+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: Organisation and Events (https://hashcat.net/forum/forum-24.html)
+--- Thread: PHDays Hashrunner challenge 2015 - Writeup (/thread-4370.html)
Pages:
1
2
PHDays Hashrunner challenge 2015 - Writeup - kartan - 05-19-2015
As you may know, we won the contest.
Here is the writeup:
https://hashcat.net/events/hashrunner2015/team_hashcat_writeup_phd_2015.pdf
Cheers!
dropdead
RE: PHDays Hashrunner challenge 2015 - Writeup - forumhero - 05-21-2015
great write up!
question regarding scrypt. how did you guys get JTR to work since it is not natively supported?
also, did you guys happen to notice LM hash had a bunch of plains that appeared to look like encoded PHP? for example:
\U77F3\U67F1\U
\U6CE2\U6FE4\U
\U8B66\U5099\U
\U63D0\U723E\U
\U7600\U9752\U
or perhaps it was a dead end
RE: PHDays Hashrunner challenge 2015 - Writeup - epixoip - 05-21-2015
JTR does have scrypt support...
https://github.com/magnumripper/JohnTheRipper/search?q=scrypt
RE: PHDays Hashrunner challenge 2015 - Writeup - forumhero - 05-21-2015
thx, epixoip!
RE: PHDays Hashrunner challenge 2015 - Writeup - Xanadrel - 05-21-2015
(05-21-2015, 03:40 AM)forumhero Wrote: LM hash had a bunch of plains that appeared to look like encoded PHP? for example:
\U77F3\U67F1\U
> Encoded PHP
kek
RE: PHDays Hashrunner challenge 2015 - Writeup - mastercracker - 05-21-2015
(05-21-2015, 06:05 AM)epixoip Wrote: JTR does have scrypt support...I got the precompiled binaries from 1.8.0 jumbo1 (win64) and could not get it to work (can't load hashes). Do you have to change the hash format? What --format value do you use in the command line, scrypt?
https://github.com/magnumripper/JohnTheRipper/search?q=scrypt
Edit: I tried also the bleeding jumbo version 1.8.0.2 and had the same problem.
RE: PHDays Hashrunner challenge 2015 - Writeup - epixoip - 05-21-2015
If you look at the plugin you will see the format it expects:
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/scrypt_fmt.c#L54-78
You can also look at prepare() in the same file as well.
RE: PHDays Hashrunner challenge 2015 - Writeup - mastercracker - 05-22-2015
(05-21-2015, 10:45 PM)epixoip Wrote: If you look at the plugin you will see the format it expects:Thanks for the help. I don't get it. I am in the bleeding jumbo version, I put one the hash that they provide in the link you gave me:
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/scrypt_fmt.c#L54-78
You can also look at prepare() in the same file as well.
Code:
$ScryptKDF.pm$16384*8*1*VHRuaXZOZ05INWJs*JjrOzA8pdPhLvLh8sY64fLLaAjFUwYCXMmS16NXcn0A=Code:
john.exe --format=scrypt --wordlist=dic4.txt hash.txtRE: PHDays Hashrunner challenge 2015 - Writeup - gearjunkie - 05-22-2015
I had a similar issue. If you downloaded the Window pre-compiled binary then you are unlikely to be using the latest bleeding jumbo. Try this command below and check the results:
Code:
john --list=format-tests --format=scryptIf the result from the last line looks similar to the output below then it is not the latest bleeding jumbo.
Code:
scrypt 10 SCRYPT:16384:8:1:VHRuaXZOZ05INWJs:JjrOzA8pdPhLvLh8sY64fLLaAjFUwY
CXMmS16NXcn0BhlHpZJ3J2jcozCDM7t+sfjkgQ894R+f+ldVWM5atlkA== passwordRE: PHDays Hashrunner challenge 2015 - Writeup - blazer - 05-22-2015
Congrats Team Hashcat, you really showed us all how it's meant to be done.
Our team write-up is also up
We had lots of fun!
https://cynosureprime.blogspot.com/