Posts: 5
Threads: 2
Joined: Aug 2017
Is anyone using Hashcat to play the 1Password Game competiton? (
https://bugcrowd.com/onepasswordgame)
If you are, I'd like some help with the syntax of the command I should be using. I can't get the samples to crack, so clearly I'm missing something
Thanks,
Philip.
Posts: 930
Threads: 4
Joined: Jan 2015
It's after the official period of the challenge, but since people could theoretically keep working on it ...
If you post the syntax you were using, we might be able to help. The hashcat hash mode is -m 10900, if that helps.
~
Posts: 381
Threads: 1
Joined: Aug 2014
05-13-2018, 12:45 PM
(This post was last modified: 05-13-2018, 12:47 PM by Flomac.)
I also tried to verify the samples and failed. Same with the answers of the last challenge.
hash mode -m 10900, -a 0 (straight)
The input hash structure looks like this: "sha256:100000:Salt:Hash"
As a password I used either "word1[space]word2[space]word3" and "word1word2word3".
A sample creation running along side with the other hashes works perfectly.
Don't know if they did something special here.
Posts: 5
Threads: 2
Joined: Aug 2017
I'm looking at this example here:
https://github.com/agilebits/crackme/tree/master/doc
{
"id": "CPU6BAGE",
"hint": "3 words",
"prf": "HMAC-SHA256",
"rounds": 100000,
"salt": "00bb202b205f064e30f6fae101162a2e",
"derived": "91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d",
"pwd": "tanbark artistic callus"
}
1) My test hashfile is this:
sha256:100000:00bb202b205f064e30f6fae101162a2e:91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d
2) My test dictionary has these two lines:
tanbark artistic callus
tanbarkartisticcallus
(I wasn't sure if they were including spaces between the words or not.)
3) I ran Hashcat like this:
/usr/local/bin/hashcat --hash-type 10900 --attack-mode 0 "sample_hash.txt" "test_dictionary.txt"
But it has no success.
Posts: 2,301
Threads: 11
Joined: Jul 2010
as you can see on
https://hashcat.net/wiki/doku.php?id=example_hashes mode 10900 uses base64-encoded data, not hex
Posts: 930
Threads: 4
Joined: Jan 2015
05-13-2018, 09:42 PM
(This post was last modified: 05-13-2018, 11:53 PM by royce.)
Proof of concept:
Code:
# Convert salt and hash from hex to raw and then to base64:
$ echo -n '00bb202b205f064e30f6fae101162a2e' | xxd -p -r | base64
ALsgKyBfBk4w9vrhARYqLg==
$ echo -n '91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d' | xxd -p -r | base64
kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=
# Prepare hashfile in the expected format for hashcat
$ cat test.hash
sha256:100000:ALsgKyBfBk4w9vrhARYqLg==:kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=
# Perform simple attack, piping in expected plaintext. The hash is cracked as expected.
$ echo 'tanbark artistic callus' | hashcat --quiet -m 10900 -a 0 test.hash
sha256:100000:ALsgKyBfBk4w9vrhARYqLg==:kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=:tanbark artistic callus
~
Posts: 5
Threads: 2
Joined: Aug 2017
Posts: 381
Threads: 1
Joined: Aug 2014
05-14-2018, 04:15 PM
(This post was last modified: 05-14-2018, 04:15 PM by Flomac.)
Thanks royce, that did the trick.
Although that 'challenge' is bit less challenging for the cracker than for the hardware. They deliver a wordlist which is easy to combine, but my two GTX980 hover around 13-14k in a quick test and would take years to crack only one password. Even by guessing and assuming you need MUCH better hardware to solve one of these in a reasonably time. Or luck.
Posts: 930
Threads: 4
Joined: Jan 2015
Yep. The only way to make real progress on it would be if multiple teams with lots of cards all cooperated. Which would itself be pretty cool, IMO.
~
Posts: 7
Threads: 1
Joined: May 2018
"The only way to make real progress on it would be if multiple teams with lots of cards all cooperated."
I see, thanks for the tip!