Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 7 Aug 2014 10:10:18 +0400
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-users@...ts.openwall.com
Subject: team john-users write-up for Crack Me If You Can 2013 contest

Write-up for Crack Me If You Can 2013 contest


Resources summary

Active Members:
Agap1
Aleksey Cherepanov
Alexander Cherepanov
Dhiru Kholia
elijah[w&p]
Frank
gat3way
guth
JimF
Jose Luis Herrera
Katja Malvoni
Matt Weir
plaintext
Sayantan Datta
sftp
smooge
Solar Designer
ukasz
Vasily Kulikov a.k.a. segoon

Software: John the Ripper (with various patches), custom scripts,
hashkill (used by gat3way only)

Hardware: ~15 gpus, ~330 cpu cores at most


Preface

The contest was excellent. We had fun and challenges, it helped us
test some experimental John the Ripper code and identify areas for
further improvement.

We'd like to thank KoreLogic for organizing the event. We would also
like to thank all other teams who participated and made it tough for
us to compete. ;-)


Resources

We used bleeding-jumbo branch of John the Ripper. There was no
specifically crafted version for the contest. Though Dhiru Kholia
implemented bwtdt format right during the contest.


Contest


The Big Mistake

Our biggest mistake during the contest was a lack of attacks for the
end. Previous time we had a lot of things we would like to run if we
would have a way to distribute attack. Such attack usually was a huge
wordlist and/or huge ruleset against slow hash type. They were
naturally born when someone tried a wordlist against fast hashes and
considered that it was good for slow hashes too but he did not have
enough hardware to perform attack completely himself. But this time
things were harder.

Probably we missed a lot of pattern transitions and big attacks due to
additional separation of hashes onto organizations. So the two axes
(organizations and hash types) overflowed our irc channel. It is the
time to admit: one irc channel becomes a big mess in such situations.
Though one irc channel was good for micromanagement even being
overflowed. The two axes is a great way to introduce complexity into
attack management.

Things went very slow. But we managed to crack Challenge 9 and get
250k of points.


Challenge 9, 250k of points for EPS / .pfx file

We was the only Pro team to crack an EPS / .pfx file (Challenge 9). We
got 250'000 points for this challenge. The challenge consisted of
efs.dd file that was HDD dump with MBR and NTFS partition.

Vasily Kulikov a.k.a. segoon extracted files from efs.dd very early
but it was only the beginning of a long journey to 250k points. Vasily
Kulikov used `dd` and `ntfs-3g` to mount the dump. Other way is:
$ mount -o loop,ro,noexec,offset=65536 efs.dd vol/

The list of files:
$ find
.
./$RECYCLE.BIN
./$RECYCLE.BIN/S-1-5-21-2918446736-3965069856-1598155625-1003
./$RECYCLE.BIN/S-1-5-21-2918446736-3965069856-1598155625-1003/desktop.ini
./$RECYCLE.BIN/S-1-5-21-2918446736-3965069856-1598155625-1004
./$RECYCLE.BIN/S-1-5-21-2918446736-3965069856-1598155625-1004/desktop.ini
./backup
./backup/0E88F964EA0CC0BF9B9E67F6150216324CAE589C
./backup/mabel.pfx
./secret documents
./secret documents/dipper.txt
./secret documents/mabel.txt
./secret documents/shared.txt
./System Volume Information

The files in 'secret documents/' directory were not readable. The files
in $RECYCLE.BIN were not interesting. So there were two interesting
files: backup/0E88F964EA0CC0BF9B9E67F6150216324CAE589C and
backup/mabel.pfx .

Vasily Kulikov converted mabel.pfx into a hash for john using pfx2john
and shared with the team. So the challenge was mostly reduced to
cracking this hash.

But we looked into 0E88F964EA0CC0BF9B9E67F6150216324CAE589C file.
Dhiru Kholia posted about http://en.wikipedia.org/wiki/Gravity_Falls
based on output of `strings` utility. The article said about ciphers
used at the end of every episode of Gravity Falls: Caesar cipher,
Atbash cipher, a substitution cipher. So there were attempts to apply
these ciphers to wordlists and to name of the file.

Things did not go and we postponed this challenge. We got back to this
challenge much later, one hour later than elijah[w&p] wrote on irc
that street team "I Cant Believe Its Not Butter" got 250k points for
their challenge 9. We had 8 hours before the end of the contest and
the challenge became a part of our strategy.

We wanted to solve this challenge and ideas were boiling again. But we
thought about hash this time. 'mabel' on search engine led to Mabel
Pines at Gravity Falls wiki on wikia.com. Dhiru Kholia posted the link
on irc. elijah[w&p] prepared a list of characters from Gravity Falls.
Solar Designer used this list with jumbo rules and many other
manipulations. The attack was performed by our cluster consisted of
computers from members who wished to free their hands from cracking
management for wordlist making. Quite soon Solar Designer understood
that this wordlist was a dead-end. He asked for a new wordlist but
this wave of enthusiasm was ended and people did other things.

Solar Designer reminded us about Mabel's hash 1.5 hours before the end
of the contest. Aleksey Cherepanov picked the task. He made a list of
all words from wiki on Wikia. It was not trivial because xml dumps
were not available for Gravity Falls wiki. So he downloaded all pages
using `wget`, got text from html using `w3m` and ripped words out
using Perl. So we got a wordlist 27 minutes before the end. Solar
Designer processed the wordlist further with some `tr` commands,
combining their output and passing all through `unique`.

Solar Designer used our dynamic cluster to process this wordlist
quick. The cluster was built from his and member's machines using
experimental scripts for distribution of attacks. The cluster had 285
logical CPUs at the peak of size.

Solar Designer wrote on irc 15 minutes before the end: Sw3at3r! It was
the password for challenge 9. 2 minutes later Alexander Cherepanov
said that he triggered submission. 2 minutes later we were ready to
ask organizers about our challenge because we worried much but did not
see on the score table. 0.5 minute later we noticed that we jumped to
1.3M of points. What a relief! But it was not the end: we still had to
perform final attacks and submit our cracks!

After the contest Dhiru Kholia decrypted the hint from the challenge
9: the hint was in 0E88F964EA0CC0BF9B9E67F6150216324CAE589C file. The
file was a DPAPI Master Key Blob.
https://www.usenix.org/legacy/event/woot10/tech/full_papers/Burzstein.pdf
Also Dhiru Kholia implemented a john format to crack this (EFS).

A. Contents of decrypted mabel.txt:
"""
congratulations!

Here is your hint for the plain text files:

1. That is not dead which can eternal lie, And with strange aeons even
death may die.
"""

B. Contents of decrypted shared.txt:
"""
Congratulations!

Here is your hint for some plain text passwords:

2. Lovecraft lexicon with some punctuation thrown in.
"""

We saw "cthulhu" in passwords. "cthulhu" is a part of Lovecraft
lexicon.


Final words

The contest made us better in many ways: we improved relationships, we
got experience, we found bugs, we wrote new code. This contest was
very interesting. Excellent work! Great thanks for all that!


-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.