Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20140529190401.GA30001@openwall.com>
Date: Thu, 29 May 2014 23:04:01 +0400
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-users@...ts.openwall.com
Subject: team write-up for PHDays Hash Runner 2014

Write-up for PHDays Hash Runner 2014


Resources summary

Active Members: 12

Names:
Aleksey Cherepanov
Alexander Cherepanov
bartavelle
bghote
Dhiru Kholia
Jose Luis Herrera
jvoisin
Micha Borrmann
rofl0r
sftp
Solar
ukasz

Software: John the Ripper (with various patches); custom scripts on
top of usual linux tools like Perl and wget; Metasploit and PCredz to
get hashes for some tasks.

Hardware: ~20 gpus, ~250 cpu cores at most


Preface

The contest was fun and challenging, it helped us test some
experimental John the Ripper code and identify areas for further
improvement.

We'd like to thank Positive Technologies for organizing the event. We
would also like to thank all other teams who participated and made it
tough for us to compete. ;-)


Resources

We got 2 new team members and we hope they'll stay with us. You could
join us too!

In addition to active members listed above: magnum fixed a serious
bug, Sayantan implemented lotus5 in OpenCL for GPU during the contest.

Solar Designer improved lotus5 and dominosec formats before the
contest (about 3x speed-up).

Unfortunately only a few members spent whole days on the contest. So
we had smaller human resources than usually.

I guess we had about 20 gpus and 250 cpu cores. Not all of these
powers were used or even accessible during both days.

About 40 cpu cores were contributed by visitors of linux.org.ru.
Thanks!


Contest

The contest was very nice, very challenging and pleasant. The balance
was very good to be exactly at peak of entertainment but before real
frustration. We had very good time. Many thanks!

First idea seeing pentesting stuff was: oh, orgs shift focus from
cracking. But tasks turned out to be very easy so the introduction to
pentests was very gentle.

Also I would like to make a separate notice about admin hashes: they
are an elegant way to provide canonical hashes to teams because
different dumping tools could give hashes in different forms and it
would make upload of pairs hash:password very difficult. Though we
spent a lot of time mangling hashes anyway.

We did everything as usual. Things went slowly because we tried to
attack all hash formats at the same time and did not use very precise
wordlists.

We used this wordlist a lot:
https://www.assembla.com/code/datapedia/subversion/node/blob/trunk/_data/import/all.txt?raw=1&rev=146
For instance:
portopflichtige11201955
elefantia`sica05181962

We found several patterns but we did not track them properly. We used
only IRC this time unlike previous times when we used mailing list to
share progress. We had only 1 IRC channel so it was messy. Bad
experiment.

Dhiru Kholia tried to implement "wonderful" quite long and we got an
implementation in C but we did not get cracks. We did not try very
precise wordlist at all. We missed the possibility to use original php
script with minimal adoption to crack. Though Dhiru used it to produce
test hashes.

We used tomato wordlist from previous Hash Runner but we did not
reduce it. (Will tomato spread as a meme outside of Hash Runner?!)

Unfortunately we got results from only a few good ideas and looked
into only a few problems. For instance we did not look into unknown
salted md4 format. We did not have much men with time. Those problems
we investigated were cool.


Problems and mistakes

- lack of people,
- focus on all hash formats instead of just very fast at the beginning,
- bad management of patterns and attacks,
- I postponed phpass attacks,
- we did not make very precise wordlists,
- we found strange numbers in #2 but did not get cracks using them,
- we did not look into mt_rand well,
- we did not adopt original .php script to crack #12,
- we did not reduce tomato wordlist to make it precise,
- probably others. We have something to investigate. :-)


After the contest

We are happy that the contest is not overlapped with the conference.
So part of john-users was at PHDays:
https://twitter.com/repdet/status/469632740217094144/photo/1
It was awesome! Thanks to Gleb for the invites!

We hope to be there again and to meet InsidePro team and hashcat there
next time too. Thanks again to you to make the competition really
hard! I hope we will make a decent opposition next time.


Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.