If like last week simply guessing a password is insufficient, then you can bring out the big guns. I'm talking about Hashcat, and advanced system that allows you to automate the cracking of passwords using optimized GPU code.

## Hashcat Setup

Hashcat has various attacks and hashing modes. Since we're specifically trying to get into a Bitcoin wallet, we want mode 11300. We can also use a "straight" attack mode with a specific list of possible words if we have one.[ref]The Openwall Project also maintains a comprehensive wordlist commonly used to crack many passwords. If you don't have a wordlist to start from, this is a good place to begin.[/ref]

In our case, we put the hash generated from bitcoin2john above in hash.txt and a list of possible passwords into wordlist.txt. Our execution of Hashcat would then look like:

./hashcat64.bin -a 0 -m 11300 ./hash.txt ./wordlist.txt -O -w 3

The flags here identify our attack type (straight), hashing mode (Bitcoin), a request to use an optimized kernel, and a high workload profile. The tool allows you to tweak all of these settings - and more - to your desire, so please check out the wiki for more information.

## That Takes Forever ...

The only problem with Hashcat is that it takes a long time to process even the most conservative wordlist for a Bitcoin wallet. In many other blog entries I've seen folks complain that Hashcat reports "the next big bang" as the expected completion date for a cracking run.

Given how many possible passwords there are to go through, this is a reasonable estimate for a comprehensive brute force attack. But there are ways we can make things go faster.

First, curating our wordlist helps target the cracking attempt to words we know were likely to be used as part of the password. Hashcat also allows for powerful rule setting to manipulate potential passwords and stretch the number of candidates available - replacing as with @s or 0s with Os, for example. But still, this doesn't speed things up on your machine.

In fact, the problem is often that you're trying to run this on the same machine you use for other tasks. Hashcat uses your GPU for cracking, so you'll likely be overloading the system if you try to crack a password and run a display at the same time. Running things locally means you're limited to that one machine's hardware as well.

Next week we'll cover an approach to farm the cracking job out to multiple cracking machines in hopes we can expedite the job.