Date: Fri, 30 May 2014 00:33:02 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: team write-up for PHDays Hash Runner 2014 Hi, Thanks for preparing this writeup, Aleksey! Some minor additions/corrections below: On Thu, May 29, 2014 at 11:04:01PM +0400, Aleksey Cherepanov wrote: > Active Members: 12 > > Names: > Aleksey Cherepanov > Alexander Cherepanov > bartavelle > bghote > Dhiru Kholia > Jose Luis Herrera > jvoisin > Micha Borrmann > rofl0r > sftp > Solar > ukasz Some of us participated during part of the time of the contest only. As we normally do it, the members list in the writeup is based on who uploaded .pot files, no matter how many or few, how large or small. Besides the immediate participants - those who cracked at least one password - we also received contributions from Sayantan (lotus5-opencl, which affected our contest score significantly), from magnum (who fixed a nasty bug identified in bleeding-jumbo during the contest), and from some people who ran "slave" to donate CPU time to our little cluster (mostly used for dominosec, as a workaround for us not having dominosec on GPU yet). I think Sayantan's and magnum's indirect participation was at least as valuable as that of "Active Members" above. > Software: John the Ripper (with various patches); custom scripts on > top of usual linux tools like Perl and wget; Metasploit and PCredz to > get hashes for some tasks. I also ran ops_SIMD - http://conus.info/utils/ops_SIMD/ (my custom build of it with some trivial changes) on some Oracle 10 hashes for around 10 hours, but this didn't crack anything. ops_SIMD is quite buggy and limited, but I hope the specific build and settings that I used would actually crack passwords if there were any within that keyspace. > In addition to active members listed above: magnum fixed a serious > bug, Sayantan implemented lotus5 in OpenCL for GPU during the contest. Exactly, and I think we should be listing such important contributors right near the members list next time. > Solar Designer improved lotus5 and dominosec formats before the > contest (about 3x speed-up). The up to 3x speedup is for dominosec only. lotus5 was already mostly optimized(*), so it got only a ~10% further speedup on x86-64. (*) Short of potential major redesign, such as bitslicing (tough to optimize the S-box expressions enough) or use of VPPERM on XOP (too limited since we have few XOP-enabled CPUs), which we did not do. > About 40 cpu cores were contributed by visitors of linux.org.ru. > Thanks! During the first evening/night of the contest only, as far as I can tell, but yes - thanks to them! > We found several patterns but we did not track them properly. We used > only IRC this time unlike previous times when we used mailing list to > share progress. We had only 1 IRC channel so it was messy. Bad > experiment. No problem with only 1 IRC channel, I think (as opposed to more than 1). IRC traffic was low enough for that. I think results would be worse with more than 1 IRC channel, as some of us would not track all of them. > Dhiru Kholia tried to implement "wonderful" quite long and we got an > implementation in C but we did not get cracks. We did not try very > precise wordlist at all. We missed the possibility to use original php > script with minimal adoption to crack. Though Dhiru used it to produce > test hashes. Dhiru implemented "wonderful" as a trivial JtR format, and he was also the one to actually try cracking hashes with it - without luck, as Aleksey said. My advice to Dhiru was to group hashes by their set of underlying primitives, and attack the faster ones first (those with no SHA-512, etc.) - but apparently that was not enough. I guess there were some specific patterns we should have identified from related hashes and tried those on "wonderful", which apparently we did not. That's assuming that format was in fact working correctly, which we don't know reliably (without a single crack yet). > We used tomato wordlist from previous Hash Runner but we did not > reduce it. (Will tomato spread as a meme outside of Hash Runner?!) Per team Hashcat writeup, that wordlist was also relevant for the bsdicrypt hashes, but apparently we did not run it on them. Oops. > Unfortunately we got results from only a few good ideas and looked > into only a few problems. For instance we did not look into unknown > salted md4 format. We did not have much men with time. Those problems > we investigated were cool. I don't even know what exactly you're referring to by those "unknown salted md4" hashes. Were they from the mt_rand() task (user.db)? If so, they are not exactly unknown, but none of us put enough time into this task to solve it. I did notice that PHP would be outputting floating-point numbers in scientific notation after the three multiplications, but somehow felt it'd be 2^53 (based on the size of mantissa in "double"), plus a bit more from the slight uncertainty in the exponent. Per team Hashcat writeup, we now know it's actually 2^48 or so, and thus is even more practical to search. I think we also didn't locate Razor CMS, and didn't check its create_hash(), so I was merely guessing whether/how it applies the salt (thought it'd simply append or prepend to plaintext password, whereas apparently there's an extra MD4 pass). Pretty ridiculous on our part, but on the other hand I only spent about 1 hour total on this task during the contest, and it was hardly worth more of my time (vs. other ways I could contribute to the team's overall effort) given its moderate points potential. A very nice task on its own, though! > Problems and mistakes > > - lack of people, > - focus on all hash formats instead of just very fast at the beginning, > - bad management of patterns and attacks, > - I postponed phpass attacks, > - we did not make very precise wordlists, > - we found strange numbers in #2 but did not get cracks using them, > - we did not look into mt_rand well, > - we did not adopt original .php script to crack #12, > - we did not reduce tomato wordlist to make it precise, > - probably others. We have something to investigate. :-) Some of this analysis is subjective, and there are definitely more reasons why we didn't perform better. > We are happy that the contest is not overlapped with the conference. Yes, that was nice. We enjoyed meeting at PHDays. > We hope to be there again and to meet InsidePro team and hashcat there > next time too. Yes, it'd be nice to meet other teams. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.