As you may know, we won the contest.
Here is the writeup:
https://hashcat.net/events/hashrunner201...d_2015.pdf
Cheers!
dropdead
Here is the writeup:
https://hashcat.net/events/hashrunner201...d_2015.pdf
Cheers!
dropdead
sch0.org
PHDays Hashrunner challenge 2015 - Writeup
|
As you may know, we won the contest.
Here is the writeup: https://hashcat.net/events/hashrunner201...d_2015.pdf Cheers! dropdead
sch0.org
great write up!
question regarding scrypt. how did you guys get JTR to work since it is not natively supported? also, did you guys happen to notice LM hash had a bunch of plains that appeared to look like encoded PHP? for example: \U77F3\U67F1\U \U6CE2\U6FE4\U \U8B66\U5099\U \U63D0\U723E\U \U7600\U9752\U or perhaps it was a dead end
05-21-2015, 06:05 AM
JTR does have scrypt support...
https://github.com/magnumripper/JohnTheR...h?q=scrypt
05-21-2015, 06:39 AM
thx, epixoip!
05-21-2015, 10:31 AM
05-21-2015, 11:39 AM
(This post was last modified: 05-21-2015, 11:49 AM by mastercracker.)
(05-21-2015, 06:05 AM)epixoip Wrote: JTR does have scrypt support...I got the precompiled binaries from 1.8.0 jumbo1 (win64) and could not get it to work (can't load hashes). Do you have to change the hash format? What --format value do you use in the command line, scrypt? Edit: I tried also the bleeding jumbo version 1.8.0.2 and had the same problem.
05-21-2015, 10:45 PM
If you look at the plugin you will see the format it expects:
https://github.com/magnumripper/JohnTheR...t.c#L54-78 You can also look at prepare() in the same file as well.
05-22-2015, 04:44 AM
(05-21-2015, 10:45 PM)epixoip Wrote: If you look at the plugin you will see the format it expects:Thanks for the help. I don't get it. I am in the bleeding jumbo version, I put one the hash that they provide in the link you gave me: Code: $ScryptKDF.pm$16384*8*1*VHRuaXZOZ05INWJs*JjrOzA8pdPhLvLh8sY64fLLaAjFUwYCXMmS16NXcn0A= Code: john.exe --format=scrypt --wordlist=dic4.txt hash.txt
05-22-2015, 05:12 AM
I had a similar issue. If you downloaded the Window pre-compiled binary then you are unlikely to be using the latest bleeding jumbo. Try this command below and check the results:
Code: john --list=format-tests --format=scrypt If the result from the last line looks similar to the output below then it is not the latest bleeding jumbo. Code: scrypt 10 SCRYPT:16384:8:1:VHRuaXZOZ05INWJs:JjrOzA8pdPhLvLh8sY64fLLaAjFUwY
Congrats Team Hashcat, you really showed us all how it's meant to be done.
Our team write-up is also up We had lots of fun! http://cynosureprime.blogspot.com/ |
« Next Oldest | Next Newest »
|