Korelogic Logo Team hashcat has won CMIYC 2014! contact
Back to: Top Teams

cmu

Resources

Active Members 7
Software john-1.7.9-jumbo, ocl/cudaHashcat-1.21, Markov guesser [1], hashcat-0.47, P.A.C.K.
Hardware 262 CPU core-threads, 18 GPUs

Members
  • 3 Carnegie Mellon University (CMU) Ph.D. students
  • 1 CMU Master's student
  • 1 Pittsburgh area high school student
  • 1 CMU staff member
  • 1 non-CMU password researcher (MWR Labs)
Most of the members of the team are part of the CMU passwords research group and were recruited in an ad hoc process a few months prior to the contest. Two weeks before the contest, we had amassed a list 10 students who were willing to give at least a nontrivial amount of time towards the team effort. By the time of the contest start, however, personal and/or school obligations prevented 4 team members from being able to participate at all. Thus, we started the contest with 6 team members. A seventh player from MWR Labs, who had been a "maybe" originally, joined us quite late in the contest. It is worth nothing that of the 6 core participants, only two had ever used an off-the-shelf password cracking tool (such as John the Ripper or hashcat), because our research group typically performs adversarial modeling without the need for password hashing. In essence, only two of us had ever cracked a hash before, though most of us had conducted research into human behavior in creating passwords.

Hardware

CPU Physical/Logical
Cores Each
Quantity GPU Quantity
Intel i7-3770 4/8 1 AMD Radeon HD R9 290x 2
Intel i7-4850HQ 4/8 3 AMD Radeon HD R9 270 7
AMD Opteron 6274 16/16 8 AMD Radeon HD 7870 1
Intel Xeon E5-2670 (AWS) 4/8 6 NV Quadro 600 1
Intel i7-950 4/8 1 NV Quadro K520 (AWS) 6
Intel i7-4770 4/8 2 NV Geforce 9800 GT 1
AMD A8-3870K 4/4 1    
Intel Core2Duo P8700 2/2 1    
Intel i7-3820QM 4/8 1    
Intel i7-2600 4/8 1    
Intel i3-2330M 2/4 1    
AMD Phenom II X4 970 4/4 1  

We used a mixture of research machines and our personal machines, all with permission, as well as four older GPUs loaned from friends. There was about a 50-50 ratio of desktop to laptop computers. One of our team members spent personal funds to rent out a machine on an Amazon AWS cluster to make up for not owning any appropriate hardware.

Software

  • john-1.7.9-jumbo
  • ocl/cudaHashcat-1.21
  • Ma et al.'s Markov guesser [1]
  • hashcat-0.47
  • P.A.C.K.

High-Level Strategy

Each member was assigned several computers to manage. After figuring out what each file's hash type was, we used an ad hoc distribution approach with one member taking the lead and delegating tasks to other members. Because our team size was small, this approach worked fairly well, but predictably led to many task redundancies, idle processors, and overall wasted time. For example, many of our CPU-based machines sat idle for large chunks of the contest due to the difficulty in managing so many distinct machines while trying to analyze passwords. One team member analyzed our cracks per unit time coming from each hash file and attempted to give insight on which hashes/companies to shift our focus.

Low-Level Early-Middle Strategy

We had two 64-core (CPU) research servers at our disposal, so we set one of them to focus mostly on DES hashes (using john) for the duration of the contest. Our dictionary for this attack was created prior to the contest using an order-5 Markov model, as described by Ma et al. [1], trained on RockYou, Yahoo, MySpace, and a few other small dictionaries. This approach paid off as we earned most of our early points through the DES hashes, and our cracks from this were later used as an effective dictionary to attack the shadow file of the Challenge 1 VM, which were also worth a fair number of points.

We used the other 64-core server for several tasks, deciding to end one task and switch to another when it appeared that the rate of cracks per unit time was slowing down considerably. First, we attacked the bcrypt hashes with the same Markov model dictionary as the DES hashes, but after some early successes, we wasted a lot of time with this approach. We then tried the same approach to more success against MD5crypt, SHA512crypt, IKE_SHA1, and WPA-PSK.

We used our GPU machines and oclHashcat first to attack the faster hashes (MD5, LM, NTLM, SHA1), brute forcing all passwords of length 8 and below. We then applied our canned dictionary and mangling rule attacks to crack the 9 character and longer passwords. Then, when those attacks completed, we used P.A.C.K. to compute the optimal mask attacks on those hashes (removing the length 8 and shorter masks).

We divided the medium speed hashes amongst the rest of our machines, which were mostly personal laptops/desktops, and ran our same standard dictionary and mangling rule attacks with john/hashcat.

At some point around 30 hours into the contest, we realized (along with several other street teams) that the vbulletin hashes were worth a lot of points relative to the compute effort required to perform the hash. So, we shifted our efforts towards attacking vbulletin with more machines. This resulted in a quick 50,000 points.

Low-Level Late Strategy

We noticed a few kinds of patterns, and attempted to exploit them by harvesting words related to those patterns from the Internet. For example, we noticed words that we thought looked like names of asteroids, so we scraped Wikipedia and other astronomy websites for astronomy terms. We also noticed physics and chemistry words, words related to running, titles of classic movies, and two-word phrases separated by a space. We created specialized dictionaries for each of these patterns. We also noticed that passwords consisting entirely of digits were also common.

As the contest came to a close, we began performing fingerprint (dynamic pattern analysis) attacks with oclHashcat, which got us a few more cracks. At this point, team 'shining ponies' was gaining on us quickly, so we were becoming desperate for more points. Also, during the final hours, we made the discovery that our automatic submission script had been incorrectly parsing *.pot files with passwords containing colons in them, as well as some of the salted passwords, resulting in those passwords not being submitted correctly. This was fixed a few hours before the closing of crack submission.

Closing thoughts

We would like to thank KoreLogic for running this contest and promptly addressing the handful of issues we noticed related to scoring. We would also like to congratulate Team hashcat for their first place finish in the Pro division, and tip our hats to team 'shining ponies' for a very close race. We look forward to playing again next year and reading other teams' writeups.

[1] J. Ma, W. Yang, M. Luo, and N. Li. A Study of Probabilistic Password Models. IEEE Security and Privacy, 2014.
Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2024. KoreLogic Security. All rights reserved