seriously guys, good game. this year's contest was very challenging in some key areas, which was both frustrating and entertaining.
one of the tools that atom left out of the list was PHP, which was heavily use as a general-purpose scripting language to develop crackers for the wonderful and mtrand challenges especially.
and speaking of, i would greatly appreciate it if someone could explain the correct approach to solving the mtrand challenge, if there even is one. as atom stated, we eventually "cheated" and just brute forced the passwords generated with the generate_password1() function after two days of brute forcing seed values with various versions of php, but this does not actually solve the challenge of predicting the random values used to generate the passwords. i understand the solution in theory, but in practice i was unable to exploit it. i thought for sure john-users would have aced the challenge since solar had already written php_mt_seed, but i guess they didn't.
this also makes me wonder, what happened to john-users this year? way behind the pack...
one of the tools that atom left out of the list was PHP, which was heavily use as a general-purpose scripting language to develop crackers for the wonderful and mtrand challenges especially.
and speaking of, i would greatly appreciate it if someone could explain the correct approach to solving the mtrand challenge, if there even is one. as atom stated, we eventually "cheated" and just brute forced the passwords generated with the generate_password1() function after two days of brute forcing seed values with various versions of php, but this does not actually solve the challenge of predicting the random values used to generate the passwords. i understand the solution in theory, but in practice i was unable to exploit it. i thought for sure john-users would have aced the challenge since solar had already written php_mt_seed, but i guess they didn't.
this also makes me wonder, what happened to john-users this year? way behind the pack...