Friday, August 05, 2011

KoreLogic 2011 Crack Me If You Can

Due to a lot of family-type things happening around the BlackHat/Defcon/CCC dates I have been unable to attend. Usually it's work that precludes the "having fun in 120 degree Las Vegas weather."

Thankfully KoreLogic has given non-attendees the chance to play in their "Crack Me If You Can" game for Defcon! Hooray! 48 hours of unadulterated power consuming, hash generating, text file management, pgp encrypting and general usage of unused computing cycles!

This year I decided to devote a few hours to this contest while the wife and baby sleep. I'll be writing some updates as I get some time on how things are going. It's now been a little over an hour since I started so here's where things stand.

On Your Mark
Pre-registration involved generating a PGP key (if you didn't already have one) and sending it off to KoreLogic's scoring server for verification. This was easy if you've spent any time doing encrypted communication exchanges.

Get Set
While I waited for the contest to start I made sure I had all my tools and systems ready. This would be the chance to help prove out the expenditure of NVidia GTX580 cards, high-end CPUs, RAID disk space, etc. Since I'm running in an even shorter timeframe (and smaller team size... of one!) early preparation was key.

Tools I planned on using:

  • John the Ripper, latest jumbo patches and GPU patches if time and code permitted
  • The oclHashCat suite
  • Misc rainbowtables collected over the years
  • Misc wordlists collected over the years
Molly wakes me up at 5:50am on Friday morning for her regular feeding... 20 minutes of extra sleep! I check my e-mail and am excited to see the encrypted contest e-mails in my inbox. A quick pgp decryption and the URLs to download are shown. Hooray!

Oops, based on the CMIYC twitter feed they had generated some weak hashes. Use the two files instead of the first one. Ok!

Down they come with wget.... Hmm, zip files. No problem! Take a peek with 'unzip -v' and the contents look pretty good. Time to get rolling...
~/korelogic-2011/test$ unzip ../  
Archive:  ../
   creating: contest_tree/challenge1/
[../] contest_tree/challenge1/ password: 
Oh. Of course it's going to be password protected. But it's pretty easy to guess if you take a step back and think about it.

Two hours in...
4066 password hashes cracked, 123780 left
A long way to go still... Right now I'm basically not caring about the scoring points and going after "low-hanging passwords" using a very large dictionary, JTR's stock rules and patience. Some high scoring hashes may be cracking, I don't really know right now.. Time to feed the baby again.

No comments: