headers
Solar Designer | 2 Aug 2010 07:35
Favicon

contest results

Brandon - congrats to you and CrackHeads on what looks like your third
place: http://contest.korelogic.com/stats.html

Apparently, we're 4th.

On Fri, Jul 30, 2010 at 03:06:46AM +0000, Brandon Enright wrote:
> ...  I am going to compete in the
> contest and I'm not on the john-users team.  If I had known a month ago
> there was interest I would have joined.  Now that I have prepared for
> the contest I want to compete with my own team.

This is understandable, although you could have just asked whether there
was interest a month ago. ;-)

> As I told SD, no matter what team wins, I have little doubt that it
> will be a John-powered victory.

This is now doubtful.  The two winning teams, according to their names,
relied on closed-source software, although I suspect that they were
using John as well (and indeed John has indirectly contributed to what
those closed-source programs have become).

Brandon, Minga -

I'd appreciate more info on what each team has been using/doing -
hardware (and cost incurred, if any), software (free or previously
acquired, I suppose?), password cracking techniques, team management
(e.g., what separate roles?), how many team members (and how many of
them actually "active"), external contributions accepted (e.g., if
another team shared their passwords) and how much help they were (e.g.,
(Continue reading)

Permalink | Reply |
headers
Brad Tilley | 2 Aug 2010 19:16

Re: contest results

Solar Designer wrote:

"I'd appreciate more info on what each team has been using/doing -
hardware (and cost incurred, if any), software (free or previously
acquired, I suppose?), password cracking techniques, team management
(e.g., what separate roles?), how many team members (and how many of
them actually "active"), external contributions accepted (e.g., if
another team shared their passwords) and how much help they were (e.g.,
90% overlap with what the team already had), also info on stuff used by
those external contributors if known.  I am willing to provide this info
on our team."

--------------------------------------------

Hey Solar and JTR-users,

I did a small write-up here about methods, resources, etc that I used
with 16Crack (software I wrote to crack hashes). I also posted the
passwords I cracked:

http://16systems.com/16crack/defcon.php

Although we got creamed in the contest, it was very fun! One thing that
concerns me is that the passwords seemed very contrived, not real-world
in my experience. For example, there were no number only passwords and I
routinely see 5% or so of those (dates, phone numbers, etc.) in the
real-world. Also, the rock-you-75 list, which is usually pretty good,
only got about 50 of the contrived passwords.

All in all though, it was very fun and I hope they do it again next
(Continue reading)

Permalink | Reply |
headers
Brandon Enright | 2 Aug 2010 23:19
X-Face
Face
Favicon

Re: contest results

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 2 Aug 2010 09:35:54 +0400
Solar Designer <solar <at> openwall.com> wrote:

> Brandon - congrats to you and CrackHeads on what looks like your third
> place: http://contest.korelogic.com/stats.html

> 
> Apparently, we're 4th.


Alexander,

Thank you very much -- getting third is quite bittersweet -- I feel
guilty for not having John in my name since 95% of my cracks were from
John.  I'm also disappointed that a bit of fire-and-forget GPU cracking
of the NTLM hashes beat out both our team's hard work, adaptation, and
innovation.

The other member of my team to help with the cracking was a co-worker
of mine, Tom Maddock (t2maddock <at> ucsd.edu).

I am writing up my contest experience, strategy, thoughts, and
suggestions right now.  I should have the email done in a few hours.

> 
> On Fri, Jul 30, 2010 at 03:06:46AM +0000, Brandon Enright wrote:
> > ...  I am going to compete in the
> > contest and I'm not on the john-users team.  If I had known a month
(Continue reading)

Permalink | Reply |
headers
Solar Designer | 3 Aug 2010 00:23
Favicon

Re: contest results

On Mon, Aug 02, 2010 at 09:19:28PM +0000, Brandon Enright wrote:
> I'm also disappointed that a bit of fire-and-forget GPU cracking
> of the NTLM hashes beat out both our team's hard work, adaptation, and
> innovation.

Do we know that it's GPU cracking that did the trick?  I think the
winning teams did other things better as well - perhaps there were
simply more active people involved and the teams were better organized
(well, definitely better than ours - I was just building the team and
setting up the file-exchange server _during_ the contest).  Computing
resources were secondary for this contest, I think.  I didn't even make
use of all I was going to (peaked at as few as 12 CPU cores in use under
my own control) - had no time to _reasonably_ put more CPUs to use, my
time was better spent looking for and implementing patterns.  Our score
was primarily limited by not having enough people who would look for
patterns, implement those into rules or code, and test them.  I was
doing that myself, and it was the primary thing that helped, but few
others on our team did this to much extent.  (I am not complaining about
the team, no.  I actually enjoyed working with everyone, regardless of
whether this helped in the contest or not!  And a lot of contributions
from team members did help greatly!)

I am wondering if the hashcat folks maybe tried auto-generating rulesets
based on cracked passwords (which would save people's time).

> I am writing up my contest experience, strategy, thoughts, and
> suggestions right now.  I should have the email done in a few hours.

Sounds great!
(Continue reading)

Permalink | Reply |
headers
Rich Rumble | 3 Aug 2010 00:50
Picon

Re: contest results

I had a lot of fun with this, I'm sorry I only dedicated 8 threads to
it, but after
the first 12 hours I'd run out of variations using single, leet, leet
prepend, leet
append, dumbforce, keyboard etc... I'm sure I duplicated Solar's and
others efforts
initially. Eventually I tried writing other rules, using other
dictionaries, more of Solar's
rules, concentrating on NTLM. I also poisoned the well, my pot's
contained a good
bit of old hashes. I should of prepared better in the 8hrs prior to
contest start, well
even before that would of been a good idea :)

> I guess I need to share our stuff too, although I'm not sure I have
> _exactly_ the last contest submission's results saved (I may have only
> slightly earlier and slightly later post-contest results).

With all the duplicate cracks I wonder if it's easy to tell who
contributed what, it may
become who contributed first? Anyway I'm still very keen to learn more
of Jtr, and use
other modes like Markov and parallel. knownforce is another mode I've
not worked with
I'd like to explore. Nonetheless, I hope I helped this time around and
I'll certainly be
back if there is a next contest.
-rich
xinn.org
(Continue reading)

Permalink | Reply |
headers
Solar Designer | 3 Aug 2010 01:09
Favicon

Re: contest results

On Mon, Aug 02, 2010 at 06:50:49PM -0400, Rich Rumble wrote:
> With all the duplicate cracks I wonder if it's easy to tell who
> contributed what, it may become who contributed first?

Not easy indeed, often impossible, and in some cases this question does
not even make sense.  For example, if you contribute the password "A",
I run my ruleset on it and come up with the password "A1" as a result
(for another hash), who contributed "A1" - you or me or neither or both?
Then "A1" gets reused even further.  One of us looks at it, notices
"B1" as well, comes up with a "u $1" rule, and cracks "D1" through "Z1".
Who contributed that?  This is team effort, really. :-)

Alexander
Permalink | Reply |
headers
Rich Rumble | 3 Aug 2010 01:15
Picon

Re: contest results

My self-worth is derived by richrumble hashes = 20,001 hashes
Anything less and I fall on my sword!
Goodbye cruel world!

> Who contributed that?  This is team effort, really. :-)
-rich
Permalink | Reply |

Gmane