 | md5($salt.$unicodepass) | 215 million p/s |
| 55 | md5(md5($unicodepass).$salt) | 120 million p/s |
| 56 | sha1($unicodepass) | 70 million p/s |
| 57 | sha1($unicodepass.$salt) | 64 million p/s |
| 58 | sha1($salt.$unicodepass) | 55 million p/s |
| 59 | sha384($pass.$salt) | 11 million p/s |
| 60 | sha384($salt.$pass) | 11 million p/s |
To run the program, pass the following mandatory command-line parameters to it:
1. Algorithm number
2. Name of the INI file with attack settings
3. Name of the text file with hashes
Examples of running the program:
EGB.exe 1 MD5.ini Hashes.txt
EGB.exe 20 "Domain Cached Credentials.ini" Hashes.txt
EGB.exe 42 "sha512($salt.$pass).ini" 1.txt
etc.
To obtain the list of all the algorithms, run the program as follows:
EGB.exe /list
To obtain the information about GPU, run the program as follows:
EGB.exe /info
[BruteForceAttack]
In this section, you can describe up to 512 attacks, which would run in series, one after another. The settings of each attack are defined in the parameters 1, 2 ... 512, in the following format:
Attack Number=Character set,Minimum password length,Maximum password length
Example settings:
[BruteForceAttack]
1=?d,1,12
2=?l?u?d,4,6
3=0123456789abcdef,2,8
Note: All attacks support the following standard character sets:
?d – 0123456789
?l – abcdefghijklmnopqrstuvwxyz
?u – ABCDEFGHIJKLMNOPQRSTUVWXYZ
?s – !@#$%^&*()`~-_=+\|[]{};:'",.<>/?
[MaskAttack]
In this section, you can describe up to 512 mask attacks, which would also run in series, one after another. Each attack is defined in the parameters 1, 2 ... 512, in the following format:
Attack Number=Mask,Minimum password length,Maximum password length
Example settings:
[MaskAttack]
1=Admin?d?d?d?d?d?d,6,11
2=?u?l?l?l?l?l?l?l,1,8
3=?u?umaster?d?d,10,10
[DictionaryAttack]
In this section, you can define up to 512 dictionaries, which would be used for running a simple dictionary attack; for example:
[DictionaryAttack]
1=D:\1.dic
2=D:\2.dic
3=D:\3.dic
[HybridAttack]
In this section, you can define up to 512 hybrid attack rules, which are to be defined as masks (similarly to the mask attack); a dictionary password should be denoted by a special symbol @. This attack supports only one dictionary, which is to be defined in the "Dictionary" parameter in the same section; for example:
[HybridAttack]
Dictionary=D:\InsidePro (Mini).dic
1=@?d?d?d?d
2=?u?u@
3=admin@
Examples of rules for this attack:
@?d?d?d?d – 4 trailing digits would be added to a dictionary password.
?u?u@ – two leading characters from the "A...Z" range would be added to a dictionary password.
admin@ – a leading "admin" string would be added to a dictionary password.
This attack also supports complex masks, of types ?u@?l?l, ilove@?d?d?d?d or Summer?u?d@?s (i.e. masks can be defined on both the left and on the right side of the dictionary password). Moreover – the program supports masks of any length; for example, @?d?d?d?d?d?d or ?u@?l?l?d?d; the only limitation is that the number of password combinations in one rule can not exceed StreamProcessors * StreamProcessors * PasswordsPerThread.
[Settings]
In this section, you can specify the application's general settings.
AttackMode – select the desired attack; available values: 1 (Brute Force Attack), 2 (Mask Attack), 3 (Dictionary Attack) or 4 (Hybrid Attack). In this parameter, you can also specify the initial rule, which the attack is to start with; for example:
AttackMode=2,4 – launch a mask attack starting with the 4-th mask.
AttackMode=3,10 – launch a dictionary attack starting with the 10-th dictionary.
AttackMode=4,64 – launch a hybrid attack starting with the 64-th rule.
