MOTIVATION Soon after releasing the build for the Budget Cracking Rig, I received a lot of community feedback. Most feedback circled around one main issue: Cost. Reality is that not many small companies or enthusiasts can stomach dumping $5000 into a Budget Cracking Rig nor $15,000 into an 8 GPU rig. Even so, most security professionals would still not likely efficiently use an expensive rig and it’s cracking power to its full potential (unless running HashStack). This issue launched my research into finding a suitable solution that doesn’t pack a punch on your wallet, but can respectably hammer some common hash types. Additionally, I wanted this rig to have other advantages over the 4 & 8 GPU behemoths, so it’s as compact as I could muster at the rough price point of $1,000 (depending on market conditions). It has happened on occasion a customer would request no data or hashes leave the network during a pentest, so all resources needed to be onsite. I would have killed to have had this portable rig at the time, instead of a Macbook Pro clunking through simple dictionaries while also performing other tasks. So with this rig, weighing in at 19 lbs,I am able to pack it in the center of my checked suitcase, with clothes piled all around it, for a week long onsite engagement.
This rig I’m sure has many tweaks and hardware choices other experts may recommend, and working in the budget constraint, I tried the best I could muster. I imagine many comments will flood in for mods/suggestions but please only listen to experts (@evil_mog @TycoTithonus@Chick3nman512 @jmgosney etc..) in the field. Opinions are like ….well, let’s just say everybody has one.
As stated this little rig packs a punch and is well suited against the standard enterprise network hashes: NTLM, NTLMv1-v2, and md5crypt. You can easily run some of the larger more popular dictionaries like weakpass or hashes.org. and finish in a couple minutes. Add in some smartly designed rules or hybrid attacks and those can complete in a matter of hours. Or if you are needing a more autonomous solution fire up a Purple Rain attack and attend to other network recon tasks. All-in-all any pentester should be able to cover a lot of keyspace during a week long engagement. Just be sure to design a well suited targeted attack plan, with no hail marys, and if you need a good resource for learning your password cracking options check out Hash Crack v2.0 on Amazon.
PARTS & COST LIST
You’ve got to be savvy and shop smart for these parts. Open box and ebay are your friends, and remember this rig isn’t for show, so who cares if parts don’t match or are used as long as they are in working order. Also thanks to cryptocurrency mining, GPU cards are a pain to find which are not insanely marked up by 35%. The Nvidia 1070Ti for this rig was purchased a day after they were released by Nvidia directly from the site. So it goes without saying, put all announcements from Nvidia on alert and buy the cards immediately if possible. Now I didn’t hit the $1,000 price point dead on, mainly because of memory prices shooting up, but you could also settle for a simpler CPU cooler setup and save some additional cash.
DEEPCOOL Gamer Storm CAPTAIN 240EX CPU Liquid Cooler (Openbox) = $60
Fractal Design Core 500 Black Mini-ITX Small Form Factor Computer Case = $59
ASUS ROG STRIX Z270I LGA 1151 Intel Z270 Mini ITX Motherboard = $119
CORSAIR CX Series CX650 650W ATX12V 80 PLUS BRONZE Power Supply = $59
Intel Core i5-7600K Quad-Core 3.8 GHz LGA 1151 Processor = $190
Team Elite Plus 16GB 288-Pin SDRAM DDR4 2400 = $139
Nvidia GTX 1070ti Founders Edition = $449
Samsung 850 Evo 512GB SSD Drive = $139
TOTAL = $1,214
*costs include shipping & handling
**market forces may vary your pricing options
When loading a Mini ITX case with components you will always have a tough time getting things to fit, but the reward of a solid compact rig with outstanding performance is always worth it. Start by first removing the main cover and front panel so you can get a better look at the space you are working with.
The front panel should easily pop right off. The main chassis panel has four hand tightening screws and also two other manual screws that will need to be removed with a screwdriver.
Remove the drive bay as we wont be needing it. It takes up too much space and there are 3 other mounting points if you wish to add more than one drive.
Next we will remove the top assembly to which our radiator and cooling fans will attach to later. Just remember to keep track of what screws go with each piece.
Next we place the CPU into the provide installation tray and then place it in the motherboard socket. Ensure its seated properly and that the corner arrows lineup before securing the latch.
Here you can see the CPU installed and the RAM module has been added to the motherboard.
Next will install the water cooler mounts for the CPU. Here you can see the initial parts to get you started.
Mount the plastic bracket underneath the motherboard and thread the bolts through the top. Ensure the bolts sit flush and snug into the underside slots which are cut in the shape of the bolt heads.
