[EN]
TL;DR
What's that? CrackMeIfYouCan on DEFCON is one of the most popular hash cracking contests in the wild. Best teams in the world compete on a 48h challenge to crack as many hashes as possible. The are 2 classes of competitiors - Pro and Street. We played under AlphaPwners team in Street category, and finished on 5th place. Last year, we got the 4th position.
Congratulations to Goolickers, Crevasse, VivaLaFaRT and StrongWind! GG!
0 - The setup
We were cracking the contest hashes using hashcat and it's distributed brother - hashtopolis. Few file-hashes were also cracked by john.
Our setup included:
2x RTX5000 @ Paperspace
1x RTX3090
2x K80 @ Azure
1x RTX3080
1x RTX3080Ti Mobile
1x RX5600 Mobile
1x RTX3050 Mobile
1x GTX960
1x GTX1660Ti
1x GTX1050Ti
1x GTX750Ti1 - Get the hashes
All of the hash sets this year (except yescrypt) were cheap, fast, unsalted (or fixed-salt) hash types; the primary challenge wasn't cracking the password hashes, it was cracking the encrypted containers bundling them up in order to get to the hashes.
https://contest-2022.korelogic.com/stats-hashsets.htmlIf you've ever been on a pentest and harvested dozens of PASSWORDS.XLS and AccountInfo.zip off of users desktops, you know the value of cracking a variety of encrypted artifacts in a hurry. Various encrypted container file types were used, each containing hashes using a different weak cipher, of plaintexts that used one or more unique combination of source material (wordlist) and mutation rule(s).
https://contest-2022.korelogic.com/stats-hashsets.html
Grab the hashes to crack
Each class of competitors got a different set of encrypted files. Cracking the password to the file revealed hundreds of hashes to crack for contest points. The encrypted files on Street category were: 7z, gocryptfs, rar, zip, KeePass, soffice, PDF, zip and gpg.
The table below showes the hashes type to crack
| Bundle | List | Hash Type | Points Each | Count | Total Points | Cracked |
|---|---|---|---|---|---|---|
| 7z | list20 | raw-sha384 | 46 | 10004 | 460184 | ~92% |
| gocryptfs | list13 | raw-sha512 | 43 | 2803 | 120529 | ~55% |
| rar | list14 | mysqlna | 17 | 4214 | 71638 | ~91,5% |
| zip | list19 | raw-sha256 | 13 | 4997 | 64961 | ~30% |
| KeePass | list11 | mssql05 | 9 | 10812 | 97308 | ~80% |
| soffice | list18 | raw-sha1 | 5 | 5455 | 27275 | ~80% |
| list24 | nsldaps | 5 | 2000 | 10000 | 100% | |
| zip2 | list16 | half-md5 | 3 | 2766 | 8298 | ~64% |
| GPG | list17 | raw-md5 | 1 | 2933 | 2933 | ~78% |
The container files were cracked using hashcat and john. First, the container-hash to crack was extracted using proper _2john tool such as rar2john or zip2john and then passed to hashcat or john.
The hashes were cracked using standard dictionaries like rockyou or password.lst and/or using the filename as password hint.
Example: the filename 1991whattimeisit refered to a What Time Is It? song by Spin Doctors from 1991 and the file password (answer) was directly in the lyrics - Four-thirty. Other passwords were connected to Wargames, Hackers and Swordfish movies, books and internet articles. The hints were also useful to determine on which resource a hashlist inside was based on.
2 - Let's get the party started
When you get over 40000 hashes to crack, you have to start somewhere. Our classic start while working on new hashlist is to use a few popular, mostly small dictionaries with popular ruleset + some simple bruteforces. This technique doesen't win the contest of course, but it helps you figure out what's going on.
The classic start dictionaries are:
rockyou.txt
rockyou2021.7z
weakpass_3
Top1pt6M and Top2Billion form Probable Wordlists
facebook-firstnames.dic.gz
facebook-lastnames.dic.gz
final-en-wikipedia.dic.gz
JOHN.dict.KeyboardCombinations.txt
Crackstation dictionaries
zxcvbn.txt
hashesorg2019
passphrases.txt
packetstorm.txt (combine)And the rules are:
OneRuleToRuleTheAll
T0XICv1
pantagrule.private.v5.popular
pantagrule.private.v5.hybrid
pantagrule.private.v5.one
ProbWL-547-rule-probable-v2.rule
dive.rule
passphrase-rule1.rule
passphrase-rule2.rule
squid1m.ruleaaaaand one more thing. Get yourself an English dictionary. Even a simple dictionary + rules can work wonders. More cracking tips with this method are described at the end, as Tip #0.
