hashcat Forum Misc Organisation and Events v
PHDays Hashrunner challenge 2015 - Writeup

Thread Closed 
Threaded Mode
PHDays Hashrunner challenge 2015 - Writeup
kartan Offline
Team Hashcat Leader
***
Posts: 68
Threads: 3
Joined: Feb 2011
#1
05-19-2015, 10:36 PM (This post was last modified: 05-19-2015, 10:37 PM by kartan.)
As you may know, we won the contest.

Here is the writeup:

https://hashcat.net/events/hashrunner201...d_2015.pdf

Cheers!
dropdead
sch0.org
Find
forumhero Offline
Senior Member
****
Posts: 313
Threads: 44
Joined: Aug 2011
#2
05-21-2015, 03:40 AM (This post was last modified: 05-21-2015, 03:40 AM by forumhero.)
great write up!

question regarding scrypt. how did you guys get JTR to work since it is not natively supported?

also, did you guys happen to notice LM hash had a bunch of plains that appeared to look like encoded PHP? for example:

\U77F3\U67F1\U
\U6CE2\U6FE4\U
\U8B66\U5099\U
\U63D0\U723E\U
\U7600\U9752\U

or perhaps it was a dead end
Find
epixoip Offline
Legend
******
Posts: 2,936
Threads: 12
Joined: May 2012
#3
05-21-2015, 06:05 AM
JTR does have scrypt support...
https://github.com/magnumripper/JohnTheR...h?q=scrypt
Find
forumhero Offline
Senior Member
****
Posts: 313
Threads: 44
Joined: Aug 2011
#4
05-21-2015, 06:39 AM
thx, epixoip!
Find
Xanadrel Offline
Professional Asshole
******
Posts: 347
Threads: 3
Joined: May 2010
#5
05-21-2015, 10:31 AM
(05-21-2015, 03:40 AM)forumhero Wrote: LM hash had a bunch of plains that appeared to look like encoded PHP? for example:

\U77F3\U67F1\U

> Encoded PHP
kek
Find
mastercracker Offline
Senior Member
****
Posts: 621
Threads: 57
Joined: May 2010
#6
05-21-2015, 11:39 AM (This post was last modified: 05-21-2015, 11:49 AM by mastercracker.)
(05-21-2015, 06:05 AM)epixoip Wrote: JTR does have scrypt support...
https://github.com/magnumripper/JohnTheR...h?q=scrypt
I got the precompiled binaries from 1.8.0 jumbo1 (win64) and could not get it to work (can't load hashes). Do you have to change the hash format? What --format value do you use in the command line, scrypt?

Edit: I tried also the bleeding jumbo version 1.8.0.2 and had the same problem.
Find
epixoip Offline
Legend
******
Posts: 2,936
Threads: 12
Joined: May 2012
#7
05-21-2015, 10:45 PM
If you look at the plugin you will see the format it expects:

https://github.com/magnumripper/JohnTheR...t.c#L54-78

You can also look at prepare() in the same file as well.
Find
mastercracker Offline
Senior Member
****
Posts: 621
Threads: 57
Joined: May 2010
#8
05-22-2015, 04:44 AM
(05-21-2015, 10:45 PM)epixoip Wrote: If you look at the plugin you will see the format it expects:

https://github.com/magnumripper/JohnTheR...t.c#L54-78

You can also look at prepare() in the same file as well.
Thanks for the help. I don't get it. I am in the bleeding jumbo version, I put one the hash that they provide in the link you gave me:
Code:
$ScryptKDF.pm$16384*8*1*VHRuaXZOZ05INWJs*JjrOzA8pdPhLvLh8sY64fLLaAjFUwYCXMmS16NXcn0A=
I use the following command line:
Code:
john.exe --format=scrypt --wordlist=dic4.txt hash.txt
JTR does not load the hash.
Find
gearjunkie Offline
Junior Member
**
Posts: 8
Threads: 0
Joined: Aug 2014
#9
05-22-2015, 05:12 AM
I had a similar issue. If you downloaded the Window pre-compiled binary then you are unlikely to be using the latest bleeding jumbo. Try this command below and check the results:

Code:
john --list=format-tests --format=scrypt

If the result from the last line looks similar to the output below then it is not the latest bleeding jumbo.

Code:
scrypt  10    SCRYPT:16384:8:1:VHRuaXZOZ05INWJs:JjrOzA8pdPhLvLh8sY64fLLaAjFUwY
CXMmS16NXcn0BhlHpZJ3J2jcozCDM7t+sfjkgQ894R+f+ldVWM5atlkA==      password
Find
blazer Offline
Member
***
Posts: 85
Threads: 15
Joined: Jun 2010
#10
05-22-2015, 07:47 AM (This post was last modified: 05-22-2015, 08:17 AM by blazer.)
Congrats Team Hashcat, you really showed us all how it's meant to be done.

Our team write-up is also up

We had lots of fun!

http://cynosureprime.blogspot.com/
Find
Thread Closed