A Complete Guide to Optimizing Hashcat: Use Your GPU Instead of CPU for 60–90% Faster Cracking
TL;DR: This guide walks you through fixing Hashcat on Kali Linux WSL to recognize your GPU as the default device. In Part 1, we cover installing CUDA, configuring environment variables, and resolving GPU detection issues by fixing symbolic links and automating the process to ensure GPU recognition on startup. Part 2 focuses on optimizing Hashcat’s performance further by using modes like Optimized Kernel (-O) and Workload Profiles (-w), improving cracking efficiency even on systems with limited GPU power. By using your GPU and the two modes it will boost password cracking speeds by 60–90%.
By default, Hashcat will use your CPU instead of your GPU if you’re using an NVIDIA card, as NVIDIA GPUs require the CUDA toolkit and drivers to be installed and configured. From what I understand, AMD GPUs don’t face this issue since they don’t rely on CUDA for GPU acceleration.
Using your CPU for Hashcat is significantly slower than using your GPU, so it’s crucial to set it up correctly. During Cyberskyline’s NCL CTFs, I spent a considerable amount of time troubleshooting and resolving this issue, as the password cracking section can be particularly time-consuming.
This complete guide is divided into two parts. The first part focuses on getting Hashcat to recognize your GPU as the default device. For those without access to a high-performance GPU or using a laptop with limited GPU capabilities, part two will still help you improve your password cracking performance.
For this writeup, I will be using Hashcat on kali-linux WSL.
Part 1: Getting hashcat to recognize your GPU
How to find out which device hashcat is using, CPU or GPU
Load up your terminal that has Hashcat installed and type in:
$ hashcat -I
This will output what devices that Hashcat uses:
Notice where it says Device ID #1 and the type says CPU. This means that Hashcat is using my CPU and not my GPU. If you encounter this, keep reading and we will get Hashcat to use your GPU.
Installing CUDA
Step 1) downloading CUDA
https://developer.nvidia.com/cuda-downloads will bring you to a page where you need to select a bunch of options. Since we are doing WSL on kali-linux, this is what you should select:
Linux > x86_64 > WSL-Ubuntu > 2.0 > runfile (local)
Once you select all these options it will give you the instructions, go ahead and do the wget command and install that in your home directory, cd ~. Hold off on the second line:
wget https://developer.download.nvidia.com/compute/cuda/12.6.2/local_installers/cuda_12.6.2_560.35.03_linux.run
sudo sh cuda_12.6.2_560.35.03_linux.runKeep in mind, I am writing this as of October 9th 2024 and your version may be different than mine (12.6.2).
Step 2) Installing CUDA
After cuda_12.6.2_560.35.03_linux.run is done downloading in your home directory (i.e. /home/kali//cuda_12.6.2_560.35.03_linux.run) we need to install it. This part is tricky and I have always ran into problems.
Before you run this command, it will take some time to run this command so just know it’s running and to be patient.
Run the command, as it stated: sudo sh cuda_12.6.2_560.35.03_linux.run
It may take a while before you see this output, you will notice an error. It says to run the file again but use --silent and --driver . You are probably wondering why I didn’t tell you to run that in the first place, but I heard conflicting stories of this working for some and not working for others.
Run the command:
sudo sh cuda_12.6.2_560.35.03_linux.run --silent --driver
This will take a little while again so be patient. You will know it’s done when you see another terminal prompt show up.
Step 2) Updating the Environment Variables
We are almost done. Next we need to set up the environment variables.
To ensure the toolkit works properly, follow the instructions in the error message to update the environment variables:
echo ‘export PATH=/usr/local/cuda-12.6/bin:$PATH’ >> ~/.bashrc
source ~/.bashrcMake sure your version is the same as mine (12.6), otherwise change this to your version.
Add CUDA Libraries to LD_LIBRARY_PATH:
echo ‘export LD_LIBRARY_PATH=/usr/local/cuda-12.6/lib64:$LD_LIBRARY_PATH’ >> ~/.bashrc
source ~/.bashrcAlternatively, Update the System-Wide Configuration:
sudo nano /etc/ld.so.conf.d/cuda.conf
/usr/local/cuda-12.6/lib64
sudo ldconfigAfter this part it’s important you fully restart WSL. You can restart your entire machine, but there is an easier way by opening up a command prompt terminal and type in:
wsl --shutdown
This will completely shutdown WSL on your computer and may take a little while. Once you see your terminal with another prompt you can open back up kali-linux distribution.
Step 3) Verify CUDA installation
Once you get to this point we need to verify everything is installed. Run the command $ nvidia-smi and you will see your driver version and CUDA version. It’s important to note that your driver version needs to be higher than 560.00. Notice on the top right it says our CUDA Version: 12.6. Woohoo!
Next run $ nvcc --version
Now the moment of truth, checking Hashcat to see if it’s using our GPU instead of our CPU. $ hashcat -I
If you successfully done this correctly, you will see Hashcat acknowledges your CUDA installation. Your device ID #1 should be your GPU.
