Date: Sun, 05 Aug 2012 14:44:53 +0200 From: rofl0r <maillist-johnusers@...fooze.de> To: john-users@...ts.openwall.com Subject: rofl0r's writeup for CMIYC 2012 this was my first pw cracking contest, so i was kinda planless in the beginning. hw: 1x AMD FX(tm)-8120 Eight-Core Processor @ 3.1 GHz started reading the various docs related to the contest setup, john usage etc, then started to set up john contest edition, and peeked around on the server for wordlists. i grabbed some of them and compiled a huge wordlist out of it. ran it on some randomly chosen hashes (mysql and oracle). i got quite good results (ca 100 cracked hashes after a few seconds), but then saw that about 80% of them were already in the cracked pots. i should have tried to run the list on all other fasts hashes as well. (started doing this in the last 3 minutes of the contest and it did indeed find a new md5 hash, but it was ~1 minute to late to submit it...) heard about some patterns that were found on irc and compiled a dinosaur wordlist which i run against bf, because of its high value. (moderate success, only 1 pass found) c/s was very slow, so i started to feel i need more cpu. added 1x Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz to my setup. (about 15% faster per core against bf than the AMD) i was continously rsyncing the contest servers /home dir to a local dir, which i mounted via sshfs on the other box, so i had direct access to newest stuff. started appending numbers to dinos and ran it again against bf. no success at all. someone found that 2 swiss cities were used. i compiled a list of them and ran it against bf. no success again. looked at pots and saw that those 2 swiss city names found had one random char appended. since i dont know how to use john's more advanced features, i compiled a list of swiss city names with A-Za-z0-9 appended with a perl script and ran it against bf. went to sleep. when i came back, 2 hashes were cracked, both with lowercase char appended. i canceled the run in the middle and shrunk the wordlist to use only lowercase chars. 1 more found. at that time Jim had the sunmd5 patch working. i feeled i needed more beef so i set up an old dual-core laptop (which i wasn't even considering to use in the beginning). Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz i looked at the pots and saw p4$$w0rd everywhere with inserted characters. compiled such a list and run it against sunmd5. the laptop was amazingly fast at this; only about 25% slower than the AMD FX... found 2 variations of it against sunmd5. at this point, we had only 3 sunmd5, and 9 bf hashes, so i was quite happy with my results. total team score was ~288K i picked up another dualcore atom box and a crappy amd laptop that were accessible in the network and added them to my setup. since those where in a different network segment i couldnt use sshfs but had to copy everything needed over there, which was quite timeconsuming. i started running easy english wordlists against sunmd5 since this hash was still mostly virgin. the success with the password variation inspired me to insert chars into the swiss list at all possible offsets, one per pass. this was my best attempt, i got hundreds of cracks all over the hash scale. i couldnt finish all hashtypes in time so i asked solar to take over some of the slow hashes. tried the greek names wordlist with inserted chars on some other box, and it only yielded a single hash. i continued running mscash2 on the swiss patterns on various boxes for the last 30 minutes, since i was unsure if solar had picked up my prepared wordlist. at the end i had nearly 1000 hashes cracked, which is a very satisfying result for me. lesson learned: next time i'll start with huge easy wordlists on fast hashes so i can easily spot patterns (i had no idea *how fast* those hashes are), then starting to test these against fash hashes again and only if they are really successfull continue to use them against slower ones, while keeping on trying new stuff against the fast hashes. thanks for all the fun, wordlists, and jtr contest edition. =) hope i can join you guys next year again. rofl0r
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.