Korelogic Logo
"Crack Me If You Can" - DEFCON 2010
Back to [Teams] [Top]

Team Rippin and Tearin

Graph of Rippin and Tearin's score over time


Members 2
Handles epixoip, L10n
Software John the Ripper, ophcrack
Hardware One Quad-core AMD Phenom II X4 965, overclocked to 4.2 GHz

Rippin and Tearin had two team members (epixoip and L10n) and used one AMD Phenom II X4 965 (quad-core, overclocked to 4.2Ghz) running Debian Squeeze x86-64. Although the system is tri-SLI capable, no GPUs were used as I haven't bought any CUDA-capable cards for the system yet.

Tools used were JTR with the RockYou .chrs (I downloaded them when you released them back in February or so) and several large dictionaries, including some pre-mangled dictionaries. Approximately 860 of the hashes were in our dictionaries, and I made a few custom targeted dictionaries based on analyzing the brute forced hashes (particularly the month-year and season-year patterns), which allowed us to grab about 40 more hashes. We also used ophcrack on the LM hashes with XP_Free_Fast rainbow table. Approximately 350 of the hashes were in that rainbow table. All other passwords were found via brute forcing. We tried keeping the CPU load around 8.00, with each core brute forcing two types of hashes. This was acheieved by splitting the hash file into several smaller files of each hash type, and executing a jtr session against each hash type.

The main focus was on the LM, SHA, SSHA, and Oracle hashes since we knew those would be the fastest to brute force with limited CPU. We never event attempted the Blowfish hashes as we knew they would take forever to brute force, and we bruted the salted MD5 hashes last since we knew they would go slowly as well. We were quite surprised that we couldn't get even one of the Oracle hashes since these are known to be weak hashes and were computing rather fast. I'm surprised none of the other teams got any as well, although purehate from hashcat /msg'd me on Freenode to ask what the hell those hashes were :P So maybe the other teams didn't know they were Oracle hashes and never attempted them.

We knew we really didn't have a shot at winning since we didn't have any massively-parallel computing power and entered the contest 16 hours after it began, but we had several reasons for entering:

  1. To provide a solid baseline for traditional cracking methods vs modern methods used by the winning teams. We believe that our progress vs the progress of hashcat and insidepro provides a measurable delta for the evolution of password cracking.
  2. To test the effectiveness of our dictionaries and mangle rules, with the anticipation of the release of your new rules.
  3. To have a little bit of fun, and get a free t-shirt :D
That said, we weren't the least bit disappointed to come in 15th place. I think that cracking 2,629 hashes in 36 hours using conventional methods on desktop hardware isn't too shabby. If you hold the contest again next year, we'll be back with a 4TFLOP GPU cluster ( 3x GeForce GTX 480 ) or better, and some better mangled dictionaries.

Thanks a ton for holding this contest, it was a blast! And thank you very, very much for releasing the RockYou .chrs and JTR rules files!

~ epixoip


Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved