Detailed Usage Instructions
NPK was built to be easy to install, but it still has a lot of moving parts that can take a little effort to get working just right. Here's a full breakdown of all the steps needed to get NPK fully up and running for production workloads.
NPK supports using custom URLs for your deployment, which requires you to already have a functional route53 hosted zone. Here's the one used by the project, for reference:
Once this hosted zone is configured, we can populate npk-settings.json as follows:
Note how the hosted zone ID from route 53 is used as the 'route53Zone' value, and the custom URLs under 'dnsNames' are both beneath 'npkproject.io'.
Once the config file is populated, running ./deploy.sh from the terraform directory handles the deployment of all the supporting infrastructure. This takes about 20 minutes to complete on average, but you'll receive an email afterward with the link to your deployment, as well as the credentials for the first user.
Note that when changing your password after first login, the password must be at least 12 characters long.
NVidia publishes AMIs which are pre-built with OCL drivers needed by Hashcat. In order to use them, you must first subscribe to them. Click this link: https://aws.amazon.com/marketplace/server/procurement?productId=e6724620-3ffb-4cc9-9690-c310d8e794ef then click 'Continue to Subscribe'. You'll receive an email from AWS confirming your subscription.
NOTE: If you skip this step, your campaign cracking nodes will never start.
By default, AWS is very restrictive about the number of GPU-powered instances you can run on new accounts. NPK will check your current account limits during deployment, but in order to use more than one instance for your campaigns, you'll typically need to request an increase to your limits. Click the following link to submit the increase request: https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-ec2-spot-instances
You'll receive an email from AWS when the request has been processed. Once the limit has been raised, you'll need to run deploy.sh from inside the Terraform folder to update your limits within NPK, after which you'll able to execute campaigns with the largest instance types (.16xlarge) and with more than one instance.
Campaigns in NPK are particularly easy to assemble and give you a great deal of control over how your hash cracking is run, but it's important to assemble your campaigns correctly. There are a few things you should be aware of before you begin.
To include dictionary and rule files in your attack, click 'Enable' next to Wordlist Attacks when creating your campaign. If enabled, you MUST select a dictionary file, but rule files are optional. Rules have a multiplicative effect on the keyspace, which means they can substantially increase the duration of the campaign. The estimated duration will reflect this appropriately.
Mask attacks can be used alone or in combination with wordlist attacks. To build your target mask, click the buttons to add the desired mask character to the list. When used with a wordlist, these characters will be APPENDED to candidates generated by the wordlist/rule attacks.
New in NPK v2, you can specify custom arguments and directly provide masks without using the mask builder. While arguments can be combined with other attack types, a manual mask can only be executed independently. Since this can fundamentally alter how Hashcat runs, a field at the bottom shows the exact command that NPK will run. Before using a new argument or mask for the first time, it is strongly recommended that you copy/paste the 'Cracking Command' into a local terminal to verify that there are no errors.
In order for NPK to properly use hash files, each file must ONLY contain one type of hash, with one hash per line.
The most common mistake folks make is uploading files in 'username:hash' format. NPK doesn't allow this. Each line must be the hash alone, exactly as shown on the hashcat site: https://hashcat.net/wiki/doku.php?id=example_hashes
While building your campaign, the estimated attack duration under 'Attack Breakdown' will update automatically. It's important to keep this in mind when building your campaign, since you don't want to end your cracking job early. It's better to let a simpler campaign complete than to stop a more sophisticated campaign before it's finished.
Keep in mind that these durations are estimates. It's recommended that you always resource your campaigns to 200% coverage. NPK will stop if the campaign finishes early, but you can't resume the campaign if you run out of time.
Immediately after a campaign starts, the cracking nodes will start posting results to the 'File Management' page.
'cracked-hashes' contains hashes where plaintext values were recovered. 'debug.log' contains the detailed logging from the cracking node. If there are any errors with your hash file or campaign configuration which cause the node to fail, they will show up at the very bottom of this file.