LastPassword – this parameter stores last processed password. Therefore, when the program is launched again, the attack will resume from that password. Thus, in order to start the attack all over, you will need to drop the value in this parameter. Note: If you don't want to have last processed password stored in the INI file set the Read-only attribute on that INI file.
CurrentDevice – this parameter allows you to choose, on which of the available GPU to launch the attack. This allows to manage the load on the GPU more effectively and run simultaneous attack with different settings on different GPU. The default value is 1. To use multiple GPU simultaneously, list their numbers separating them with a comma, for example:
CurrentDevice=1,2
CurrentDevice=1,4
CurrentDevice=2,3,4
CurrentDevice=1,2,5,6,7,8
In this mode, you can set individual StreamProcessors and PasswordsPerThread values for each GPU, also listing them via a comma, like this:
CurrentDevice=1,2
StreamProcessors=112,96
PasswordsPerThread=6000,2000
or
CurrentDevice=1,2,3,4
StreamProcessors=128,128,128,64
PasswordsPerThread=3000,3000,3000,100
StreamProcessors – number of stream processors; the default value is 128.
PasswordsPerThread – number of passwords to be processed in one thread; by default - 3000 passwords for unsalted hashes, and 100 passwords for salted ones.
HexSalt – determines salt (or user name) format:
"0" (default) – plain text format
"1" – hexadecimal format
AttackTime – allows limiting the duration of the attack (in munites). The default value is "0", i.e. the attack is not restricted by time.
DeleteHashes – this parameter allows removing recovered hashes from the original text file. On the "1" value, the recovered hashes will be deleted; on the "0" value (default) – the hashes will be preserved.
OutputFileFormat – this parameter defines the format, in which found passwords are to be appended to OUT file. The following values are supported:
"0" (default value) – hash:password
"1" – hash:[color=blue]password[/color] (this format allows publishing found passwords in the format common to the InsidePro Software forum)
"2" – hash:password (this doesn't record the attack start and end time in the file)
"3" – hash:[color=blue]password[/color] (this doesn't record the attack start and end time in the file)
AppendToOutputFile – this parameter determines whether or not to append found passwords to the program's output file (e.g., for module "MD5.exe" that would be "MD5.out"). On "1" (default) passwords are appended, on "0" they are not.
AppendToDictionaryFile – this parameter determines whether or not to append found passwords to dictionary file (e.g., for module "MD5.exe" that would be "MD5.dic"). On "1" (default) passwords are appended, on "0" they are not.
CustomCharacterSet1 ... CustomCharacterSetZ – custom character sets that you can use in a mask or hybrid attack, marking them as character sets ?1 ... ?9 and ?A ... ?Z.
Base64Hashes – enables operations with Base64-encoded hashes (when set to "1").
CreateBackupFile – defines whether to create a backup copy of the source file with hashes. When set to "1" (default) the program creates a backup file; with set to "0", it doesn't.
RemoveDuplicates – this parameter defines whether or not to remove duplicate hashes from the list. Value "1" (default) sets to remove hashes, value "0" – sets to not remove them.
Maximal duration of attack is limited to 3 minutes. Also disabled is the recognition of the LastPassword parameter.
1. All rights for Extreme GPU Bruteforcer are reserved to InsidePro Software.
2. The software is available as Demo, with restrictions provided in the program description.
3. To use the software without restrictions, you must register your copy of the software by purchasing a license key (or several license keys) and then entering those in the application.
4. The use of the license keys by any persons that are not registered as authorized users of the software, as well as the distribution of or publishing the license keys are illegal. InsidePro Software reserves the right to revoke the registered user status from such key owners and ban such license keys in the future versions of the software.
5. You shall not modify, disassemble or decompile this software. Any violation of this provision in any part shall lead to the immediate termination of this License Agreement.
6. The software is provided on the "AS IS" basis. You use this software at your own risk. Under no circumstances shall the author be held liable for any data loss or damage, lost profits or any other damages caused by using or not using this software.
7. InsidePro Software guarantees that the software does not contain malware, spyware nor any other harmful code designed for performing any functions other than those stated in Program Description.