Here you can see the four bolts protruding around the CPU and the first bolt risers/nuts are installed.
Finally we add the aluminum brackets on either side of the CPU and install the final securing nuts. These two brackets will hold our CPU fan water cooling assembly.
Next we place the motherboard into the chassis and secure it. Since we are working with very tight spaces if you tried to install the power supply first you wouldn’t be able to get the motherboard in place.
Now we place the power supply into the chassis, fan exhaust down. This orientation allows the power supply to exhaust the hot air out the perforated bottom of the case and keep that warm air out.
Now we will mount our SSD to the front of the case. You could also mount it on the side but I preferred the front which is easier to access with the pop off front panel.
Here you can get an appreication for the mess ahead of us with cable management and tight spaces. There’s only so many places to put things and still get adequate airflow.
Now we mount our fans to the radiator and the radiator to the cases mounting bracket. Besure the fans are mounted as show to exhaust the air out of the case.
Top view of our radiator mounted to the cases bracket.
Now we place our Deep Cool fan hub on floor of our case to the side of the motherboard. This gives us plenty of space to route those fan power cords to the side.
Next we place Arctic Silver thermal paste application. You can find the instructions for proper placement on an Intel Core i5 of thermal paste <HERE>.
Now we mount or water cooled fan on top of the CPU which should evenly spread our thermal paste. Our web of cables continues to grow.
Now we drop in our Nvidia GPU and plug it into the power supply. Be sure to install the two front screws to ensure it stays secured from jarring.
Side view our GPU with the nest of cables from our power supply tucked below and behind.
Finally secure our radiator mounting bracket back to the chassis.
Add Hash Crack decals for extra cracking performance…..not really 😉
Installing the required drivers and software went much smoother for this build than the Budget Cracking Rig. Again we picked Ubuntu Desktop but went with version 16.
Create a bootable USB for Ubuntu Install
Ubuntu 16.04.3 LTS
Intel OpenCL Core drivers
From a new terminal in Ubuntu:
sudo apt-get install nvidia-384 nvidia-libopencl1-384
Download Hashcat Binaries
SETUP SSH SERVER <extra credit>
Lastly, since you will be most likely working pentest’s as a team you will want to setup an SSH server with shared keys to enable team members to load and run hashes. Another benefit is team members can pull or load new dictionaries, rule files, and mask attacks so all other members can benefit. Because sharing is caring.
Complete SSH Instructions
BENCHMARKS & THERMALS
~220watts = Peak power usage observed **fans not at 100% and no overclock
82c = Peak temperature observed during 100% load for 8hr test
~40 GH/s NTLM= Benchmark cracking speed i.e. 40 billion cracks per second
~7.8 GH/s SHA1 = Benchmark cracking speed i.e. 7.8 billion cracks per second
~9.6 MH/s md5crypt = Benchmark cracking speed i.e. 9.6 million cracks per second
3,456,000 billion = NTLM cracks a day = 1 x GTX1070ti
$4.00 = Est. one week power costs at full load ((220w x 24hrs x 7) / 1000 x 10.83¢ per kWh)
.000000030¢ = cost per crack $1,214 / ~40GH/s NTLM
1 x GTX 1080ti Approximate Comparison Specs if you upgraded GPU:
53GH/s NTLM = benchmark GTX 1080ti <here> ; ~25% gain for ~$600 more (market variable)
4,579,000 billion = NTLM cracks a day
COMPLETE HASHCAT BENCHMARKS AT THE END OF THE ARTICLE
To be honest, I couldn’t be any happier with how well this little rig performs and the cooling is rock solid. I can’t say it enough, get Founders Edition cards ONLY or you will pay for your mistake! The tight case requires components with proper airflow and those aftermarket GPU cards are just frankly garbage and inadequate.
With such an economical price point of $1,000 there are some things in hindsight I’d change. First I’d get a modular power supply to clean up the mess of cables. Secondly, if I had the extra cash and the prices came down, I replace the 1070Ti with a Nvidia 1080Ti GPU. Lastly, I’d add one more 16GB stick of RAM to bring the capacity up to 32GB of RAM total, aiding in our ability to cache many large dictionaries.
Be sure to subscribe at the bottom as I will be posting future upgrades and experiments using this rig. Also you can follow me on Twitter @netmux. and shoot me some pics of your cracking rig builds. Lastly, if you want a handy reference manual for your next cracking adventure be sure to check out the HASH CRACK: Password Cracking Manual.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.