How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Monday, July 9, 2012

Hash Cracking at PHDays 2012: The Hash Runner Competition

PHDays 2012 featured a lot of highly technological, challenging and exciting competitions, but there was one that the visitors hardly noticed – Hash Runner, a competition in hash cracking.

All competitions of this type are characterized with hegemony of a number of teams: hashcat, Inside Pro and john-users, which is not surprising because these are communities of developers, testers and common users formed around most popular hash cracking tools.  And their success is rooted not only in years of experience, good training and unity of teams, and accessibility of formidable computer powers, but in the ability to modify  the tools in the real time mode in response to ever changing circumstances.

All the above-mentioned teams took most active part in Hash Runner at PHDays 2012. For two days the contestants fought for a useful prize - an AMD Radeon HD 7970 graphics cards.

Rules

The competition was open for any Internet user. All in all, there were 19 participants from various countries participating.

The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.

It's all simple: you have a number of hashes of various types and two forum days (the competition started at 10:00 a.m. on May 30 and ended at 6 a.m. on May 31) to crack as many as possible.

Participants

The participants of the competition were from different countries. The main rivals were InsidePro Team 2012, teardrop and Xanadrel.

Strategies

To win the competition, the participants were to figure out password generation rules.  The generation used dictionaries in different languages, as well as name dictionaries.  The first rule guessed by the participants was a dictionary word repetition, for example:

fayettefayette
jeweljewel
hamlethamlet

Each hash types contained a certain number of passwords generated according to the same rules. Thus, by guessing a password to a hash encrypted with a simple algorithm and figuring out its generation algorithm, one could apply the knowledge to the rest positions in the list and guess passwords to more complicated hashes.

It was good thinking, and not good guessing, that gave the push to the three leaders.

Each team used its own tactics: one tried to brute force the passwords to the most complicated hashes, thus scoring more points, another, on the contrary, tried to outrun their rivals in the number of successfully hacked hashes, focusing on plains.

The leaders gave dust to their competitiors.

Xanadrel (France), who used to paly for Hashcat, decided to play a one-man game this time and fought on its own.

Hardware he used for the competition included PC (i7 950, 1x 5770 and 1x 7970) and i5 2300k core for 4 LM hashes.

Software tools:
  • Hashcat
  • oclHashcat-plus
  • ophcrack
  • rcracki_mt
  • passwordspro
  • maskprocessor
The passwords were cracked by wordlist attacks and generation of basic/common rules in hashcat and passwordspro for the GOST hashes. During the entire competition, the contestant wasn’t able to hack not a single DES, neither phpbb3, ssha, or wordpress hash (they were unusually long and hashcat failed to crack them).

It was not until the end of the competition when Xanadrel thought of bruteforce attacks and managed to get a couple of passwords like 6{x#_a or 9Mv)0. Besides, there were passwords of the dd<month>yyy type (for example, 08march1924). For this cases, the contestant had to create rules for appending/prepending the year/day and a wordlist with months only.

Xanadrel's original write-up

Unlike Xanadrel, who chose to fight on his own, the guys from Insidepro teamed up. Their strategy was simple: try attacking any algorithm wherever possible using whatever technique was handy (a bruteforce attack, dictionaries).

The list of hardware and software tools used by the team:
Note: Since most of the team members could contribute only when they had time to it, the listed tools were not used continuously during the competition days. Only a part of the hardware/software was used at once.

Most of the times, the participants relied on tools they developed themselves, such as nsidePro’s  Extreme GPU Bruteforcer, PasswordsPro and others because they support the saltless Wordpress and phpBB out of the box. However, right in the middle of the contest, one of the team members managed to patch JtR to support these saltless hashes, thus enabling more successful attacks.

For the details, see the details in the Insideproteam's write-up

Another leader of the competition was Teardrop, formed specially for the competition by those Hashcat, who were not able to take part in it. The team used the following software:
  • Hashcat
  • oclHashcat-plus
  • oclHashcat-plus custom build to crack saltless PHPass and DCC2
  • Hashcat-utils and Maskprocessor
  • John the Ripper
  • rcracki_mt for LM
  • PasswordsPro for GOST
In the run of the challenge, the team members had to make some modifications to oclHashcat-plus and John the Ripper to load the PHPass and BFcypt hashes.  The full story you will find on the Hashcat forum.

Statistics

Some fancy graphs.

The first one depicts participants' progress in time:


It should be mentioned that in such competitions participants usually try to send their answers as late as possible to confuse the rivals.

Teams progress in hash cracking:


The following types of hashes were the easiest for the teams to crack:


Top-5 Teams

Teardrop


InsidePro Team 2012


Xanadrel


John-users

Xyzxyz


Winners 

The final part of the competition proved to be the most tensed; the winner was decided within the latest minutes. The participants stopped their programs in a few minutes before the end to send all the passwords they had managed to brute force.

