PHD hashrunner 2013
#11
Hi!

First of all, Atom, everybody,
Thanks for feedback this clear and straight but still constructive.

Well, let’s start from organizational part. For sure, we f***ed up the organizational part. There are a lot of reasons to this, most of them “we wanted to make something awesome” gone terribly wrong with contractors and we had to make everything in a very short timeframe from the beginning, like website, scoreboard, uploading and processing on a trashy, nearly dead hardware. From contestants point of view that was a huge fail and we are not going to deny it. From some other point: we had no sleep at all for several days trying to make the contest up and running, and in the end we somehow managed things to be ok.

About patterns and hints

Actually, the approach with lot’s of same plaintexts and strictly defined themes was an attempt to compensate hardware requirements for participants. To create a way to successfully crack hashes not only by using lots of calculation power, but to think and analyze given data. And despite the small number of contestants several small two-player or even lonegunman’s teams were able to compete and crack more than half of all tasks. Call it bad or good, that was a thing we intentionally choose to give a try.

The hints. They are a lot of them in real life. Pentesting you are always working with some company in some industry with different fields of expertise: it can be a depository, holding or power station, oil refinery … not mentioning the obvious like banks, shops, etc. Any generic headquarter office user use “more” common passwords and if you get closer to “workers”, engineers, operators and so on you’ll start to meet a lot of “specific” patterns in people’s passwords. When we are fighting with some important hash we are not bruteforcing, we are trying to create some targeted wordlists for mutation. To add that not only specifics is crucial but language too, transliterated and different layout passwords are very common and could hardly be guessed without hint in contest.

In collision of this two approaches predictable and limited plaintexts appeared at contest. Now we can see that we definitely liked it as an experiment, but will we keep the _same_ approach next year? We’ll see and more importantly, not only you, we hope others will mention their views on this.

Yes, it was too much connected to patterns and your critics is eligible. Some part of the _cracking_ itself was ruined. Immediate idea how to patch current approach is to add much more themes of smaller sizes and don’t use duplicate plaintexts between algorithms. What do you all think, will it make a big difference?

About teams

The huge and separate topic is about complete domination of top teams. In case of contest: How it is possible to control the real amount of team members or individual efforts? Or maybe how people can introduce more teams like top one’s?
To be honest, I see it as feature of subculture right now and this is a nice thing.

Things that didn’t get to production of hashrunner

We discussed adding non-obvious (khm, real life) ways of acquiring hashes, like sql injections, rce’s, lfi’s, binary exploits, running post exploitation tools, but this would led us to even more shifted focus from hash cracking even though we thought of giving away scripts and exploits for this.

More, during pentest you don’t need to crack all the hashes you acquired. It’s always about privileged user one’s (most of the time). We planned to add several “Administrator” hashes to some packs that logically (in case of real pentest) should have brought you the points for all pack (as you compromised the system), but again, that will not be fair in case of hash cracking contest. The only way this could be ok, if we add dozens of different input packs for contest.

Outro

Broken hashes (i.e. blind sqli’s struggling with special chars or developer bugs), locally forced to use or used hashing algorithms (hashcat introduced GOST support) and newly introduced ones (skein was in the initial list of contest, keccak get there). That’s for start about the improvements not mentioning your teamwork and we hope fun.

At last,
First thing we did preparing a contest – a decision to make things different and to experiment.

And again,
Thank you for feedback,
hashrunner team
Reply
#12
I was actually going to play the devil's advocate but did not had the time to write it properly. Since that Hashrunner has replied, I will just give my views on the contests.

First, let's face it, unless each team is gathered in an enclosed building (which will not happen even if it would be fun), there is no way to control how many people and how much hardware there is per team. Judging by the experience of the previous CMIYC contests, one of the thing that you realize is that even if you have lots of people and/or GPUs in your team, they have to be managed properly or you don't get any advantage from it. So I think that there is no point trying to control/compensate this. At best, if you want the contest to be "enjoyable" for everyone's includind unexperienced cracker, each algo should have multi-layered difficulty passwords so that each algo contains a certain amount of easy to crack password like... "password".

About hints, I am not a pentester so I cannot judge by that but by working on large leak hashlist, it's true that you get patterns and that you can/have to build attack on your first finds to get increasingly more complex passwords. Including puzzles or things to think about for me spices up the contest and personally like it a lot but it's true that it deviates from a strictly hash cracking contest. But every contest, including CMIYC, was like that thus far. To be succesful, you had to figure out what were the wordlist and rules that the organizer used to generate the password for every hash type.

One thing that I think was better than CMIYC is that you submit password with their respective hashes. In CMIYC, sometimes you would crack passwords from easy algorithm and get undeserved points for a complex algorithm also. I think that it makes more sense that the teams have at least to try using their previous finds on other algo to deserve the points.

As a suggestion for next year, adding bonuses point for the team that cracked the most hashes in each hash type is a good incentive to force the team to work on every hash type instead of focusing solely on the highest worth algorithms.

Finally, are you going to disclose the full list of passwords for every hash types? If you do, please give us a link here. I am sure most of us would like to know what was the pattern(s) for the SHA256(unix).
Reply
#13
(05-28-2013, 06:29 PM)mastercracker Wrote: I am sure most of us would like to know what was the pattern(s) for the SHA256(unix).

some guys have already figured it out. the hint in the picture was valid. you will bang your head against your keyboard when you see it.
Reply
#14
(05-28-2013, 06:35 PM)epixoip Wrote:
(05-28-2013, 06:29 PM)mastercracker Wrote: I am sure most of us would like to know what was the pattern(s) for the SHA256(unix).

some guys have already figured it out. the hint in the picture was valid. you will bang your head against your keyboard when you see it.
Now I know... And I need to change my keyboard...
Reply
#15
I'm going to quote some of the comments

@thorsheim

Quote:"Since there are no such hints in the reality."

I agree with what you wrote, except that part Atom. In real life there is a *ton* of hints, very many of which has never been part of any password cracking contest.

Yes, there are hins in real-life. Like company name, account owners fullname, department etc. But this would be data that is written on paper and can be accessed from a program. Think of it like a list of attributes you can bind to a hash. That would be ok since you can feed the cracker with this data. But the hints we'd in the contest was a picture, that's nothing I can feed a cracker with.

@plan2000

Quote:Why not think about it like organisers in search of people being to reverse unknown logic (with limited hints) without the dependency on the tools to do the checking.

I really had a hard time understanding what you mean. It's because it does not match a password cracking contest. Such a thing is more suited to an AI contest, no? Smile

@epixoip

Quote:My apologies if you noticed this, but it was actually much simpler than this. You know how the MD4 and bcrypt hashes were in the same file, and shared the same hint? Yeah, they shared the same passwords as well. So all you had to do after cracking all of the MD4 hashes was run your MD4 plains through the bcrypt hashes :/

Actually, I didn't see it (but other team member did) and I admit this is nice since it's what we see in real-life. We know passwords are shared across multiple systems. No complains here.

@K9

Quote:I don't like to search for pattern. This passwords are not realistic. I prefer more realistic passwords instead of the pattern search & brute game.

Yes, me too. What I forgot to say about it in my first post that I also didn't like it because it's boring to do the same pattern search algorithm (see epix's post) again and again.

@halfie

Quote:Hard to believe but at least 3 out of 10-12 guys were using laptops.

Due to the nature of the contest it is not hard to believe.

@hashrunner

Quote:For sure, we f***ed up the organizational part.

That's the part I cared most less about Smile

Quote:The hints

See my reply to @thorsheim I think my description wasn't clear enough.

Quote:About teams

See my reply to @mastercracker he actually made a good suggestion.

Quote:We discussed adding non-obvious (khm, real life) ways of acquiring hashes, like sql injection...

Don't dothat. It's not a CTF. I agree with you, do not shift the focus from hash cracking

Quote:More, during pentest you don’t need to crack all the hashes you acquired.

Well. Why not have a contest with a hashlist of lets say 100 admin hashes only? That would be cool, too.

The more I think about it I think it would rock! There is no need to have 100000 hashes in every contest.

@mastercracker

Quote:Judging by the experience of the previous CMIYC contests, one of the thing that you realize is that even if you have lots of people and/or GPUs in your team, they have to be managed properly or you don't get any advantage from it.

We made the same experience in team hashcat. Even with hardware stacked, it doesn't matter much. I fully agree, there is no need to have any limitation in a password cracking contest. Once your team has 10 members there is no much of a difference to a team with twice the number of members.

What about a league system? That way single-persons or unexperienced once do not need to fear to play against the major teams. Maybe that would motivate more people to participate. It would also remove the need for a pattern focused contest since the major league will only be between the big teams. Just an Idea, not fully evolved.

Quote:One thing that I think was better than CMIYC is that you submit password with their respective hashes.

Agree!

Quote:As a suggestion for next year, adding bonuses point for the team that cracked the most hashes in each hash type

Agree!



Finally I want to add the following:

The most important section in my critic was "Organizers failed to rewrite the rules 1". I'm a bit disappointed that no one commented it. It's what brake the contest, even if we're looking at it as a pattern-matching contest. There was no big difference in the complexity of the pattern (even not sha256). Thus there's no reason to have a specific pattern given more points than the others. In case you'd continue to use pattern based contest you should at least equal the points, since weighting does not apply here.

--
atom
Reply
#16
Most of the things have been said, so I will only ask about the phantom 5 and 7 files: what were they supposed to be and why weren't they added during the contest?
GOST hashes were supposed to be in one of those files, right?
Reply
#17
i don't know for sure, but i believe 5 & 7 were only going to be released if the 50% mark wasn't broken. from the "prices" page it looks like they had phpass, postgre, sha1, and broken sha1 hashes.
Reply