Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 May 2014 23:04:01 +0400
From: Aleksey Cherepanov <>
Subject: team write-up for PHDays Hash Runner 2014

Write-up for PHDays Hash Runner 2014

Resources summary

Active Members: 12

Aleksey Cherepanov
Alexander Cherepanov
Dhiru Kholia
Jose Luis Herrera
Micha Borrmann

Software: John the Ripper (with various patches); custom scripts on
top of usual linux tools like Perl and wget; Metasploit and PCredz to
get hashes for some tasks.

Hardware: ~20 gpus, ~250 cpu cores at most


The contest was fun and challenging, it helped us test some
experimental John the Ripper code and identify areas for further

We'd like to thank Positive Technologies for organizing the event. We
would also like to thank all other teams who participated and made it
tough for us to compete. ;-)


We got 2 new team members and we hope they'll stay with us. You could
join us too!

In addition to active members listed above: magnum fixed a serious
bug, Sayantan implemented lotus5 in OpenCL for GPU during the contest.

Solar Designer improved lotus5 and dominosec formats before the
contest (about 3x speed-up).

Unfortunately only a few members spent whole days on the contest. So
we had smaller human resources than usually.

I guess we had about 20 gpus and 250 cpu cores. Not all of these
powers were used or even accessible during both days.

About 40 cpu cores were contributed by visitors of


The contest was very nice, very challenging and pleasant. The balance
was very good to be exactly at peak of entertainment but before real
frustration. We had very good time. Many thanks!

First idea seeing pentesting stuff was: oh, orgs shift focus from
cracking. But tasks turned out to be very easy so the introduction to
pentests was very gentle.

Also I would like to make a separate notice about admin hashes: they
are an elegant way to provide canonical hashes to teams because
different dumping tools could give hashes in different forms and it
would make upload of pairs hash:password very difficult. Though we
spent a lot of time mangling hashes anyway.

We did everything as usual. Things went slowly because we tried to
attack all hash formats at the same time and did not use very precise

We used this wordlist a lot:
For instance:

We found several patterns but we did not track them properly. We used
only IRC this time unlike previous times when we used mailing list to
share progress. We had only 1 IRC channel so it was messy. Bad

Dhiru Kholia tried to implement "wonderful" quite long and we got an
implementation in C but we did not get cracks. We did not try very
precise wordlist at all. We missed the possibility to use original php
script with minimal adoption to crack. Though Dhiru used it to produce
test hashes.

We used tomato wordlist from previous Hash Runner but we did not
reduce it. (Will tomato spread as a meme outside of Hash Runner?!)

Unfortunately we got results from only a few good ideas and looked
into only a few problems. For instance we did not look into unknown
salted md4 format. We did not have much men with time. Those problems
we investigated were cool.

Problems and mistakes

- lack of people,
- focus on all hash formats instead of just very fast at the beginning,
- bad management of patterns and attacks,
- I postponed phpass attacks,
- we did not make very precise wordlists,
- we found strange numbers in #2 but did not get cracks using them,
- we did not look into mt_rand well,
- we did not adopt original .php script to crack #12,
- we did not reduce tomato wordlist to make it precise,
- probably others. We have something to investigate. :-)

After the contest

We are happy that the contest is not overlapped with the conference.
So part of john-users was at PHDays:
It was awesome! Thanks to Gleb for the invites!

We hope to be there again and to meet InsidePro team and hashcat there
next time too. Thanks again to you to make the competition really
hard! I hope we will make a decent opposition next time.


Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