InsidePro Team 2012 held the leading position for a long time, but Teardrop were able to make a final push and leave them 11,000 points behind.  Here is the winner's stand:

1. Teardrop (Hashcat)
2. InsidePro Team 2012
3. Xanadrel

Note that the winners managed to bruteforce passwords only to 11% of the hashes.

All the participants were awarded by the organizators and sponsors of the event. The special prize, an AMD Radeon 7970 graphics card, was presented to Teardrop (Hashcat). Our congratulations to the teams!

P.S. Visit the official blog of the PHDays forum to find the links to video and slides of the presentations.

39 comments:

  1. Thanks for the it is all great comment in the post.

    ReplyDelete
  2. Thanks that is best posts see more like Freedom APK

    ReplyDelete
  3. I had to write something similar in my thesis introduction few weeks ago. It's great that I read https://pro-academic-writers.com/blog/thesis-introduction before writing so it was still good enough.

    ReplyDelete
  4. Therefore one you could count Mixcloud on for creating the Android TV Box top box in the Get brand new Android TV Box house is really ergonomic Best Android TV Box as you just need to plug visit website as well as play.

    ReplyDelete
  5. There’s no better service on the market other than Essays Tigers that can fully cater to students’ custom essay writing needs. Our writers’ mastery and craftsmanship when it comes to writing allow them to produce impeccable and flawless results for all essay writing projects via our Custom Essay UK services.

    ReplyDelete
  6. Essay Writing Library is the best essay writing service UK that is presently available on the internet. Students who are constantly pressurised to meet strict deadlines are frequently found to avail their Best Online essay help. This academic forum has hired possibly the most experienced and skilled writers on board.

    ReplyDelete
  7. Range anxiety and lack of chargers are two huge barriers to EV adoption. But could solar power finally solve both problems? We take a look Tracy Isselhardt

    ReplyDelete
  8. It is convenient to access Top Essay Writing from Online Essay Writer at some clicks on your personal computer from Best Writing Services.

    ReplyDelete
  9. Quickbooks books is an accounting software used to maintain or create accounts details and records for business and firs, if you are new you can learn how to use Quickbooks by QuickBooks help guide and in case you need any help just ask for Quickbooks assistance

    ReplyDelete
  10. QuickBooks Enterprise Support Phone Number is available 24/7. If timely solution is not given to the company users of Quickbooks on occurring of any malfunction or glitch then there can be huge loss to them. These loss can be prevented from happening by the use of Quickbooks Support Phone Number. This Quickbooks customer Support Amount is actually very helpful for the one who need immediate solution for their problems. QuickBooks Enterprise Support comes out to be useful for every Quickbook user. The practice of book keeping and payroll management isn't simple as the danger of error always stays inside. As the professional services of Quickbooks differs so are the help systems and system. Weather it is the setup of a new Quickbook software or need of troubleshoot within an existing one, consumer can only dial up the QuickBooks Enterprise Support Number and avail the Quickbooks Customer services.

    ReplyDelete

  11. Click the Link and Download the Brother driver from solutions.brother.com/windows & If do you need any help to setup the Brother Printer driver .Meanwhile you can call at number for instant assistance . our 24/7 team is always available for assistance.

    ReplyDelete

  12. AS if you are facing any issue in canon Printer Driver .Dn’t worry to about support.you can ask to our canon technician to transfer the call to canon Printer support Phone Number.You can also download the Brother Printer Driver from canon.com/ijsetup or www.canon.com/ijsetup

    ReplyDelete
  13. Use the best security software McAfee for your system protection. it provides the best threads and cyber protection. it has automatically detected the spam in your system. you can use it for your betterment. mcafee security

    ReplyDelete
  14. Webroot antivirus, internet security, and identity protection. Webroot SecureAnywhere® Mobile Free keeps you secure when browsing, shopping and banking.
    www.webroot.com/secure | webroot.com/secure |
    Install Webroot With Key Code

    ReplyDelete
  15. Dragon NaturallySpeaking software is a speech recognition program that allows the user to speak into a microphone on a computer with the software translating
    dragon naturally speaking | dragon naturallyspeaking

    ReplyDelete
  16. You can get it from avg to protect your identity. Browsers also contain cookies which track user’ location, id, and much other information and can be harmful so that AVG AntiTrack can protect you.
    For some devices, during installation, AVG AntiTrack may show SQL Error, which cannot let you use the application and so we have discussed the blog here.
    install avg with license number
    AVG antivirus is the security program that works after it’s activation with avg retail. It requires an activation product key to activate AVG’s working and to protect your operating system. www.avg.com/retail | avg.com/retail
    avg download

    ReplyDelete
  17. Trend Micro is one of the largest providers of internet and antivirus security in the world with over 250 million users. The company’s antivirus protects you from malware, email scams, and even ransomware, which is become more dangerous every day. www.trendmicro.com/bestbuypc |Trend Micro Geek Squad | www.trendmicro/bestbuypc

    ReplyDelete
  18. canon printer setup into your pc, your system does not need to install the driver on it. Canon printer that can be downloaded via page is the best wireless printer that you can connect to your device and print data smoothly. canon.com/ijsetup
    CD is not the well-suited technique to use canon.comijsetup setup installation for longer.

