Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.
hashcat Forum
PHDays Hashrunner challenge 2015 - Writeup - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: Organisation and Events (https://hashcat.net/forum/forum-24.html)
+--- Thread: PHDays Hashrunner challenge 2015 - Writeup (/thread-4370.html)

Pages: 1 2


PHDays Hashrunner challenge 2015 - Writeup - kartan - 05-19-2015

As you may know, we won the contest.

Here is the writeup:

https://hashcat.net/events/hashrunner2015/team_hashcat_writeup_phd_2015.pdf

Cheers!
dropdead


RE: PHDays Hashrunner challenge 2015 - Writeup - forumhero - 05-21-2015

great write up!

question regarding scrypt. how did you guys get JTR to work since it is not natively supported?

also, did you guys happen to notice LM hash had a bunch of plains that appeared to look like encoded PHP? for example:

\U77F3\U67F1\U
\U6CE2\U6FE4\U
\U8B66\U5099\U
\U63D0\U723E\U
\U7600\U9752\U

or perhaps it was a dead end


RE: PHDays Hashrunner challenge 2015 - Writeup - epixoip - 05-21-2015

JTR does have scrypt support...
https://github.com/magnumripper/JohnTheRipper/search?q=scrypt


RE: PHDays Hashrunner challenge 2015 - Writeup - forumhero - 05-21-2015

thx, epixoip!


RE: PHDays Hashrunner challenge 2015 - Writeup - Xanadrel - 05-21-2015

(05-21-2015, 03:40 AM)forumhero Wrote: LM hash had a bunch of plains that appeared to look like encoded PHP? for example:

\U77F3\U67F1\U

> Encoded PHP
kek


RE: PHDays Hashrunner challenge 2015 - Writeup - mastercracker - 05-21-2015

(05-21-2015, 06:05 AM)epixoip Wrote: JTR does have scrypt support...
https://github.com/magnumripper/JohnTheRipper/search?q=scrypt
I got the precompiled binaries from 1.8.0 jumbo1 (win64) and could not get it to work (can't load hashes). Do you have to change the hash format? What --format value do you use in the command line, scrypt?

Edit: I tried also the bleeding jumbo version 1.8.0.2 and had the same problem.


RE: PHDays Hashrunner challenge 2015 - Writeup - epixoip - 05-21-2015

If you look at the plugin you will see the format it expects:

https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/scrypt_fmt.c#L54-78

You can also look at prepare() in the same file as well.


RE: PHDays Hashrunner challenge 2015 - Writeup - mastercracker - 05-22-2015

(05-21-2015, 10:45 PM)epixoip Wrote: If you look at the plugin you will see the format it expects:

https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/scrypt_fmt.c#L54-78

You can also look at prepare() in the same file as well.
Thanks for the help. I don't get it. I am in the bleeding jumbo version, I put one the hash that they provide in the link you gave me:
Code:
$ScryptKDF.pm$16384*8*1*VHRuaXZOZ05INWJs*JjrOzA8pdPhLvLh8sY64fLLaAjFUwYCXMmS16NXcn0A=
I use the following command line:
Code:
john.exe --format=scrypt --wordlist=dic4.txt hash.txt
JTR does not load the hash.


RE: PHDays Hashrunner challenge 2015 - Writeup - gearjunkie - 05-22-2015

I had a similar issue. If you downloaded the Window pre-compiled binary then you are unlikely to be using the latest bleeding jumbo. Try this command below and check the results:

Code:
john --list=format-tests --format=scrypt

If the result from the last line looks similar to the output below then it is not the latest bleeding jumbo.

Code:
scrypt  10    SCRYPT:16384:8:1:VHRuaXZOZ05INWJs:JjrOzA8pdPhLvLh8sY64fLLaAjFUwY
CXMmS16NXcn0BhlHpZJ3J2jcozCDM7t+sfjkgQ894R+f+ldVWM5atlkA==      password



RE: PHDays Hashrunner challenge 2015 - Writeup - blazer - 05-22-2015

Congrats Team Hashcat, you really showed us all how it's meant to be done.

Our team write-up is also up

We had lots of fun!

https://cynosureprime.blogspot.com/