How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Monday, July 9, 2012

Hash Cracking at PHDays 2012: The Hash Runner Competition

PHDays 2012 featured a lot of highly technological, challenging and exciting competitions, but there was one that the visitors hardly noticed – Hash Runner, a competition in hash cracking.

All competitions of this type are characterized with hegemony of a number of teams: hashcat, Inside Pro and john-users, which is not surprising because these are communities of developers, testers and common users formed around most popular hash cracking tools.  And their success is rooted not only in years of experience, good training and unity of teams, and accessibility of formidable computer powers, but in the ability to modify  the tools in the real time mode in response to ever changing circumstances.

All the above-mentioned teams took most active part in Hash Runner at PHDays 2012. For two days the contestants fought for a useful prize - an AMD Radeon HD 7970 graphics cards.


The competition was open for any Internet user. All in all, there were 19 participants from various countries participating.

The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.

It's all simple: you have a number of hashes of various types and two forum days (the competition started at 10:00 a.m. on May 30 and ended at 6 a.m. on May 31) to crack as many as possible.


The participants of the competition were from different countries. The main rivals were InsidePro Team 2012, teardrop and Xanadrel.


To win the competition, the participants were to figure out password generation rules.  The generation used dictionaries in different languages, as well as name dictionaries.  The first rule guessed by the participants was a dictionary word repetition, for example:


Each hash types contained a certain number of passwords generated according to the same rules. Thus, by guessing a password to a hash encrypted with a simple algorithm and figuring out its generation algorithm, one could apply the knowledge to the rest positions in the list and guess passwords to more complicated hashes.

It was good thinking, and not good guessing, that gave the push to the three leaders.

Each team used its own tactics: one tried to brute force the passwords to the most complicated hashes, thus scoring more points, another, on the contrary, tried to outrun their rivals in the number of successfully hacked hashes, focusing on plains.

The leaders gave dust to their competitiors.

Xanadrel (France), who used to paly for Hashcat, decided to play a one-man game this time and fought on its own.

Hardware he used for the competition included PC (i7 950, 1x 5770 and 1x 7970) and i5 2300k core for 4 LM hashes.

Software tools:
  • Hashcat
  • oclHashcat-plus
  • ophcrack
  • rcracki_mt
  • passwordspro
  • maskprocessor
The passwords were cracked by wordlist attacks and generation of basic/common rules in hashcat and passwordspro for the GOST hashes. During the entire competition, the contestant wasn’t able to hack not a single DES, neither phpbb3, ssha, or wordpress hash (they were unusually long and hashcat failed to crack them).

It was not until the end of the competition when Xanadrel thought of bruteforce attacks and managed to get a couple of passwords like 6{x#_a or 9Mv)0. Besides, there were passwords of the dd<month>yyy type (for example, 08march1924). For this cases, the contestant had to create rules for appending/prepending the year/day and a wordlist with months only.

Xanadrel's original write-up

Unlike Xanadrel, who chose to fight on his own, the guys from Insidepro teamed up. Their strategy was simple: try attacking any algorithm wherever possible using whatever technique was handy (a bruteforce attack, dictionaries).

The list of hardware and software tools used by the team:
Note: Since most of the team members could contribute only when they had time to it, the listed tools were not used continuously during the competition days. Only a part of the hardware/software was used at once.

Most of the times, the participants relied on tools they developed themselves, such as nsidePro’s  Extreme GPU Bruteforcer, PasswordsPro and others because they support the saltless Wordpress and phpBB out of the box. However, right in the middle of the contest, one of the team members managed to patch JtR to support these saltless hashes, thus enabling more successful attacks.

For the details, see the details in the Insideproteam's write-up

Another leader of the competition was Teardrop, formed specially for the competition by those Hashcat, who were not able to take part in it. The team used the following software:
  • Hashcat
  • oclHashcat-plus
  • oclHashcat-plus custom build to crack saltless PHPass and DCC2
  • Hashcat-utils and Maskprocessor
  • John the Ripper
  • rcracki_mt for LM
  • PasswordsPro for GOST
In the run of the challenge, the team members had to make some modifications to oclHashcat-plus and John the Ripper to load the PHPass and BFcypt hashes.  The full story you will find on the Hashcat forum.


Some fancy graphs.

The first one depicts participants' progress in time:

It should be mentioned that in such competitions participants usually try to send their answers as late as possible to confuse the rivals.

Teams progress in hash cracking:

The following types of hashes were the easiest for the teams to crack:

Top-5 Teams


InsidePro Team 2012





The final part of the competition proved to be the most tensed; the winner was decided within the latest minutes. The participants stopped their programs in a few minutes before the end to send all the passwords they had managed to brute force.

InsidePro Team 2012 held the leading position for a long time, but Teardrop were able to make a final push and leave them 11,000 points behind.  Here is the winner's stand:

1. Teardrop (Hashcat)
2. InsidePro Team 2012
3. Xanadrel

Note that the winners managed to bruteforce passwords only to 11% of the hashes.

All the participants were awarded by the organizators and sponsors of the event. The special prize, an AMD Radeon 7970 graphics card, was presented to Teardrop (Hashcat). Our congratulations to the teams!

P.S. Visit the official blog of the PHDays forum to find the links to video and slides of the presentations.

No comments:

Post a Comment