8. Using the software shall indicate your acceptance of this License Agreement.
9. If you do not wish to be bounded by the terms of this License Agreement, delete all the files of this software from your computer and stop using this software.
10. The software shall not be used throughout the territory of the United States of America and its possessions, as such use leads to the violation of U.S. Patent 7787629. InsidePro Software shall not be held liable for the import, distribution and use of this software throughout the territory of the United States of America and its possessions.
Q1: What are the system requirements that your program lays down?
A: The main requirement is that your video card must support the CUDA technology (you can find the list of such video cards here). Other than that, you must have the latest drivers for it installed on your video card. It is also necessary that the video card supports the sm_11 and higher architecture.
Q2: My video card has an ATI GPU. Will your program work with it?
A: No, it will not, since the CUDA (Compute Unified Device Architecture) technology is only supported by GPU manufactured by NVIDIA.
Q3: When I launch the program, it brings up a DOS prompt window, which disappears the very next moment. How am I supposed to work with the program?
A: For the convenient operation, use a file manager that runs in the DOS mode; e.g., FAR Manager.
Q4: The program pops the "CUDA Error..." message on startup. How can it be fixed?
A: First of all, make sure that your video card supports the CUDA technology, and you have got the latest video card drivers installed. If these requirements have been observed, and the error persists, please send the following information to our Technical Support Service for the analysis: error message, and exact model of your video card.
Q5: My computer hangs or shows the "Blue Screen of Death" (BSOD) when the program is launched. How can this be fixed?
A: That can take place when your GPU is over-clocked; therefore, it is recommended that you restore the original values of the GPU and memory clock. Also, make sure that your video card receives reliable and quality cooling, as the program employs the full power of your GPU and, consequently, in this operating mode its temperature goes up. Also, running under the full load, the video card consumes a great amount of electricity, and your power supply may fail to meet such power demands.
Q6: I managed to launch the program; now, how can I halt it?
A: Press the Ctrl+C or Ctrl+Break shortcuts on the keyboard.
Q7: I launched the program, and now my computer runs really slow. How can this be fixed?
A: By default, the program is configured to run in the extreme operating mode, where the computer is loaded with only one job – recovering passwords at the highest speed possible. Obviously, that leads to slowing down the operating speed of the rest of applications. To decrease the load on your computer, decrease the value in the PasswordsPerThread parameter in the INI file.
Q8: Does the program recover passwords that contain national characters; for example, Cyrillic?
A: Yes, it does; for that purpose, in the CharacterSet parameter of your INI file enter the required character set.
Q9: When I launch an attack to recover salted hashes, my computer freezes or displays BSOD. Why?
A: Since the speed of processing salted hashes decreases proportionally to their number, with a great number of hashes it is necessary to decrease the value of PasswordsPerThread (and of StreamProcessors when that's necessary). Otherwise, the total number of threads in a GPU, multiplied by the number of hashes in each thread, with a low attack speed will lead to the point where the GPU will become overloaded with calculations and will take too long to respond to the driver's queries.
Q10: Now, how do I determine whether or not GPU is overloaded?
A: In the normal state, EGB refreshes the attack speed indicator 2 times per second; therefore, if the refresh rate on your screen is noticeably lower, your GPU is overloaded, and you need to lower the values of PasswordsPerThread and StreamProcessors.
Q11: When I launch an attack with a long mask, the status string (which shows the attack speed and current password) sometimes doesn't fit the size of the console window. How could that be fixed?
A: To ensure the proper appearance of long passwords on the application's status bar, expand the width of the console window through its properties (that feature is available beginning with Windows 2000/XP) – for example, instead of the default 80 characters, you can set 100 or even more (if the resolution of the screen and current console font allow).
Q12: Are you planning to add the support for OpenCL to your software?
A: Unlikely we are going to do that in the near future, although it is possible some time later.
Q13: Occasionally, some time after the program starts, it returns an error: "CUDA Error...". What could cause it?
A: Most often this happens because the video card keeps being actively used; that could be a running screensaver, playing video, etc. Obviously, to ensure a stable operation of EGB for long hours (or even days), you need to disable such extraneous applications when attacking hashes.
|
