1Password Competition - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: 1Password Competition (/thread-7480.html) |
1Password Competition - PhilipS - 05-06-2018 Is anyone using Hashcat to play the 1Password Game competiton? (https://bugcrowd.com/onepasswordgame) If you are, I'd like some help with the syntax of the command I should be using. I can't get the samples to crack, so clearly I'm missing something Thanks, Philip. RE: 1Password Competition - royce - 05-12-2018 It's after the official period of the challenge, but since people could theoretically keep working on it ... If you post the syntax you were using, we might be able to help. The hashcat hash mode is -m 10900, if that helps. RE: 1Password Competition - Flomac - 05-13-2018 I also tried to verify the samples and failed. Same with the answers of the last challenge. hash mode -m 10900, -a 0 (straight) The input hash structure looks like this: "sha256:100000:Salt:Hash" As a password I used either "word1[space]word2[space]word3" and "word1word2word3". A sample creation running along side with the other hashes works perfectly. Don't know if they did something special here. RE: 1Password Competition - PhilipS - 05-13-2018 I'm looking at this example here: https://github.com/agilebits/crackme/tree/master/doc { "id": "CPU6BAGE", "hint": "3 words", "prf": "HMAC-SHA256", "rounds": 100000, "salt": "00bb202b205f064e30f6fae101162a2e", "derived": "91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d", "pwd": "tanbark artistic callus" } 1) My test hashfile is this: sha256:100000:00bb202b205f064e30f6fae101162a2e:91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d 2) My test dictionary has these two lines: tanbark artistic callus tanbarkartisticcallus (I wasn't sure if they were including spaces between the words or not.) 3) I ran Hashcat like this: /usr/local/bin/hashcat --hash-type 10900 --attack-mode 0 "sample_hash.txt" "test_dictionary.txt" But it has no success. RE: 1Password Competition - undeath - 05-13-2018 as you can see on https://hashcat.net/wiki/doku.php?id=example_hashes mode 10900 uses base64-encoded data, not hex RE: 1Password Competition - royce - 05-13-2018 Proof of concept: Code: # Convert salt and hash from hex to raw and then to base64: RE: 1Password Competition - PhilipS - 05-14-2018 Ah, thank you! RE: 1Password Competition - Flomac - 05-14-2018 Thanks royce, that did the trick. Although that 'challenge' is bit less challenging for the cracker than for the hardware. They deliver a wordlist which is easy to combine, but my two GTX980 hover around 13-14k in a quick test and would take years to crack only one password. Even by guessing and assuming you need MUCH better hardware to solve one of these in a reasonably time. Or luck. RE: 1Password Competition - royce - 05-14-2018 Yep. The only way to make real progress on it would be if multiple teams with lots of cards all cooperated. Which would itself be pretty cool, IMO. RE: 1Password Competition - SpencerCostanza - 05-25-2018 "The only way to make real progress on it would be if multiple teams with lots of cards all cooperated." I see, thanks for the tip! |