Date: Wed, 11 Aug 2010 01:32:42 -1000 From: Charles Weir <cweir@...edu> To: john-users@...ts.openwall.com Subject: Crack Me If You Can Challenge Writeup I had the pleasure recently in competing alongside the john_user's group in KoreLogic's Crack Me If You Can Challenge. I'd like to start off by first thanking KoreLogic who not only devoted their time to set up the contest, but also staffed the contest booth throughout the challenge, (and put up with our crazy submissions). I'd also like to thank Solar for organizing all of us, and from what I can tell from the timestamps on the e-mails he sent out, devoting a sleepless weekend to this contest. Overview: Since I was attending Defcon at the time, I along with Fyord represented the john_users group. The downside of this was that it was very hard for me to keep up with what the rest of the team was doing since I was hesitant to check my webmail on the secure wireless setup, and my AT&T data coverage was spotty at best, (since several thousand other people were checking their I-Phones at the same time). That being said, I had a great time hanging around the Kore booth and finding out what techniques other people were using. I really valued everyones' inputs since, as was pointed out several times to me, (rightfully so), all of my past work on password cracking has been conducted on web-passwords. Getting a chance to talk to people who have audited corporate passwords was an amazing opportunity for me. Hardware: Primary Computer: 2.2 GHz Intel Core 2 Duo Mac Laptop with 1 GB of Ram. This is the computer I did most of my cracking on, and I left it running in my hotel room throughout most of the contest. Unfortunately I was not staying at the Riviera so with a few exceptions I was only able to check it when I came back at night and in the morning before I left. This meant I was limited in my ability to tweak my attacks to to take into account the patterns that appeared in the cracked passwords. Secondary Computer: Asus EEE Netbook, 1 GB of Ram. This was the computer I carried around with me at the conference. I ran short cracking sessions on it when I had some free time, but power (electrical) was an issue. I also frequently stopped my cracking session when I needed to do something else, (like demo tools with other people, or try to help some friends out in the OpenCTF competition). BTW, if you are bored at Defcon, you are doing something wrong ;) Password Cracking Overview: I managed to download the password hashes sometime around 1:00am Thursday night. I started by focusing on standard pw cracking attacks using common dictionaries, such as password.lst. I also mostly focused on the NTLM password hashes. In short, I was pretty much duplicating everyone else's work... Sometime around 2:30am Friday according to my notes I switched to the Crypt-MD5 hashes and ran JtR's password.lst using the single mode ruleset, (the reason for this is I desperately wanted to get some sleep and figured it was a worthwhile attack to run through the night) . I stopped that attack at 9:20am after completing only 1.15% of the cracking session. At that point I had cracked 603 of 4716 (12.78%) of the Crypt-MD5 hashes. On a side note, I was only making around 6000 guesses a second against the Crypt-MD5 hashes. I'm not sure if that was 6000 g/s against all of the hashes, or if I was only making about unique 2 g/s. Needless to say, I wasn't making much progress... Before I left to attend the conference Friday morning, I launched another attack using the single mode ruleset and the various InsidePro "From Queue" dictionaries. I also created a wordlist containing all of the extracted lower-alpha characters from the passwords the john_user's team had cracked, and uploaded it to the team's server. Aka I created an input dictionary by extracting the words, (in a fairly naive manner), from the cracked passwords.I also created an input dictionary of all of the usernames, but this turned out to be not very useful. The Kore folks admitted later that they didn't think about matching passwords up with usernames until after they had created all of the hashes. I arrived back at my room that evening around 7:00PM ish, and while getting ready to head out to the EFF charity benefit party, (did I mention there's a few things to do at Defcon), I finally got around to using my probabilistic password cracker against the NTLM password hashes. For the training list, I used the MySpace passwords, and for input dictionaries I selected dic-0294, and a list of 500 common passwords. I let this attack run for the next couple of hours while I attended a couple of the nightly Defcon events. After I got back around 1:30am Saturday morning I decided to retrain my probabilistic cracker on the passwords our team had already cracked. Normally I don't like doing this, (training on a set I'm attempting to crack), since it's like drinking your own bathwater. The cracker gets better at cracking passwords you've already cracked, but worse at cracking passwords you haven't seen. That being said, I almost immediately started cracking a lot more NTLM password hashes. It was actually pretty cool to witness. At around 3:00 am I received an invitation to join the HashCat group on their IRC server and spent a while talking to them. They were very classy, and even offered me some of their rulesets. I declined to use them though during the contest since I didn't want to take unfair advantage of their generosity... I also didn't have a Windows computer to run Hashcat off of, but I prefer the first explanation ;) I got off to a slow start Saturday morning, but I ended up running my probabilistic cracker against NTLM passwords using the re-trained ruleset, and using the input dictionary I had previously created from cracked passwords. Throughout the day I also ran attacks on my EEE PC using custom JtR rules such as adding 2010 inside words, (aka pa2010ssword). I created these rules based on patterns I saw in the cracked passwords. It was also at this point when I realized I should have used SRaveau's Wikipedia dictionary sooner. It cracked quite a few NTLM passwords I hadn't managed to crack before. I should also mention that I ran shorter cracking sessions against some of the other password hashes, such as DES, using my EEE PC. Saturday afternoon I went back to my hotel room and switched to Crypt-Sha passwords, since I realized I was pretty much duplicating the work everyone else had done with the NTLM password hashes.Once again, I was using my probabilistic cracker. I returned shortly before 11:00 pm but I pretty much just let my attacks keep running. I was still cracking around 1 Crypt-Sha hash a minute, and I was uploading my results until the the contest ended. And that was that. Lessons Learned and Mistakes Made: 1) I believe the key to this contest was analyzing the cracked passwords and creating custom rulesets based on them. The HashCat and CrackHeads groups did this amazingly well, (I have no idea what InsidePro's strategy was). 2) While JtR has the most powerful built-in rule creation system, based on the listserv posts, it looks like our team had a hard time taking advantage of it. 3) From my conversations with other people at the conference, JtR's config files/rules are pretty much universally hated/feared/misunderstood. It's almost comical since many of the people I talked to are fluent in several programming/scripting languages. 4) I discovered numerous improvements I need to make to my probabilistic cracker, (which is one of the many reasons why I competed in this challenge). Right now my probabilistic cracker is designed to be trained on a list of plaintext passwords that resemble the target. This limits its effectiveness when retraining it on a set of passwords it currently is attacking. I need to modify the training program to include an option where it will be more effective when trained on a partially cracked set of passwords. One example of this is to ignore password length, (aka we were much more likely to crack shorter passwords earlier on which meant the probabilistic cracker focused on shorter passwords when it was retrained). 5) There's a lot of work left to be done weaponizing my probabilistic cracker, such as reducing the memory usage, and adding support for insertion rules, (aka pa2010ssword). 6) I'm really envious of team CrackHeads's use of Amazon EC2 clusters. I wish I had thought of that! 7) Rather than starting my probabilistic cracker from the most probable password first, I should have started from a less probable starting point to avoid duplicating everyone else's work. That's one serous downside with using it since it doesn't play well with other types of password cracking attacks, (aka avoid duplicating work). I'm almost certainly going to expand on this writeup later, but I wanted to get something out in a somewhat reasonable time. Thanks once again to everyone, and hopefully we'll get a chance to do better next year! Matt Weir http://reusablesec.blogspot.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.