Everything You Need To Know About Mitnick's Crack-in-the-Box Password Cracker

Password cracking is a popular method used by hackers worldwide to ultimately gain access to sensitive data, making it vital for organizations to ensure their passwords are strong enough to withstand the most advanced password-cracking hacks.

On April 21, 2023, Kevin Mitnick — the world's most famous hacker and leader within the cybersecurity industry, as well as the founder of Mitnick Security — released Mitnick Security's newest password cracker, the “Crack-in-the-Box” which will be utilized by his teams during Red Team Operations to help expedite the password-cracking process.

So, what exactly is this password cracker, how does it work, and why does your company need it to reinforce your password security? We’ll answer these questions and more below.


What Is the “Crack-in-the-Box” Password Cracker?

Created with KnowBe4’s assistance, Mitnick’s Crack–in-the-Box password cracker is comprised of two dozen of NVIDIA's top-tier consumer graphics cards, the GeForce RTX 4090 based on the Ada Lovelace GPU architecture, as well as six GeForce RTX 2080 cards based on Turing. NVIDIA's top consumer GPU has shown to be pretty proficient at password cracking. A system using 24 of these GPUs in addition to six older, higher-tier GPUs is the most cutting-edge password cracker on the market.

Impressively, the flagship Ada Lovelace architecture graphics card cracks passwords and recovers eight-character passwords in under 50 minutes when using a system equipped with eight RTX 4090 cards.

How It Uses Hashtopolis

An algorithm called a hash converts a password into a random string of characters. Passwords are securely stored via hashing so that their plain text form is hidden. Finding the original password that corresponds to a particular hash is necessary to crack a password.

Mitnick’s password cracker utilizes Hashtopolis, an open-source software that enables the password hacking task to be split among numerous PCs with GPUs — as well as a web interface for further assistance — to support various hash types. This empowers the tool to perform the most comprehensive password cracking.


The Importance of Password Security 

Proper password security is one of the most important areas businesses can protect their data, though organizations don’t always implement the best practices and cybersecurity into their operations to secure sensitive information.

Instead of setting new passwords for each account, it can be tempting to use the same easily memorable or other simple passwords across many accounts. However, this can have disastrous effects on your organization.

The repercussions of cybercriminals gaining unauthorized access to your organization's data can be catastrophic. Businesses can suffer considerable drop-offs in revenue and reputation, not to mention other legalities from failing to meet mandatory industry standards and regulations regarding data security.

Hackers' methods for stealing passwords are becoming more advanced, making it absolutely vital to implement the best practices and tools to prevent password theft. Hackers have been known to use any of the following techniques to gain access to both company-wide and individual privileges and passwords:

  • Credential stuffing
  • Social engineering
  • Dictionary attacks
  • Phishing scams
  • Brute force attacks
  • Password spraying
  • Rainbow table attacks
  • Memory-scraping malware
  • Spidering
  • Random guesses
  • And many more


The first step in preventing these cyber attacks is to understand what makes a strong password in the first place.

A strong password is one that:

  • Uses a personal phrase
  • Includes capital and lowercase characters as well as numerals and symbols
  • Has spaces or symbols to break up the password


Testing Your Passcode Security With Red Team Penetration Testing

Creating strong passwords is a great practice, however, the most effective way to prevent hackers from stealing your data is to deploy penetration testing.

Red Team pentesting ensures you have the most insight into your security stack, enabling you to reinforce your strong points and eliminate your weakest ones. As an advanced form of pentesting, Red Teaming is the ultimate test for your organization. In other words, the gloves are off. The Red Team will find a weak point in your network and gain access. With Red Team Operations, you’ll receive:

  • The most advanced form of pentesting via an intricate hacking simulation on your organization
  • Discovery of vulnerable areas that pose the highest threat to your data, enabling you to make crucial, necessary improvements
  • Improved abilities and tactics of your Blue Team
  • A clear roadmap of goals before, during, and after Red Team Operations


Not only does our team provide these benefits, but our Red Team Operations also utilize Mitnick’s Crack–in-the-Box password cracker to quickly test the security of the passwords used by your employees and find any flaws. By doing so, you’ll help mitigate cybersecurity attacks from occurring, such as data breaches or phishing scams. Additionally, it can assist users in strengthening their password habits and password selection going forward.


Ensure Your Security Framework Is Secure With Mitnick Security

To protect personal and professional information, password security is essential. With the assistance of security experts, make sure you are taking the necessary steps to protect your data.

Request more information about our Red Team penetration testing and we’ll work with you and your team to provide the best cybersecurity for your needs.

Topics: penetration testing, Password Management

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

The Growth of Third-Party Software Supply Chain Cyber Attacks

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›