05-27-2013, 05:20 PM
Like atom and I discussed on IRC: you know a contest is ill-designed when a solo participant who does not even have the time to devote to doing the contest can come in fourth place using a single system, working on one algorithm at a time, doing most of the attacks on CPU.
Yes, but it was not like this though. It was very obvious that the passwords were generated explicitly for the contest, and had very little reflection on real life. The contest became about who could reverse engineer the exact list & rules they used to generate the passwords, and very little to do with password cracking. As an example, here's the formula I used:
1. Select an algorithm
2. Kick off some generic attacks
3. Come back 2-3 hours later and analyze cracked passwords for patterns
4. Google to find the exact list that they used to generate the passwords
5. Write rules / run hybrid attacks against the Googled wordlist, crack 95-100% of the list
6. Go back to step 1
So you can see how there was very little reflection on reality.
My apologies if you noticed this, but it was actually much simpler than this. You know how the MD4 and bcrypt hashes were in the same file, and shared the same hint? Yeah, they shared the same passwords as well. So all you had to do after cracking all of the MD4 hashes was run your MD4 plains through the bcrypt hashes :/
(05-27-2013, 02:00 PM)Itinsecurity Wrote:(05-27-2013, 12:34 PM)atom Wrote: Password pattern do not mirror a real-life situation in a pentest
In real-life situation you do not crack 100% of an unknown list. Especially not if it is salted, highly-iterated or use bcrypt or sha512crypt.
True, but as someone on the receiving end of security advice from pentesters and security consultants, I often hear that users will choose passwords that follow common patterns.
So even if you won't crack everything with a single pattern, you should be able to cover a lot by finding a few patterns.
Specifically, I'm thinking of the claims that users will form their passwords according to whatever policy is enforced on them (ie. the classic example Password01, with capital first, and digits at the end.).
Yes, but it was not like this though. It was very obvious that the passwords were generated explicitly for the contest, and had very little reflection on real life. The contest became about who could reverse engineer the exact list & rules they used to generate the passwords, and very little to do with password cracking. As an example, here's the formula I used:
1. Select an algorithm
2. Kick off some generic attacks
3. Come back 2-3 hours later and analyze cracked passwords for patterns
4. Google to find the exact list that they used to generate the passwords
5. Write rules / run hybrid attacks against the Googled wordlist, crack 95-100% of the list
6. Go back to step 1
So you can see how there was very little reflection on reality.
(05-27-2013, 12:34 PM)atom Wrote: Take the bcrypt's for example. Once we found out that the pattern were like:It's easy to crack all the hashes. That's the reason why the teams were able 100% of all the hashes.
- Indigo -> 1nd1g0?d?d
- Orange -> 0r@ng3?d?d
- Blue -> Blu3?d?d
My apologies if you noticed this, but it was actually much simpler than this. You know how the MD4 and bcrypt hashes were in the same file, and shared the same hint? Yeah, they shared the same passwords as well. So all you had to do after cracking all of the MD4 hashes was run your MD4 plains through the bcrypt hashes :/