Korelogic Logo
 
 
"Crack Me If You Can" - DEFCON 2010
 
     
 
Back to [Teams] [Top]

Team Insidepro

Graph of Insidepro's score over time

Resources

Active Members 16
Nicks Admin, Comrad777, dda, ErrorNeo, Frank89 (aka FrankTNT), Gray_Wolf, Mastercracker, Mastermind, MoHaX (aka Magggg), proinside, test0815, POLIMO, Tyra, usasoft, User, vector
Countries Canada(1), France(1), Germany(1), Italy(1), Portugal(1), Russia(4), Ukraine(1), Not Specified(6)
Software EGB, PasswordsPro, Saminside, Hashcat, OclHashcat, JTR, Ophcrack
Hardware Roughly, 40 cores' worth of P4 - i7 CPUs, and 20 GPU cores

First, due to problems with messaging/receiving the hashes, we started about an hour late. Once we got our hands on the list of hashes, we split it per hash type and posted in different threads of a private forum. The forum was the communication system between all the team members through posting and PMs.

We did not have a fixed plan and everyone just went with the hash types they were most comfortable with. Two members (1 official and myself since I was in charge of submitting the cracked passwords) were in charge of keeping the lists up to date by posting the "Left to crack" hashes. One of the good thing was that since our members were from different time zones, there was always some cracking and posting going on.

After 8 hours we made a general plan: crack 100% of the LM hash because there's not much guessing in there, and as much of NTLM as possible since the algorithm was the second fastest. After 13 hours, we were in first place. Afer 31 hours, Hashcat was first place and ahead 10,000 points... However we had enough passwords to see patterns. We started to focus on hybrid attack using what we saw as the "basic" password in order to get different passwords, rather than trying to find the same password encrypted in different algorithms which does not give any more points.

Another focus was looking at the hash with usernames that looked like admin and try to crack them. We ended up bruteforcing the whole keyspace 1-7 chars for LM hashes with EGB because rainbow tables were too slow. In the last 2 hours we did tremendous progress by finding patterns and making attacks matching those patterns on NTLM hashes. But we ran out of time.

As a last statement, I must say that having the GPU cracking technology is an undeniable advantage over CPU only but as for CPU, you can have as many core as you want but you still need to know how to use them efficiently in order to get good results.
 
 

Please contact us if you would like more information about our services, tools, or careers with us.
HOME : SOLUTIONS : RESULTS : TOOLS : RESOURCES : ABOUT KORELOGIC
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved