Back to:
Top Teams
cmu
Resources
| Active Members
| 7
|
| Software
| john-1.7.9-jumbo, ocl/cudaHashcat-1.21,
Markov guesser [1],
hashcat-0.47, P.A.C.K.
|
| Hardware
| 262 CPU core-threads, 18 GPUs
|
Members
- 3 Carnegie Mellon University (CMU) Ph.D. students
- 1 CMU Master's student
- 1 Pittsburgh area high school student
- 1 CMU staff member
- 1 non-CMU password researcher (MWR Labs)
Most of the members of the team are part of the CMU passwords research
group and were recruited in an ad hoc process a few months prior to
the contest. Two weeks before the contest, we had amassed a list 10
students who were willing to give at least a nontrivial amount of time
towards the team effort. By the time of the contest start, however,
personal and/or school obligations prevented 4 team members from being
able to participate at all. Thus, we started the contest with 6 team
members. A seventh player from MWR Labs, who had been a "maybe"
originally, joined us quite late in the contest. It is worth nothing
that of the 6 core participants, only two had ever used an
off-the-shelf password cracking tool (such as John the Ripper or
hashcat), because our research group typically performs adversarial
modeling without the need for password hashing. In essence, only two
of us had ever cracked a hash before, though most of us had conducted
research into human behavior in creating passwords.
Hardware
| CPU
| Physical/Logical
Cores Each
| Quantity
| GPU
| Quantity
|
| Intel i7-3770
| 4/8
| 1
| AMD Radeon HD R9 290x
| 2
|
| Intel i7-4850HQ
| 4/8
| 3
| AMD Radeon HD R9 270
| 7
|
| AMD Opteron 6274
| 16/16
| 8
| AMD Radeon HD 7870
| 1
|
| Intel Xeon E5-2670 (AWS)
| 4/8
| 6
| NV Quadro 600
| 1
|
| Intel i7-950
| 4/8
| 1
| NV Quadro K520 (AWS)
| 6
|
| Intel i7-4770
| 4/8
| 2
| NV Geforce 9800 GT
| 1
|
| AMD A8-3870K
| 4/4
| 1
|
|
|
| Intel Core2Duo P8700
| 2/2
| 1
|
|
|
| Intel i7-3820QM
| 4/8
| 1
|
|
|
| Intel i7-2600
| 4/8
| 1
|
|
|
| Intel i3-2330M
| 2/4
| 1
|
|
|
| AMD Phenom II X4 970
| 4/4
| 1
|
|
We used a mixture of research machines and our personal machines, all
with permission, as well as four older GPUs loaned from friends.
There was about a 50-50 ratio of desktop to laptop computers. One of
our team members spent personal funds to rent out a machine on an
Amazon AWS cluster to make up for not owning any appropriate
hardware.
Software
- john-1.7.9-jumbo
- ocl/cudaHashcat-1.21
- Ma et al.'s Markov guesser [1]
- hashcat-0.47
- P.A.C.K.
High-Level Strategy
Each member was assigned several computers to manage. After figuring
out what each file's hash type was, we used an ad hoc distribution
approach with one member taking the lead and delegating tasks to other
members. Because our team size was small, this approach worked fairly
well, but predictably led to many task redundancies, idle processors,
and overall wasted time. For example, many of our CPU-based machines
sat idle for large chunks of the contest due to the difficulty in
managing so many distinct machines while trying to analyze passwords.
One team member analyzed our cracks per unit time coming from each
hash file and attempted to give insight on which hashes/companies to
shift our focus.
Low-Level Early-Middle Strategy
We had two 64-core (CPU) research servers at our disposal, so we set
one of them to focus mostly on DES hashes (using john) for the
duration of the contest. Our dictionary for this attack was created
prior to the contest using an order-5 Markov model, as described by Ma
et al. [1], trained on RockYou, Yahoo, MySpace, and a few other small
dictionaries. This approach paid off as we earned most of our early
points through the DES hashes, and our cracks from this were later
used as an effective dictionary to attack the shadow file of the
Challenge 1 VM, which were also worth a fair number of points.
We used the other 64-core server for several tasks, deciding to end
one task and switch to another when it appeared that the rate of
cracks per unit time was slowing down considerably. First, we
attacked the bcrypt hashes with the same Markov model dictionary as
the DES hashes, but after some early successes, we wasted a lot of
time with this approach. We then tried the same approach to more
success against MD5crypt, SHA512crypt, IKE_SHA1, and WPA-PSK.
We used our GPU machines and oclHashcat first to attack the faster
hashes (MD5, LM, NTLM, SHA1), brute forcing all passwords of length 8
and below. We then applied our canned dictionary and mangling rule
attacks to crack the 9 character and longer passwords. Then, when
those attacks completed, we used P.A.C.K. to compute the optimal mask
attacks on those hashes (removing the length 8 and shorter
masks).
We divided the medium speed hashes amongst the rest of our machines,
which were mostly personal laptops/desktops, and ran our same standard
dictionary and mangling rule attacks with john/hashcat.
At some point around 30 hours into the contest, we realized (along
with several other street teams) that the vbulletin hashes were worth
a lot of points relative to the compute effort required to perform the
hash. So, we shifted our efforts towards attacking vbulletin with
more machines. This resulted in a quick 50,000 points.
Low-Level Late Strategy
We noticed a few kinds of patterns, and attempted to exploit them by
harvesting words related to those patterns from the Internet. For
example, we noticed words that we thought looked like names of
asteroids, so we scraped Wikipedia and other astronomy websites for
astronomy terms. We also noticed physics and chemistry words, words
related to running, titles of classic movies, and two-word phrases
separated by a space. We created specialized dictionaries for each of
these patterns. We also noticed that passwords consisting entirely of
digits were also common.
As the contest came to a close, we began performing fingerprint
(dynamic pattern analysis) attacks with oclHashcat, which got us a few
more cracks. At this point, team 'shining ponies' was gaining on us
quickly, so we were becoming desperate for more points. Also, during
the final hours, we made the discovery that our automatic submission
script had been incorrectly parsing *.pot files with passwords
containing colons in them, as well as some of the salted passwords,
resulting in those passwords not being submitted correctly. This was
fixed a few hours before the closing of crack submission.
Closing thoughts
We would like to thank KoreLogic for running this contest and promptly
addressing the handful of issues we noticed related to scoring. We
would also like to congratulate Team hashcat for their first place
finish in the Pro division, and tip our hats to team 'shining ponies'
for a very close race. We look forward to playing again next year and
reading other teams' writeups.
[1] J. Ma, W. Yang, M. Luo, and N. Li. A Study of
Probabilistic Password Models. IEEE Security and Privacy, 2014.
