Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 9 Aug 2012 09:58:14 +0200
From: Guth <guth@...posor.com>
To: john-users@...ts.openwall.com
Subject: guth's writeup for Crack Me If You Can 2012

Here is my personal writeup about CMIYC2012 contest :

# Preparation

Unlike last year I :
- tried (without luck) to motive friends to join the team
- as expected, i didn't take enough (if any) time to prepare this year.
- had 1 (small) GPU (instead of none)
- had lot less CPU cores: last year 30-40, this year 18 (with less GHz)
- had bigger wordlists, and various languages ones

# During contest

When the contest started, i had a look at challenges, but switched very
shortly.
I started to run BIG wordlist on NT/nsldap/des/mysql/oracle11 hashes in
order to have "samples" of passwords used.

I had good results on md5u with big lists as well.

Discovered some switzerland cites, althoug i had few "direct" results with
the dic compiled from wikipedia, i did not try mangling them.
Luckily some others did later. Tried with no luck on Sweden cities.
Tried to run (not much luck) famous people names from:already cracked
hashes on fast+"half-slow" hashes.

I also did some runs of recovered passwords with wordlist on all but very
slow hashes, with lines like:
for file in *uncracked ; do ./john -w=recovered $file --format="$(echo -n
$file |sed 's|hashes-[0-9]\+\.\(.\+\)\.txt-uncracked|\1|')"
--rule=TestRule1 ; done

I also tried this kind of run with multiples wordlists (non-acsii chars,
multiple languages, ...) with custom and "standard"(single/extra/jumbo)
rules (rules selection related to wordlist size in order to get
"acceptable" run time).
Used also some computing time to search/compile names from well known
people from South-Africa (from guesses on some spotted names on
famous.txt), no luck on it as well.

Finally I ran (without luck, again) medium wordlist of well knows password
(hopping to find other patterns, "exotic" words) on phps (during sleeptime).


# Debrief / Conclusion

I should have :
- dig more on the "password in many language" hint/feeling i/we got due to
the founds in challenge (german+spanish)
- globally try harder to find patterns (a lot less than last year)
- use more rules
I had some troubles with GPU: various selftests errors etc. (not logged,
investigation required), so it was nearly not use at all.
I got memory corruption(=crash) on some wordlists (reported and corrected
since contest ended)

Team:
Thanks anyone how contributed to JtR: Solar, magnum, JimF, ... (can't list
all but you know if you did)
The work on GPU implementations helped a bit this year, but is still to
improve (as well as the number of GPU in the team :P).
GREAT thanks to every one for the fun and great work, real team spirit, ...
It was a lot of fun to read/follow "live" what everyone does/thinks/works
on..
One single IRC line made my day:
< btvl> (seems like we missed LotR, not sure what kind of nerd misses that
and discovers pride & prejudice ;)

Korelogic:
I have the feeling that this year contest was a lot more realistic than
last years patterns were present but not too much occurences of each (just
enought). i.e. no "master pattern" allowing to recover half of hashes at
once.
Even if passphrases/over 12 passwords is quite rare in the wild, it seems
appropriate in the context of his contest (even if trying to be realistic a
contest can't be 100% real, due to context, aims, teams, ...)
So all in all it seems fine to me, thought not perfect.

Hashcat:
Well done, hard fight, lot of fun ! See you next year :)

Guth

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