Korelogic Logo
 
 
"Crack Me If You Can" - DEFCON 2010
 
     
 
Back to [Teams] [Top]

Team Bill E Ghote

Graph of Bill E Ghote's score over time

Resources

Members 1
Nick bill_e_ghote
Software John the Ripper, OphCrack, RainbowCrack, custom mutation scripts
Hardware One HP 8440p laptop (dual core i7 M)

Thoughts

I did not prepare at all for the event, and only learned about it on Thursday when I picked up my DefCon badge. I should pay more attention, probably. I also did not get the hashes until late in the day Friday, so I did not take advantage of the full time window. My score would have been somewhat better, but not substantially more competitive due to my lack of available hardware. In fact, I knew that I was at a disadvantage and fully expected to come in dead last. That I did not says something about the other participants, for sure. To quote a bumper sticker I saw recently: Try Harder!

My own approach was to use JtR to crack each of the hash types using my existing pot file to seed the rest of my effort. I let JtR continue to run in incremental mode in parallel sessions, while at the same time running OphCrack in batches of 10 against the LMNT hashes. I used custom shell scripts to mutate the cracked passwords and cross-feed the mutated data back into JtR wordlist sessions against each of the hash types. Due to my own limited hardware, I was forced to stop the incremental cracking against the harder hash types (blowfish, md5, Oracle). In fact, after a bit, I stopped all the incremental sessions and simply focused on OphCrack, feeding the results back into JtR.

Rather late in the competition time window, I realized that OphCrack was dumping the : character as a non-ASCII character, which JtR did not appreciate. Converting that to the : character would have improved my results had I gotten there before the contest window closed.

The poor HP laptop was hurting bad from all the active processes. RAM was not a constraint as much as available CPU. Keeping them spun up at 100% taxed the cooling system. I let processes run while I took the laptop with me to watch presentations at the con. If I had not connected to AC power while there, I would not have made it two hours on the battery - the same battery that typically stays up over four hours on a light load. Server hardware would definitely be better suited for the contest, to restate the obvious.

If we do it again next year and I manage to get back out to Vegas, I'll do it right. Might even invite some friends along for the party. There should be a party, too.






 
 

Please contact us if you would like more information about our services, tools, or careers with us.
HOME : SOLUTIONS : RESULTS : TOOLS : RESOURCES : ABOUT KORELOGIC
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved