不要在虚拟机中尝试这样做。从理论上讲是可能的,但是这可能行不通,我们不建议用户尝试这样做。
本文档说明了如何安装NVIDIA GPU驱动程序和CUDA支持,从而可以与流行的渗透测试工具集成。
本指南也适用于独立显卡(台式机用户),而不是Optimus(笔记本电脑用户)(译者注:Optimus是NVIDIA针对笔记本电脑开发的显示切换技术。)。。我们没有足够的硬件来编写指南。所以我们正在寻找社区的贡献来帮助我们。如果你有硬件,有专业的知识,请编辑本指南
先决条件
首先,您需要确保您的卡支持CUDA。
推荐使用CUDA计算能力 > 5.0的GPU,但数量较少的GPU仍然可以使用。
之后,请确保在网络存储库中启用了contrib&non-free组件,并且系统已完全升级:
kali@kali:~$ sudo apt update
kali@kali:~$
kali@kali:~$ sudo apt -y full-upgrade -y
kali@kali:~$
kali@kali:~$ [ -f /var/run/reboot-required ] && sudo reboot -f
kali@kali:~$
让我们确定确切安装的GPU,并检查其使用的内核模块:
kali@kali:~$ lspci | grep -i vga 07:00.0 VGA compatible controller: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] (rev a1) kali@kali:~$ kali@kali:~$ lspci -s 07:00.0 -v 07:00.0 VGA compatible controller: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd GP106 [GeForce GTX 1060 6GB] Flags: bus master, fast devsel, latency 0, IRQ 100 Memory at f6000000 (32-bit, non-prefetchable) [size=16M] Memory at e0000000 (64-bit, prefetchable) [size=256M] Memory at f0000000 (64-bit, prefetchable) [size=32M] I/O ports at e000 [size=128] Expansion ROM at 000c0000 [disabled] [size=128K] Capabilities: <access denied> Kernel driver in use: nouveau Kernel modules: nouveau kali@kali:~$
注意Kernel driver in use & Kernel modules是如何使用nouveau?这是nVidia的开源驱动程序。本指南介绍了如何从NVIDIA安装封源驱动。
有一个叫`nvidia-detect`的包会检测不到驱动,因为Kali是一个滚动发行版,需要一个稳定的版本。
安装
一旦系统进行升级后重启,我们将继续安装驱动程序和CUDA工具包 (允许工具利用GPU)。
在安装驱动程序期间,系统创建了新的内核模块,因此需要重新引导:
kali@kali:~$ sudo apt install -y nvidia-driver nvidia-cuda-toolkit ┌─────────────────────────────────┤ Configuring xserver-xorg-video-nvidia ├─────────────────────────────────┐ │ │ │ Conflicting nouveau kernel module loaded │ │ │ │ The free nouveau kernel module is currently loaded and conflicts with the non-free nvidia kernel module. │ │ │ │ The easiest way to fix this is to reboot the machine once the installation has finished. │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────┘ kali@kali:~$ kali@kali:~$ sudo reboot -f kali@kali:~$
DPI / PPI
在Kali启动备份后,某些事情可能看起来与预期的有所不同。
验证驱动程序安装
现在我们的系统已经可以使用了,我们需要验证驱动程序是否已正确加载。我们可以通过运行nvidia-smi工具来快速验证这一点。
kali@kali:~$ nvidia-smi Tue Jan 28 11:37:47 2020 +-----------------------------------------------------------------------------+ | NVIDIA-SMI 430.64 Driver Version: 430.64 CUDA Version: 10.1 | |-------------------------------+----------------------+----------------------+ | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | |===============================+======================+======================| | 0 GeForce GTX 106... Off | 00000000:07:00.0 On | N/A | | 0% 50C P8 7W / 120W | 116MiB / 6075MiB | 0% Default | +-------------------------------+----------------------+----------------------+ +-----------------------------------------------------------------------------+ | Processes: GPU Memory | | GPU PID Type Process name Usage | |=============================================================================| | 0 807 G /usr/lib/xorg/Xorg 112MiB | | 0 979 G xfwm4 2MiB | +-----------------------------------------------------------------------------+ kali@kali:~$ kali@kali:~$ lspci | grep -i vga 07:00.0 VGA compatible controller: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] (rev a1) kali@kali:~$ kali@kali:~$ lspci -s 07:00.0 -v ...SNIP... Kernel driver in use: nvidia Kernel modules: nvidia kali@kali:~$
您可以看到我们的硬件已被检测到,我们正在使用nvidia而不是nouveau驱动器。
哈希猫
随着输出正确显示我们的驱动程序和GPU,我们现在可以进入基准测试(使用CUDA工具包)。在我们多太多工作之前,让我们仔细检查一下以确保hashcat和CUDA能够协同工作。
kali@kali:~$ sudo apt install -y hashcat kali@kali:~$ kali@kali:~$ hashcat -I hashcat (v6.0.0) starting... CUDA Info: ========== CUDA.Version.: 10.2 Backend Device ID #1 (Alias: #2) Name...........: GeForce GTX 1060 6GB Processor(s)...: 10 Clock..........: 1771 Memory.Total...: 6075 MB Memory.Free....: 5908 MB OpenCL Info: ============ OpenCL Platform ID #1 Vendor..: NVIDIA Corporation Name....: NVIDIA CUDA Version.: OpenCL 1.2 CUDA 10.2.185 Backend Device ID #2 (Alias: #1) Type...........: GPU Vendor.ID......: 32 Vendor.........: NVIDIA Corporation Name...........: GeForce GTX 1060 6GB Version........: OpenCL 1.2 CUDA Processor(s)...: 10 Clock..........: 1771 Memory.Total...: 6075 MB (limited to 1518 MB allocatable in one block) Memory.Free....: 5888 MB OpenCL.Version.: OpenCL C 1.2 Driver.Version.: 440.100 kali@kali:~$
看起来一切正常,让我们继续运行hashcat的内置基准测试。
基准测试
kali@kali:~$ hashcat -b | uniq hashcat (v6.0.0) starting in benchmark mode... Benchmarking uses hand-optimized kernel code by default. You can use it in your cracking session by setting the -O option. Note: Using optimized kernel code limits the maximum supported password length. To disable the optimized kernel code in benchmark mode, use the -w option. * Device #1: WARNING! Kernel exec timeout is not disabled. This may cause "CL_OUT_OF_RESOURCES" or related errors. To disable the timeout, see: https://hashcat.net/q/timeoutpatch * Device #2: WARNING! Kernel exec timeout is not disabled. This may cause "CL_OUT_OF_RESOURCES" or related errors. To disable the timeout, see: https://hashcat.net/q/timeoutpatch CUDA API (CUDA 10.2) ==================== * Device #1: GeForce GTX 1060 6GB, 5908/6075 MB, 10MCU OpenCL API (OpenCL 1.2 CUDA 10.2.185) - Platform #1 [NVIDIA Corporation] ======================================================================== * Device #2: GeForce GTX 1060 6GB, skipped Benchmark relevant options: =========================== * --optimized-kernel-enable Hashmode: 0 - MD5 Speed.#1.........: 14350.4 MH/s (46.67ms) @ Accel:64 Loops:1024 Thr:1024 Vec:8 Hashmode: 100 - SHA1 Speed.#1.........: 4800.5 MH/s (69.83ms) @ Accel:32 Loops:1024 Thr:1024 Vec:1 ...SNIP... Started: Tue Jul 21 17:12:39 2020 Stopped: Tue Jul 21 17:16:10 2020 kali@kali:~$
有许多配置可提高破解速度,本指南中未提及。但是,我们鼓励您查看针对特定情况的hashcat文档。
故障排除
如果安装不按计划进行,我们将安装clinfo以获得详细的故障排除信息。
kali@kali:~$ sudo apt install -y clinfo kali@kali:~$ kali@kali:~$ clinfo Number of platforms 1 Platform Name NVIDIA CUDA Platform Vendor NVIDIA Corporation Platform Version OpenCL 1.2 CUDA 10.1.120 Platform Profile FULL_PROFILE Platform Extensions cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_fp64 cl_khr_byte_addressable_store cl_khr_icd cl_khr_gl_sharing cl_nv_compiler_options cl_nv_device_attribute_query cl_nv_pragma_unroll cl_nv_copy_opts cl_nv_create_buffer Platform Extensions function suffix NV Platform Name NVIDIA CUDA ...SNIP... kali@kali:~$ kali@kali:~$ clinfo | wc -l 116 kali@kali:~$
OpenCL加载器
可能有必要检查可能与我们的设置冲突的其他软件包。我们首先检查一下我们已经安装了什么OpenCL Loader。NVIDIA OpenCL Loader和通用OpenCL Loader均适用于我们的系统。
kali@kali:~$ dpkg -l | grep -i icd ii nvidia-egl-icd:amd64 430.64-5 amd64 NVIDIA EGL installable client driver (ICD) ii nvidia-opencl-icd:amd64 430.64-5 amd64 NVIDIA OpenCL installable client driver (ICD) ii nvidia-vulkan-icd:amd64 430.64-5 amd64 NVIDIA Vulkan installable client driver (ICD) ii ocl-icd-libopencl1:amd64 2.2.12-2 amd64 Generic OpenCL ICD Loader ii ocl-icd-opencl-dev:amd64 2.2.12-2 amd64 OpenCL development files kali@kali:~$
如果已安装mesa-opencl-icd,则应将其删除:
kali@kali:~$ dpkg -l | grep -i mesa-opencl-icd ii mesa-opencl-icd:amd64 19.3.2-1 amd64 free implementation of the OpenCL API -- ICD runtime kali@kali:~$ kali@kali:~$ sudo apt remove mesa-opencl-icd kali@kali:~$
由于我们确定已经安装了兼容的ICD加载器,因此可以轻松确定当前正在使用的加载器。
kali@kali:~$ clinfo | grep -i "icd loader" ICD loader properties ICD loader Name OpenCL ICD Loader ICD loader Vendor OCL Icd free software ICD loader Version 2.2.12 ICD loader Profile OpenCL 2.2 kali@kali:~$
如预期的那样,我们的设置使用的是先前安装的开源加载程序。现在,让我们获取有关系统的一些详细信息。
查询GPU信息
我们将再次使用nvidia-smi,但输出更为详细。
kali@kali:~$ nvidia-smi -i 0 -q ==============NVSMI LOG============== Timestamp : Fri Feb 14 13:26:21 2020 Driver Version : 430.64 CUDA Version : 10.1 Attached GPUs : 1 GPU 00000000:07:00.0 Product Name : GeForce GTX 1060 6GB Product Brand : GeForce Display Mode : Enabled Display Active : Enabled Persistence Mode : Disabled Accounting Mode : Disabled Accounting Mode Buffer Size : 4000 ...SNIP... Temperature GPU Current Temp : 49 C GPU Shutdown Temp : 102 C GPU Slowdown Temp : 99 C ...SNIP... Clocks Graphics : 139 MHz SM : 139 MHz Memory : 405 MHz Video : 544 MHz ...SNIP... Processes Process ID : 815 Type : G Name : /usr/lib/xorg/Xorg Used GPU Memory : 132 MiB Process ID : 994 Type : G Name : xfwm4 Used GPU Memory : 2 MiB kali@kali:~$
看来我们的GPU已被正确识别,因此让我们使用glxinfo来确定是否启用了3D渲染。
kali@kali:~$ sudo apt install -y mesa-utils kali@kali:~$ kali@kali:~$ glxinfo | grep -i "direct rendering" direct rendering: Yes kali@kali:~$
这些工具的组合应有助于故障排除过程。如果仍然遇到问题,建议您搜索类似的设置以及可能影响您特定系统的任何细微差别。