I'm running a very time-consuming script which takes many hours to end. Watching top
I see that it's only taking 5% of the CPU at best, usually around 3%.
Is there any way to force the script to use more CPU in order to end faster?
Edit:
Basically the script is bruteforcing 5 chars length passwords given a the salt and the hash.
Not at home right now, but something like:
charset = ['a','b',.........'z'];
for i in $charset do
for j in $charset do
for k in $charset do
for l in $charset do
for m in $charset do
pass = `openssl passwd -salt $1 $i$j$k$l$m`
if [ pass == $2 ]]; then
echo "Password: $i$j$k$l$m";
exit;
fi
done
done
done
done
done
Best Answer
Improvement #1 - Loops
Your looping structure seems completely unnecessary if you use brace expansions instead, it can be condensed like so:
I'm showing 4 characters just to make it run faster, simply add additional
{a..z}
braces for additional characters for password length.Example runs
4 charactersSo it completed in 18 minutes.
5 charactersThis took ~426 minutes. I actually Ctrl+C this, so it hadn't finished, but I didn't want to wait any more than this!
NOTE: Both these runs were on this CPU:
Improvement #2 - Using nice?
The next logical step would be to
nice
the above runs so that they can consume more resources.But this will only get you so far. One of the "flaws" in your approach is the calling of
openssl
repeatedly. With{a..z}^5
you're callingopenssl
26^5 = 11881376 times.One major improvement would be to generate the patterns of
{a..z}....
and save them to a file, and then pass this as a single item toopenssl
one time. Thankfullyopenssl
has 2 key features that we can exploit to get what we want.Improvement #3 - our call structure to openssl
The command line tool
openssl
provides the switches-stdin
and-table
which we can make use of here to have a single invoke ofopenssl
irregardless of how many passwords we want to pass to it. This is single modification will remove all the overhead of having to invokeopenssl
, do work, and then exit it, instead we keep a single instance of it open indefinitely, feeding it as many passwords as we want.The
-table
switch is also crucial since it tellsopenssl
to include the original password along side the ciphers version, so we can make fairly quick work of looking for our match.Here's an example using just 3 characters to show what we're changing:
So now we can really revamp our original
pass.bash
script like so:Now when we run it:
This is a massive improvement! This same search that was taking more than 426 minutes is now done in ~1 minute! If we search through to say "nnnnn" that's roughly in the middle of the
{a..z}^5
character set space.{a..n}
is 14 characters, and we're taking 5 of them.This search took ~1.1 minutes. NOTE: We can search the entire space of 5 character passwords in ~1 minute too.
Conclusions
So with a restructuring we're running much faster. This approach scales much better too as we add a 6th, 7th, etc. character to the overall length of the password.
Be warned though that we're using a smallish character set, mainly only the lowercase alphabet characters. If you mix in all the number, both cases, and special characters you can typically get ~96 characters per position. This may not seem like a big deal but this increase your pool tremendously:
Adding all those characters just increased by 2 orders of magnitude our search space. If we go up to roughly 10-12 characters of length to the password, it really puts a brute force hacking methodology out of reach.
Using proper a salt as well as additional NONCE's throughout the construction of a hashed password can add still more stumbling blocks.
What else?
You've mentioned using John (John the Ripper) or other cracking tools. Probably the state of the art currently would be HashCat.
Where John is a tighter version of the approach you're attempting to use, HashCat takes it to another level by enlisting the use of GPUs (up to 128) to really make your hacking attempts fly.
You can even make use of CloudCrack, which is a hosted version, and for a mere $17 US you can pay to have a password crack attempted.
References