Korelogic Logo Team hashcat has won CMIYC 2014! contact
Back to Top

Note: the contest has ended!

Submitting results

Once you have cracked some passwords or encrypted files, submit them to us in a PGP signed & encrypted email. The payload varies a little depending on what you cracked.

Password hashes

Every time you submit cracked passwords, send us all the plaintexts you have cracked so far, each on one line by itself. Don't include anything else on the lines, such as 'username:plaintext' or 'hash:plaintext', just 'plaintext'. We will verify them, and update the stats page. If you send us junk that's not correct plaintexts, we will assume you are spewing /dev/random at us and shun all future mail from you.

File challenges

For challenges like the VM image, where you have to figure out how to extract hashes and then crack those hashes, just submit the plaintexts for those hashes like you would any other.

Some challenges are a bunch of encrypted files of a particular type (zip, or .odt, or whatever). Submit the decryption passphrases just like any other plaintext. So, one passphrase per line, by itself, and submit all of them every time you submit. Note that this is different from past years, in which there were only a handful of encrypted files, and teams needed to submit "filename plaintext" lines for them.

Submit often

Try not to go too long between submitting updates. One every two hours or so is preferred. We want the stats pages to accurately reflect the progress of the different teams. Besides, a big jump in cracks/points after a long silence could mean that a team has stolen cracks from another team. Of course if you sleep a few hours and miss a couple we will forgive you. But if you go more than 12 hours without an update, we will assume you gave up or died of alchohol poisoning.

But not too often

Do not flood us with submissions. We will assume you are trying to DoS us. We will ignore submissions from a team sent faster than once per five minutes. Sending us more than one per minute will disqualify your team.

Submission feedback

There isn't any. Whether your submission succeeds or fails, you will not get any response from the submission handler. Within 10-20 minutes, the stats page should update to reflect your new totals (unless something caused your submission to be rejected by the handler). We will try to contact teams whose submissions we see fail, but no guarantees if or when we will have time to do so.

Example submission

Here is what a submission process might look like.

$ cat cracked

$ gpg -a -o submission-email.pgp.asc -r sub-2014@contest.korelogic.com \
                                                             -se cracked
$ mail -s "cracked" sub-2014@contest.korelogic.com \
					< submission-email.pgp.asc
Or attach the file keysub-email.pgp.asc to an empty email to sub-2014@contest.korelogic.com, such as if you are using Gmail.

Don't forget to use --default-key 0xDEADBEEF if you created a dedicated PGP key just for this event.

Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2014. KoreLogic Security. All rights reserved