Hashlists
Movies
RAW-MD5 - Wargames movie
After classic start it was already obvious, that the hashlist was based on Wargames movie script. The title and file hint were also referring to this movie. Using Wargame movie script as ditctionary + some rules and tricks (more below) almost 2300 hashes were easily cracked. We did not further invesigate this hashlist, because of low value (only 1p per hash).
HALF-MD5 - Hackers movie
Case similar to RAW-MD5, however only very late in the contest we realized that this could be based on some movie. Most of the cracks here were using hashesorg2019 and rockyou + Tip#1 (below).
RAW-SHA256 - Swordfish movie
We didn't realize that this hashlist was based on Swordfish movie, despite the file hint and cracked passwords. Probably this was the mistake that pushed us to 5th position. Many hashes were cracked using classic start and appending number 22 at the end.
Books
MSSQL05 - The Cuckoo's Egg book
Case again similar to RAW-MD5 - when classic start cracked a NSAHoncho password, a quick google search revealed a book on google books - https://books.google.com/books?id=9B1RfCAar2cC . Then, the case was similar: download the book, make a dictionary, win. Next, please.
MYSQLNA - The Shockwave Rider book
Almost the same thing as MSSQL05 - however the password, that got us to google books was something related with the word Freeman. Tip#2 was very useful here.
Other
NSLDAPS - Leaked passwords
This was even easier - classic start revealed that these were some leaked password with 2022 added at the end. Quick rule, and 100% cracks were here under 15 minutes.
RAW-SHA1 - ????
We don't know what happened here. We used classic start, some bruteforcing and an English dictionary. We don't know what was the base for this hashlist.
RAW-SHA384 and RAW-SHA512
After the competition we got a hint that these hashlists were related to the article https://gizmodo.com/stop-the-steal-hacker-homecoming-queen-charged-as-ad-1846822348 (which btw, helped us with the container file password - oh, the irony) and https://github.com/jbarke/textfiles.com/blob/master/textfiles.com/groups/CDC/cdcindex.txt We didn't realize it back then, but we cracked many hashes anyway.
SHA-384 had only a few password-formats. Knowing the base-word, hundeds of hashes were easily cracked using a mask of ?a?a?aBASE_WORD_HERE?1?1?d?d?d?d?d?d where ?1 was a digit, and !or a @ sign. Most of the times it was a word plus one, two or zero ! and @ signs plus a few numbers at the end. Tip #0 helped us a lot here.
SHA-512 was cracked mostly with using the Tip #0 with English words + rockyou and using some leet rules.
TIL + Tips & Tricks
Tip #0 - The best password-cracking dictionary for this year contest? The English dictionary. Download English ditionaries from the web, combine them, remove duplicates. Make copies, where all words are uppercase, and capital case. Combine into one dictionary. Then, you can use it with rules, and in
1hashcat combinator mode, combining many words with each other. You can make advanced versions, where each word is prepended with a number or make a dictionary which consists of 2 English words combined - with different casing and special chars appended/prepended/between. Works like a charm. Want more? Look here: https://github.com/travco/rephraserTip #1 - Leave your weakest machine running in an infinite already cracked-cracking loop. You can complete this task in many ways.
You can manually write a bash script, that will dump already cracked passwords and pass them as a wordlist input in hashcat. Then, add some popular rules (probably
OneRuleToRuleThemAllor somepantagone), some auto-generated ones with-g 1000000and try to append and prepend the-i ?a?a?amask before and after the cracked hash.Or you can use
--loopbackoption in hashcat.
--loopback: re-use the plains/passwords that did crack a hash, e.g. apply some rules - after the first run - to the modified and matching plains. This kind of looping will only stop if no more plains match. https://hashcat.net/wiki/doku.php?id=frequently_asked_questionsIf there are some similar passwords to these, that you have already cracked - you got this.
Tip #2 - Look at passphrase cracking techniques here - https://github.com/initstring/passphrase-wordlist
Landscape After the Battle
Here are some screens from our hashtopolis server:
