Official Best64 Challenge Thread
#41
(03-31-2012, 12:13 AM)atom Wrote: the post was not deleted, just splitted into a seperate thread, since this thread is about the challange, not about strange rule engine behaiviors. please read the http://hashcat.net/forum/thread-1027.html then you hopefully understand why it works how it works...

Yes now I understand how it works. I apologize for not seeing that. Smile
Reply
#42
Thanks to dakykilla:

Quote:o0to0b o0t o0b

can be written as just "o0b" Smile
Reply
#43
Fun competition, although I didn't join in. You guys are way much better than I am, so I didn't even consider trying. :-)

On the other hand I suddenly had this weird thought when the competition was over, and atom said that the new and improved best64.rule would be provided with the new 0.08 version of oclHashcat-plus. "What if the new best64.rule is actually worse than the old one for other lists than those used in the competition?"

Time for my experiment:
I've got 85615 unique NTLM hashes, originating from a domain with complexity requirements turned on (default config from Microsoft). I will use the same wordlist (passwords_top10k.dict.txt), as used in the competition, and run that against the NTLM hashes using the old and the new best64.rule, to see how many hashes gets cracked using each one.

My command line (Ubuntu 12.04LTS 64-bit, Nvidia GTX580, newest drivers, all updates installed):
cudaHashcat-plus64.bin -m 1000 -o best64.test --outfile-format=7 -r rules/best64.rule -a 0 ntlm.txt passwords_top10k.dict.txt (& best64-old.rule for the other run)

best64.rule is 1044 bytes, 103 lines
best64-old.rule is 548 bytes, 69 lines

Interesting results indeed:
best64.rule (new): Recovered 1364/85615
best64-old.rule (old): Recovered 2187/85615

It's 01:40 now, so I'll drop any more tests to be sure my brain isn't messing up things too much, but I will do some more testing over the next couple of days.
Reply
#44
I mentioned this issue in my writeup. The competitors were obviously incentivized to target the provided hashes. I haven't done any testing myself, but if this is true I am not surprised at all.

Never really understood the best64 obsession anyway. 64 is a small number, and you should customize your attack to each target.
Reply
#45
Its all about the slow ones, like md5crypt, phpass, WPA/WPA2...
Reply
#46
Has anyone still got the top10k file and perhaps the hashes for this challenge?
Reply
#47
You can build it yourself, check page 4, there is detailed explanations on how to generate it
Reply