Date: Tue, 14 Aug 2012 19:28:21 +0400 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: john-users@...ts.openwall.com Subject: team john-users writeup for Crack Me If You Can 2012 contest Hi, As many of you are aware, we participated in KoreLogic's "Crack Me If You Can" password cracking contest at DEFCON earlier this summer, as team john-users. We ended up taking 2nd place overall (out of 12), and we're first for 7 out of 19 hash types. Additionally, we achieved the highest number of weighted points prior to the application of bonuses, and we cracked more challenges than any other team did (we cracked 11 total, and we were first to crack 6). Here are the statistics for all teams: http://contest-2012.korelogic.com/stats.html We hope to see pretty graphs of teams' progress over time there. And here are the per-hash crack numbers for our team in particular: http://contest-2012.korelogic.com/stats_4F162A2CBFB13D23.html Now to the writeup, to be re-published on the contest website: Preface. The contest was fun and challenging, it helped us test some experimental John the Ripper code and identify areas for further improvement. Since last year we got a lot of cool stuff related to challenges: truecrypt (thanks, Alain Espinosa), rar (thanks, magnum), zip (thanks, JimF), odt, pdf, ssh, encfs (thanks, Dhiru Kholia) and many more. Also we got OpenCL versions of sha512crypt (thanks, Claudio Andre), bcrypt, mscash2 (thanks, Sayantan Datta) and others. We'd like to list all john's contributors but this list would be too long for this writeup. Thanks to all! We'd like to thank KoreLogic for organizing the event. We would also like to thank all other teams who participated and made it tough for us to compete. ;-) Resources. Active members: 21 Names / nicks: Aleksey Cherepanov, Alexander Cherepanov, bartavelle, Dhiru Kholia, elijah, Francois Pesce, Frank Dittrich, guth, JimF, Kevin Young, Matt Weir, Me Agap1, myrice, Rich Rumble, rofl0r, Rory Michele, samu, Sergey, smooge, Solar Designer, ukasz. Additionally, we had a few members who merely listen. We hope they learned a lot and next time they'll show better results. Also many members asked friends for hardware. The same way some organizations contributed their servers to us. Thanks to all! Software: John the Ripper (with various patches), custom scripts, Cryptohaze Multiforcer (used by samu only), 7-zip to crack 7z, also elijah used trial Passware Kit to crack dmg. We're an Open Source only team. This needs to be clarified: We only use Open Source password cracking tools, meaning that we may use e.g. John the Ripper and Cryptohaze Multiforcer, but not e.g. hashcat (since it is closed-source). However, we may use e.g. closed-source GPU device drivers for lack of an alternative and because they're not directly a password cracking tool. This year, as an exception to our normal policy, a team member happened to use a trial version of Passware Kit to crack a .dmg challenge. After some debate, we decided to go ahead and submit this crack anyway, but confess in the writeup - which we do. That one crack did not affect our contest score at all since we were beyond the cap of 6 challenges anyway. With this one, we cracked a total of 11 challenges; without it, we would be at 10. Hardware: it is hard to count accurately, our estimate is ~250 cpu cores and 9 gpus. Contest. We started by cracking the challenges. The hashes were postponed. As soon as we cracked the first challenge, we tried to submit it (and shortly another one as well), but we failed: we did not try to send any e-mail from our contest server since the previous CMIYC, and as it turned out we got a problem with the caching & recursive nameserver configured on this server. We detected the problem and fixed it half an hour later, so cracked passwords for these two challenges were finally submitted. We would be happy if KoreLogic would provide a way to test scripts for cracks submission before the contest next time. In first 3 hours Dhiru Kholia added support for sxc in JtR. Aleksey Cherepanov wrote a wrapper around 7z in shell. We cracked many challenges waiting for approval for our cracks #3, #4, #5, #6. It was a big relief to know we could stop cracking challenges, but some of us chose to proceed cracking some further challenges in the background anyway. sunmd5 became a problem for us. JtR supported it through generic crypt() function of operating system so we needed (Open)Solaris systems for cracking but we did not have such. So bartavelle implemented sunmd5 in JtR directly. Then JimF polished it and we attacked all hash types. We searched for patterns. But they were not just about word mangling like before. Together with challenges it filled contest with very different tasks. It was very interesting. elijah found "pride and prejudice" pattern about 6 hours before the end. We got a perl one-liner to rip phrases and started cracking in 20 minutes. This book was a game changer. We tried some other books but without such results. We got our books from Project Gutenberg where they were in public domain. So we did not have problems with copyright. Though we missed Lord of the Rings. Other details. You could read more details in members' writeups: bartavelle http://www.openwall.com/lists/john-users/2012/08/03/3 Solar Designer http://www.openwall.com/lists/john-users/2012/08/05/2 Elijah http://www.openwall.com/lists/john-users/2012/08/05/7 Frank Dittrich http://www.openwall.com/lists/john-users/2012/08/05/8 Rich Rumble http://www.openwall.com/lists/john-users/2012/08/05/9 Dhiru Kholia http://www.openwall.com/lists/john-users/2012/08/05/12 rofl0r http://www.openwall.com/lists/john-users/2012/08/05/15 samu http://www.openwall.com/lists/john-users/2012/08/06/4 Aleksey Cherepanov http://www.openwall.com/lists/john-users/2012/08/06/5 Matt Weir http://www.openwall.com/lists/john-users/2012/08/07/3 Guth http://www.openwall.com/lists/john-users/2012/08/09/1 Me Agap1 http://www.openwall.com/lists/john-users/2012/08/10/1 Alexander Cherepanov http://www.openwall.com/lists/john-users/2012/08/13/3 Final words. This year we worked as a real team. Everyone supported and helped each other. Team spirit was very strong. It was amazing experience. The contest made us better in many ways: we improved relationships, we got experience, we found bugs, we wrote new code. This contest was very smooth and interesting. Great thanks for all that! Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.