Korelogic Logo
 
 
"Crack Me If You Can" - DEFCON 2011
 
  Insidepro team 2011 has won the contest!  
 
Back to [Teams] [Top]

Team panda

Resources

Active Members 1
Nick panda
Countries South Africa
Software hashcat, oclhashcat*, maskprocessor, JtR, Elcomsoft AAPR & APPR
Hardware 4 CPU cores: 1x i7-2630QM
3x GPU cards: Radeon 5770, Radeon 5830, Nvidia GT 555M

Software and Preparation

The main pieces of software used were hachcat, oclhashcat-plus and JtR. My experience with these tools was minimal going into the contest, however that has certainly changed. For the challenges I also made use of trial versions of Elcomsoft's Advanced Archive Password Recovery and Advanced PDF Password Recovery. Some code was written before the contest which mostly dealt with the creation, de-mangling and formatting of dictionaries into wordlists that could be used with the different tools. During the contest, plenty bash one-liners were used.

I had somewhat prepared for the format used in last years contest, so the contest started with me in a bit of a panic. This led to some rather rash decisions resulting in a lot of work being duplicated later on, mostly due to bad record keeping. Another thing that worked against me was the fact that I thought I knew the tools I was using better than I actually did. Fortunately, most of this was resolved by the Saturday afternoon.

Approach

The approach I finally ended on was to use hashcat and oclhashcat* with well known wordlists such as RockYou, InsidePro (full), Opencrack, freerainbowtables.com, wikipedia-wordlist-sraveau-20090325, etc. to crack the fast hashes and to then find patterns for the creation of new wordlists. These wordlists were then used against the slower hashes; which resulted in a fair amount of them being cracked (although the mscache2 hashes seemed to elude me). I must admit I got a bit distracted and tried to crack more of the faster hashes than was necessary, thereby wasting time that should have been used for the slower hashes (which seems to be what some of the other teams got right). Nonetheless, bar the time wasting, I found this approach to be pretty effective.

Whilst that was running in the background I started working on the challenges. For these 'maskprocessor', also published by the hashcat team, was super handy. 'Maskprocessor' allowed me to test and create the needed dictionaries on the fly, with very little effort, thus resulting in me cracking these hashes very quickly.

Lessons Learned and Thanks

If I had to do it again, I would definitely have better familiarised myself with the tools. Also, sitting down and working on a proper strategy before tearing-off would have helped a lot.

All in all though, I had an awesome time and learnt a helluva lot.

I would like to thank the the guys from Korelogic for hosting the contest; I imagine it was a mammoth task and they handled all the little issues (that are bound to crop up) quickly and with no interruption to the contest itself. I really do hope they decide to run the contest again next year.
 
 

Please contact us if you would like more information about our services, tools, or careers with us.
HOME : SOLUTIONS : RESULTS : TOOLS : RESOURCES : ABOUT KORELOGIC
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved