Crack Me If You Can - 2014
- Hardware Used
- Dual Intel(R) Xeon(R) CPU E5620@2.40GHz
- Single Intel(R) Xeon(R) CPU E5620@2.40GHz
- Software Used
- JtR, twofi, cewl
First I'd like to thank KoreLogic again for putting together another fun and challenging contest. I wanted to dedicate more time, and certainly more hardware to the contest, but it was not to be. I did try very hard at the pre-contest or testing phase before the offical hashes dropped.
I wasted quite a bit of time with challenge-1, the VM. My VirtualBox install did not seem to allow me to get the network of the VM going, and mounting flash drives was very difficult for whatever reason. I did not try any hashes that came from that challenge, but I did eventually get the /etc/shadow off near the end. I was sleepy when I started working on the VM, so I'm assuming it's operator error that I didn't get it working.
I did manage to write a "for loop" that allowed me to extract all the doc and docx as well as some other challenge hashes. I didn't try docx for the first 24hrs, because I know how slow they are and I didn't want to waste my cycles. But I saw on the board I had credit for one, but I never attempted to crack them yet, so I used the loopback feature of JtR and got my first "real" docx crack "pass". I then dedicated more time to them, initially using the top 500 "worst" passwords, and found in fact that "password" worked too. I then made a wordlist of 2 words, "pass" and "password" and used my singe 8 core machine for that task. At 54p/s, but they were cracking using "-rules=single".
I didn't bother with LM at first, it's 1pt, and I thought everyone would have those so why try. But there were thousands of them, and they are really easy to crack, so why not dedicate a single thread to "-dumbforce" them... so I did, after I modified df to only include printable ascii, which could of been good or bad, I'm not sure. I think I have more LM than it says on the scoreboard currently (10734), nonetheless my first submission of LM put me into 3rd (Street Team)at that time. And not for very long :)
I didn't really focus on patterns, I found some challenges were filled with digits only and had some threads dedicated to those. I had 32 instances of john running on my 16 core machine, and I didn't notice any slow down on any hash, they were all putting up around the same numbers. So I did the same on the 8 core machine, using 16 john (mpi) instances for various hashes. I did write some very small wordlists when I found the "financial" pattern in the doc challenges, and that worked well.
I did find that the "iterative 1337" rules were working well however. That's where you "leetify" the letters, but not necessarily each instance of that letter. "Remember" get's leet'd to "Rememb3r", "Rem3mber", "R3m3mber" etc.. I found by using the korelogic rule set from the original CMIYC contest, that I was not using g=9 in my leet set's so I did try to add that into my rules. e.g. <C T0 %2[eol] op\p[30q] /e op3 /o op0 /l op1 #e's and o's
I had a good time in this years CMIYC, I was way more relaxed than in years past, and I used way less hardware than in any contest before. Next year I'm stepping it up in the hardware department, might have to get a GPU that's worth using too.