Episode 419 — GPU accelerated MD5 Brute Forcing, Easy Windows Password Recovery with Ophcrack live USB and Dave Randolph

In this first episode of ’09 Dave Randolph joins us to geek out about all things video. Darren whips up a Password Cracking Cocktail and shows off a wicked fast MD5 brute force tool that harnesses the power of your Nvidia graphics card. Shannon saves the day by recovering her sisters Windows password with Ophcrack Live. And Evil Server gets his evil on while we were away on holiday.


Show Notes

MD5 Brute Forcing with your graphics card

Since Nvidia released the CUDA API for Windows, Mac and Linux a number of advances have taken place in the world of brute forcing. In this episode I feature a tool by Svarychevski Michail Aleksandrovich that claims to be the world’s fastest MD5 cracker — BarsWF

Using the brute forcer with a couple Nvidia 8 series or newer graphics cards you’re able to achieve unprecidented speeds. I’ve seen claims of nearly 4 billion hashes per second with quad SLI.

CUDA has also spurred other developments, such as this NTLM brute forcer for Linux.

In my segment I go into the very basics of password cracking theory and MD5 hashes with some simple scenarios. My aim is to provide a fundamental understanding of the concepts. If you’re interested in reading more I suggest starting here.

Darren Kitchen

Windows Password Recovery with Ophcrack Live USB

Recovering Windows Passwords coulnd’t be easier with Ophcrack Live on USB. Whether it’s your sister’s forgotten XP account or [insert other legit reason] a little USB booting and Rainbow Table loving’s got you covered.

Preparing an Ophcrack USB key is as simple as formatting your drive for FAT32 with the HP USB format tool. Downloading and launching USBOphcrack.exe and running the included batch file. The program will download a small set of rainbow tables and prepare your USB drive.

For even higher password recovering accuracy I recommend finding a larger set of Ophcrack compatible rainbow tables. Or if you’re feeling adventerous why not try out the Hak5 community rainbow tables — a whopping 120GB of NTLM goodness.

Shannon Morse

Be sure to follow one of us on Twitter if you’ll be at CES this week. We’ll be there finding all the best hackable gadgets!


  • scriptkiddie

    Next time consider a small discussion on the legality of breaking encryption when helping create more unnecessary script kiddies

  • Michail

    As an author of BarsWF I was really excited ti see my site & my program in your video 🙂 Great job guys 🙂
    PS. AMD version released, 1160 MHash/sec on 4870 😉

  • Erc_n_Amy

    Excellent show folks. Best yet IMHO. Great intro, great content, Great to see Dave. Very well done! And the set looks awesome.

    Cant wait for CES coverage, and HD baby!

  • Darren Kitchen

    @scriptkiddie, I’m sorry what? Creating skiddies Hak5 is not.

    @Michail, that’s awesome. I hope my segment did your program justice. We should have you on the program sometime.

    @Chris, do you think you could email [email protected] about that issue. I’m sure they’ll work with you to get it resolved.

    @John, I know right? Don’t worry, we’ll have an episode out for you Friday, Saturday and Sunday from CES. In HD. w00t

  • Jen

    Love the show. I’ll be needing the USB Ophcrack as my folks are starting to get forgetful. I introduced them to Firefox and showed them how to install and use add ons such as NoScript, read it later and 1 click weather. Two days later dad’s emailing me complaining that Firefox is blocking all scripts…Sigh, passwords are probably next…

    Beverage recommendation. This is going to sound bizarre but I swear it’s the tastiest thing ever.

    Sebor Absinthe and chocolate protein shake. I know, it sounds ick but it’s sooooo good.

  • Arakiz

    Great tip on the MD5 Bruteforcer 😀
    I’m right now running an eight character crack-run, doing 9.5 Billlion Hashes per second!!!!! That’s AWESOME!! Thanx anyway!

  • street

    Awesome episode, love the set. the md5 segment (and the cocktail part). i would like to say thank you for being drunk / tipsy during the show, i don’t feel so alone lol.

  • CheapStudios

    I stopped the video the first 5 minutes cause I got tired of all the stuipd noob talk and about the fat noob guy talking about his leet “multiple million$ deals” .. CHRIST get to the F*CKING point damn nooblets. No one gives a crap about the fat guys luscious deals, he still looks like a damn kid in his moms basement in the vid at least. You’d think with all that cash one of his “many” helpers would be a personal trainer or something… I cant even talk more sh*t right now since I couldn’t bare to watch past the first 5 mintes of nonsense.

    get on the ball you make barswf look like a stupid noob-tool with your noobessences when in fact its NOT. jeez.

  • CheapStudios

    btw, 1.2 Billion hash/sec here, single machine setup. 16Billion total using another tool which does distributed-processing which i dont want to mention for fear of it getting butchered here.

  • Mike

    Awesome episode… gotta love how darren got progressively more drunk as it went on LOL…. and the outtakes were hillarious. The USB ophcrack is awesome been using it for a while. And to CheapStudios, first off if you don’t like the show then don’t watch it… obviously you don’t think they butcher everything if you use the programs they debut… and also, I’m pretty sure they did a segment about distributed processing with a tool very similar to the one you’re talking about… the name escapes me right now though…. Keep up the good work guys! Def. looking forward to the CES coverage!

  • shadowmaster

    Nothing but entertainment good or back who cares –you watch it and have fun and learn something — if you guys are having fun making the show great — we will watch — but when the show stops being fun then it’s over … great stuff …always watching till the end….

  • postmodern

    Hey, just found your site in my Google Analytics and like the show. Nice job breaking down hash bruteforcing and rainbow tables in laymen terms.

    Maybe this is a bit high-end, but you can buy Field Programmable Gate Arrays (FPGAs) (basically programmable number-crunching circuit-boards) and use them to bruteforce encryption schemes. A couple FPGAs hooked up in parallel can waste most any GPU.

    @scriptkiddie: If we don’t try to break encryption, we’ll assume it is secure when in fact it might be trivially breakable. Got to weed out the weak crypto algorithms.

  • SparX

    Why did i have to sit through 10 minutes of babble before even the mention of what the title was about? TV show style layout is good for TV, but id google set designers and wire strippers if that was what i was looking for…

    Sorry guys, ya lost me.

  • Jmac

    Love the episode! Keep up the great content. I thought the interview at the beginning was very interesting. Maybe you guys could show us your studio in-depth -> post some flickr pics with the built and labels and such.

  • JP

    You needed to mention the Nvidia Tesla in regards to the GPU brute forcing shenanigans, that monster would put out some serious hashes per second

  • steveo

    hey dudes im noob to this kind of site and ive been looking through some of your vids and i love them all and due to this i have been adding extra security to my comp so much appreciated guys. me bro, who is mad into computers, introduced me to this website and im so thankful.
    dudes keep making the show please i love it.

    / / /\ || // 555555
    / / //\\ || // 5
    / / // \\ ||// 5
    /////// //====\\ |// 55555 RULES
    / / // \\ |\\ 5
    / / // \\ ||\\ ## 5
    / / // \\ || \\ ## 55555

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>