Step 4) Fixing symbolic link issue
If you don’t see your GPU, don’t worry, there is usually one last step I always have to do to get this working. This part took me forever to figure out. I noticed that every time I startup kali-linux after I installed CUDA it’s as if Hashcat doesn’t remember. It’s odd. Go to your home directory $ cd ~ and type $ nano cuda_gpu_fixer.sh (or name it whatever you want). Paste the following into that file.
cd /usr/lib/wsl/lib
sudo rm libcuda.so libcuda.so.1
sudo ln -s libcuda.so.1.1 libcuda.so.1
sudo ln -s libcuda.so.1 libcuda.so
sudo ldconfig
cd ~Make the file executable: $ chmod +x cuda_gpu_fixer.sh and then run it $ ./cuda_gpu_fixer.sh. Basically, this script is fixing a symbolic link issue to CUDA libraries within WSL. After you ran the script, run $ hashcat -I and see if your GPU shows up.
Step 5) Getting WSL to run cuda_gpu_fixer.sh script on startup (optional)
One of the issues you will face is having to run that script every time you load kali-linux WSL for Hashcat to recognize your GPU. That can be annoying. Luckily, I have figured out how to have it load automatically.
By making this script and adding it to your /etc/profile.d/ directory it will run globally when any shell session starts.
Create a new script (leave the other one in your home directory as an alternative manual method). $ sudo nano /etc/profile.d/fix_cuda.sh and add the following:
#!/bin/bash
# Fix CUDA GPU issue in WSL
if [ -d /usr/lib/wsl/lib ]; then
cd /usr/lib/wsl/lib
sudo rm -f libcuda.so libcuda.so.1
sudo ln -s libcuda.so.1.1 libcuda.so.1
sudo ln -s libcuda.so.1 libcuda.so
sudo ldconfig
cd ~
fiSave and exit the editor (Ctrl + X, then Y, and Enter). Make the script executable: $ sudo chmod +x /etc/profile.d/fix_cuda.sh
Verify this works by opening up command prompt and shut down WSL by typing wsl --shutdown. When it’s done, open up kali-linux WSL and type hashcat -I and it should show your GPU as device ID #1 each and every time it starts up.
Part 2: Using two Hashcat modes
After doing part 1, Hashcat recognizes your GPU as the default device. This second part anyone can do to significantly increase their performance. Some of you might not have the luxury of buying a high performance GPU and you can still do this part. Whether you are using CPU or GPU you can do these commands for faster cracking.
Optimized Kernel Mode (-O)
Using the –O option in Hashcat will use an optimized version of the cracking engine, which is a lot FASTER!
i.e. $ hashcat -m 500 -a 0 -O hash_test /path/to/wordlist.txt
Speed Improvement: The optimized mode is faster than the default mode because it is designed to take advantage of certain efficiencies in how the hash is processed.
Limited Password Length: Using -O restricts the maximum password length to X characters based on each mode you use it in. I know for -m 500 (md5crypt) the limit is 15, so anything after 15 it will reject.
Workload Profiles (-w)
w 1: Slowest, least resource-intensive (also known as “Snail” mode). Ideal for running on systems where you want to avoid high CPU/GPU usage, such as when multitasking.
-w 2: Moderately slow (also called “Turtle” mode). A balance between performance and system responsiveness.
-w 3: Default mode (“Normal”). It provides good performance while still allowing some system responsiveness.
-w 4: Fastest, most aggressive mode (“Lion”). It maximizes the use of available GPU or CPU power for cracking.
Why -w 4 Makes Hashcat Faster:
-More work per call: Larger chunks of work reduce communication overhead between the system and GPU.
-Maximizes resources: It fully utilizes hardware, reducing idle time and increasing hash attempts per second.
-Aggressive scheduling: Keeps the GPU/CPU consistently busy, speeding up hash cracking.
Potential Downsides:
-High resource usage: It uses most of your GPU/CPU, making your system less responsive for other tasks.
-More heat and power: Running at max capacity can increase heat, fan noise, and cause thermal throttling.
-System instability: On weaker or poorly cooled systems, the heavy load might lead to overheating or crashes.
Using optimized kernel and workload profile modes
Here is an example of using both modes:
$ hashcat -m500 -a0 hash.txt wordlist.txt -O -w4
For full CPU and GPU optimization benchmarks, be sure to read my post, “Unlocking Hashcat’s Full Potential: How GPU Optimization Reduced Cracking Time by 85% — A Wordlist Benchmark Breakdown”
Summary
In this guide, we fixed Hashcat’s GPU detection on Kali Linux WSL, significantly boosting performance by using NVIDIA’s CUDA over the CPU, resulting in 60–90% faster cracking. We walked through downloading and installing CUDA, setting up environment variables, verifying the installation, and resolving symbolic link issues to ensure Hashcat recognizes your GPU as the default device. Additionally, we automated the process by creating a startup script to fix GPU detection on every launch. Finally, we explored performance optimization techniques, like enabling optimized kernel mode (-O) and workload profiles (-w), to further increase Hashcat's cracking speed.
