There were roughly 30 Street teams that participated in Korelogic’s 2020 Crack Me If You Can password cracking contest at Defcon. I took 4th place.
I think this was the 10th year that Korelogic has sponsored this contest at Defcon.
Some of the teams had two or three team members (some had more) and used multiple high end GPUs. It’s always fun to compete with these teams using cheap hardware and homemade software.
I normally place 3rd, 4th or 5th. I took 1st place in 2013.
I used my home desktop to crack the hashes. At the time of the contest, it was just over a year old. I built it from parts in July 2019.
The CPU is a first generation AMD Ryzen Threadripper 1950X. This CPU isn’t too shabby but it pales in comparison to the third gen Threadripper. I only used the CPU to crack the keychain hashes (see explanation below).
$ grep 1950X /proc/cpuinfo | tail -n 1
model name : AMD Ryzen Threadripper 1950X 16-Core Processor
The GPU is a cheap ZOTAC and is under powered compared to high-end units, but it did OK. I used it to do most of the cracking.
$ sudo lspci -v | grep -C 15 ZOTAC
08:00.0 VGA compatible controller: NVIDIA Corporation GP104 [GeForce GTX 1060 6GB] (rev a1) (prog-if 00 [VGA controller])
Subsystem: ZOTAC International (MCO) Ltd. GP104 [GeForce GTX 1060 6GB]
Flags: bus master, fast devsel, latency 0, IRQ 92, NUMA node 0
Memory at d8000000 (32-bit, non-prefetchable) [size=16M]
Memory at c0000000 (64-bit, prefetchable) [size=256M]
Memory at d0000000 (64-bit, prefetchable) [size=32M]
I/O ports at 3000 [size=128]
Expansion ROM at 000c0000 [virtual] [disabled] [size=128K]
Capabilities:  Power Management version 3
Capabilities:  MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities:  Express Legacy Endpoint, MSI 00
Capabilities:  Virtual Channel
Capabilities:  Power Budgeting <?>
Capabilities:  Advanced Error Reporting
Capabilities:  Vendor Specific Information: ID=0001 Rev=1 Len=024 <?>
Capabilities:  Secondary PCI Express
Kernel driver in use: nvidia
Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia
In total, it cost about $1,900 US dollars to build this computer and I typically use computers like this for five to seven years before building another.
The software I used to crack the hashes is pretty standard.
The only oddity is the password generation software that I wrote. It’s called Word Machine (wm) and I use it to create candidate passwords in a fashion similar to how humans create passwords. I pipe its output to john or hashcat.
Here’s a simple example:
$ echo -n word | wm -leet | wm -astring 2021 | wm -app 1 -chars sf
Word machine does much more than this, but in general, that’s how it works.
I have implemented wm in C++ and in Go. The last several years, I’ve only been using the Go version as it performs better and the code is cleaner (Go was the second implementation).
I may publish the source code someday, but for now, it’s just a private hobby project.
The contest always has a variety of hashes. More points are awarded for cracking more difficult hash types. Here’s the list of the 2020 hash types:
- type=100 # sha1
- type=111 # openssha (salted-sha1)
- type=112 # oracle11
- type=132 # mssql05
- type=400 # phpass
- type=1400 # raw-sha256
- type=1700 # raw-sha512
- type=1731 # mssql12
- type=1800 # sha512crypt
- type=3711 # mediawiki
- type=7400 # sha256crypt
- type=10900 # PBKDF2-HMAC-SHA256
- type=23100 # Apple keychain
I used word machine to generate common password patterns. Once I found a pattern for a certain user or type of hash, then I configured wm to focus on that particular pattern for awhile. Below are a few examples.
The sha512crypt hashes I cracked were largely made up of two words (fuck and shit) with common numeric appends and prepends. They were all eight characters long.
Once wm discovered that, I began focusing on just those two words and that specific pattern. I think I cracked about 1/3 of the sha512crypts on the first day of the contest. Because of this, I took the lead and held it for awhile.
There were a few variations of those words, too, such as 35fucker and fuckYou3. Sorry for the vulgarity. I did not makeup the passwords. I just cracked them. I cracked many of these after the contest ended (see my pot files below).
sha512crypt is a hard, slow hash to attack and many teams didn’t bother trying. While simple cryptographic hashes, such as sha1, are much faster to attack, they were not worth many points.
A raw-sha1 crack earned only 1 point. A sha512crypt crack earned 800,000 points. I cracked 220 of them.
Word Machine discovered Dallas214 in the sha256crypt hashes on the last day of the contest. Having more than a dozen hash types to attack and being a one man team (with only one inexpensive GPU) makes it difficult to discover and then spend time focusing on all the patterns in the various hash types. I wish I had discovered this pattern sooner. I cracked 88% of them, but only 53% were accepted due to some of the passwords being expired/changed on the second day of the contest (no credit for cracking them). Anyway, these were mostly cities with area codes appended.
The keychain hashes were capitalized passphrases such as Abidewithme, Whenpigsfly, and Sonofagun. word machine quickly discovered that pattern and I was able to focus on it early in the contest. I got a lot of points for these cracks, however, my version of Hashcat did not recognize the keychain hashes, so I had to pipe to John (which meant using the CPU) to crack these. That made this attack even slower.
For some reason, Hashcat did not recognize all the the PBKDF2-HMAC-SHA256 hashes. There were 1,000 but Hashcat only saw 528. These hashes were really too difficult for John and my CPU to handle. I did uncover the pattern (after the contest had ended) and cracked most of them.
Update: The hash/digest portion of 472 of the PBKDF2-HMAC-SHA256 hashes contained periods (which is an invalid base64 character). The salts were all valid. I wrote a small Go program to figure this out and correct it. I’m not sure if this was intentional or an accident. Either way, kudos to the teams who figured this out and cracked these during the contest. My failure to crack these (during the contest) is the main reason I was 4th instead of 3rd.
View my pot files (linked below) to see what other types of patterns wm found in other hash types.
The contest was fun. It always is. It’s a great way to learn more about hacking, cracking and encryption. I encourage everyone who likes to write code and fiddle with computers to try it next year. A big thanks to Hank and the Korelogic team for putting on the contest this year despite the pandemic.
The pot files and hashes
Some of these hashes were cracked during the contest while others were cracked after it ended. I like to crack some of each type so that I understand the patterns that were used to create the passwords. I’ve lost a few cracks, too, since the contest ended.
The hash file contains the fixed PBKDF2-HMAC-SHA256 hashes and the originals (oracle11 too).