Back to
[Teams] [Top]
Team hashcat
Resources
| Active Members
| 14
|
| Nicks
| |m|, atom, blaz, d3ad0ne, Superjames, K9, legion, MKv4, pure_hate, Radix,
Rolf, T0XlC, Xanadrel, Dakykilla
|
| Software
| oclHashcat suite, John the Ripper, egb, pwp, and others
|
| Hardware
|
84 CPU cores (+ some hyperthreads), 46 GPUs
|
Preparation
We spent a lot of time getting ready for this years contest in order to
improve some of the things we felt went wrong last year. The main thing was
organization. We were madly sending text files around via email, ftp, ssh and
whatever else we could use and it was extremely unorganized. This year
Superjames spent a vast amount of time creating a web application which
tracked algorithms, uploads, found, not found, dictionary analysis and a
variety of other information which we have deemed important over the last few
years of cracking. This application made the entire contest a breeze to get
organized and was a invaluable asset to the team.
During the Contest
Since we knew that this year's competition was not about total number of
cracked passes but more like the weighting of the hash-type, we did
not attack the usual suspects like MD5, NTLM oder SHA1. We immediately
started to go for the hard ones, especially that ones that are supported by
oclHashcat-plus such as md5crypt and phpass. Both of the hashes gave 1000
points each and are fully supported. Additionally we had an defcon edition of
oclHashcat-plus that also support {SHA}, {SSHA}, raw SHA1, MySQL. This version
was specificly coded for the contest since we knew the guys from KoreLogic
would pick hash types which were not supported by current GPU proccessing. The
rest of the team set out to find how the passes were generated. We quickly
spotted the dates first, so we took the maskprocessor and ran it with
-1 .-/ -2 0123 ?2?d?1?2?d?1?d?d. Soon we realized those masks are
mostly used in all the algorithms. So it looks like that if you find one mask,
you just have to run it on all the algorithms to get the most out of it.
Adding mscash2 Support
We realized that mscash2 gave so many points, but it's freaking slow. The only
tool that supported it was John and latest omp build gave me only 545/s on my
4200+. On a Intel 17 965 Extreme we were only getting about 75/s which was
seriously slow. We started to attack the Mscach2 and were able to recover a few
but not enough to put us in the lead. At this point the contest had been
running for about 12 hours and the first stats came up we saw that the other
teams we making a run at the mscash2 hashes. We had no choice. since our focus
is utilizing the GPU rather than the CPU. so Atom stopped all cracking and
focused on implementing the mscash2 algorithm for the -plus version. He started
with the AMD version because most of the people on the team were using AMD
gpus. About 6 hours later we had our first working version but it was painfuly
slow. 18000/s on my hd6990. It was however, at least 30 times faster than jtr's
CPU-only version.
The rest of the team started using it to crack while Atom spent his time
optimizing it a bit. Atom found out that it's possible to precompute 2/4 sha1
transforms of the PBKDF2. This and some other relevant optimizations lead to an
end result of 112k/s on an stock clock hd6990.
At this point we started looking for patterns in the mscache2 since it was
obvious the same patterns we present in all the hash types. Once a pattern was
found it was used to attack all the other algoritms. About 8 hours before
deadline Atom decided to port the mscash2 to nvidia. Once a beta version of
this was done it was sent to radix who has a nice 7 gpu nvidia rig and the
results kicked in massive. we got about 115 mscash2 in a single 10 minute
run.
It was at this point we realized there must be a bug in the AMD version since
the Nvidia version worked perfectly so Atom dropped back out of cracking to hunt
down the bug. It took about 6 hours to find out that a sizeof() used the wrong
datatype. Atom fixed it but at this point we only had about 30 minutes left. So
we uploaded the new amd kernel to D3adone's GPU cracking box which is a an 8 x
hd6970 rig, At this point we were now making 450k on mscash2. We started with
545/s and now we are at 450k/s.
Last Minutes of the Contest
In the last 20 minutes we found 30 more mscash2. We uploaded them but then
Korelogic cut off the line while we were still finding more and more mscash2.
10 minutes after deadline we had 15 more mscash2 but it was to late. We are
very happy to get a honorable second place and congratulate the Inside Pro team
on a good battle.
Final Thoughts
This contest showed that oclhashcat-plus has the potential to be one of the
best and most versatile crackers. We just need to add more algorithms and keep
them secret from Minga. We could crack only 50% of the algorithms with hashcat
tools, so the plan is now to add more algorithms to oclHashcat-plus. Expect a
new version soon which will support:
- SHA1
- MySQL
- SHA-1(Base64)
- SSHA-1(Base64)
- MSSQL(2000)
- SHA256
- Oracle11g
- mscash2
- MSSQL(2005)
...and more later. This will hopefully prepare us better for next year's
CMIYC.
| Name | CPUs | GPUs | OS | Software in Addition to *hashcats
|
| |m| | Q6600 x 1 | 5870 x 1 | XP 32 |
|
| atom | AMD Athlon 64 X2 6000+ | HD6990 | Linux 64 | jtr
|
| blaz | i7 930 + AMD X6 1035T | 9800gtx + 6570 | Win7 64 | jtr, egb, pwp
|
| d3ad0ne | x5650 x2, 980x x1 | 6970's x8, GTX 480's x4 | Linux 64 | jtr
|
| Superjames | i7 860 | 5870 x 2 | Linux 64 | jtr
|
| K9 | E8400 | 4870 | Win7 32, Win7 64 | pwp, ighash
|
| legion | Q6600 x 2 | 8800 gts x 1 | XP 64, Win7 64 | pwp, egb
|
| MKv4 | 3.1ghz x2 | HD5770 | Win7 x64, Linux x64 | ophcrack, pwp
|
| pure_hate | i7 965 Extreme | 6990 x 3 | Linux x64 | jtr
|
| Radix | 2x E5645 1x 1055T | GTX 580 x 7 5870x2 | Linux x64 |
|
| Rolf | T1090 | GTX 480 x 2 | Win7 x64 | pwp, egb, Accentsoft
|
| T0XlC | 1x E5504 | GTX480 x 1 | Win7 x64 | pwp, egb
|
| Xanadrel | i7 950 | 5770 x 1 | XP 32 | jtr
|
| Dakykilla | i7 965 Extreme | 6990 x 3 | Linux x64 | jtr
|