    ReplyDelete
  19. eset internet security can be installed quickly on each device if the user follows the correct procedure. You can follow the instructions below to install the setup on your devices such as Windows PC, Mac, or mobile device. www.eset.com/ca/download Best IT security solutions for your home and business devices.

    ReplyDelete
  20. office.com/setup-Nowadays businesses are not restricted by geographical barriers, which calls for a universally used program in every office premise. This is where Microsoft Office comes in as it is used widely in the offices all around the globe. Every industry and sector avails the esteemed apps and features of MS Office; be it schools, hospitals, offices, or banks. Microsoft Office also known as Office is a family of premium customer software manufactured and distributed by Microsoft.

    ReplyDelete
  21. Sign in to enter your item key, get to your record, deal with your membership, and stretch out your Norton security to PC, Mac, Android, and iOS gadgets. On the off chance that you don't as of now have a Norton account, make one today. Welcome to Norton . Sign in to enter your item key, get to your record, deal with your membership, and stretch out your Norton security to PC, Mac, Android, and iOS gadgets.For more information visit norton.com/setup

    ReplyDelete
  22. norton.com/setup-Norton is undoubtedly the best antivirus software developed by the Symantec Corporation. It is available for every device like Mac, Windows, and even Android, as well. Most importantly, it offers lots of advanced features that include three types of scans (Quick, Full system, and Custom scan), and speak to the real person in support as well.

    ReplyDelete
  23. Quickbooks provides best accounting experience for all the user who are looking for accounting software so you can use Quickbooks which comes with some advanced features and in case of any issue you can contact Quickbooks support and ask them for Quickbooks tech support.

    ReplyDelete
  24. Quickbooks is a tech assistant provider company that provides tech assistance for all tech-related issues in Quickbooks books as in case you face any issue in the software you can contact Quickbooks tech support and ask them for Quickbooks support

    ReplyDelete
  25. Microsoft Office Which Is A Part Of Office.Com/Setup, That Is An Exclusively Designed Program That Is Helping Corporate And Education Sectors For So Long. You Cannot Go A Single Day Without Using It To Accomplish Your Work-Related Tasks.

    ReplyDelete
  26. McAfee antivirus is the threat defender program that the user can activate at mcafee activate card URL. Its individual, household, and multi-device subscriptions, Theft Protection as well as online & offline virus protection.
    www.mcafee.com/activate

    ReplyDelete
  27. Dragon NaturallySpeaking 13 Home speech recognition software lets you - quickly and accurately - using your voice.
    dragon naturally speaking | dragon naturallyspeaking

    ReplyDelete
  28. Mcafee security is enhanced through a Xerox and McAfee security system to help protect against threats to your confidential data. Read how.
    mcafee activate product key | mcafee.com/activate product key | mcafee com activate product key | mcafee activation key | mcafee com activate uk

    ReplyDelete
  29. Quickbooks provides best accounting services as through this you can create or manage your business accounts details and records of tax bills, payments, transactions, etc online in fast and easy and way and in case you need any help assistance you can contact them by Quickbooks support number and ask for Quickbooks assistance

    ReplyDelete
  30. Hi, this is such a great and informative blog for me. I am very happy after reading it. I have also a blog regarding ,Quickbooks Customer service, you can visit this site and can give me suggestion to improve it.

    ReplyDelete
  31. https://www.taxmimic.com/quickbooks-support/

    QuickBooks is a popular choice of many business proprietors as it permits to save much of time and keep all finance-related information organized. However, in case you or your accountants have never used it before, you will have to talk to QuickBooks technical support services to learn how to get the maximum out of this software. Also, you may encounter various technical issues at the same time as the use of this software. This is where Quickbooks support can help you.

    ReplyDelete
  32. McAfee service offers trusted safety to protect data and devices. So, you can shop, surf & keep all your devices safe online with the convenience of a single subscription.
    www mcafee activate | mcafee login my account |
    www mcafee com login
    mcafee livesafe login | my mcafee account |
    mcafee activation code |
    mcafee.com my account

    ReplyDelete
  33. Quickbooks software very popular software. that software cloud-based software manage your business data anytime anywhere.
    https://www.softqon.com/quickbooks-online/

    ReplyDelete
  34. if you are using McAfee activate and looking for product key then you can visit our website where you will get the full information related to it. if you are facing any kind of error while using
    mcafee.com/activate then you can visit our website and share your problem with our technical assistant. and if you not installed any antivirus in your system then install it now. it provides maximum protection to your data from thread and viruses.

    ReplyDelete
  35. Quickbooks one of the new era that manages your business Account. Quickbooks popular Cloud-based Business Account. If you have any problem related to your Business Account visit Quickbooks Online Support

    ReplyDelete
  36. if you are facing any kind of error while using McAfee activate then you can simply visit our website where we cover all-most each and every error in details, also you can get help from our technical assistant. we are 24*7 available for our users.

    ReplyDelete