Aug 21st, 2023
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.70 KB | None | 0 0
  1. This year we had 3 active members in achondritic, but one was on site at Defcon working off an old laptop in their free time and another had family commitments so was mostly just there for moral support and to bounce ideas off of. For several years we have been told that the amount of hardware you have is mostly irrelevant in these competitions so this year would really put that to the test. Over the course of the competition we used nothing more than 1x 4090, 1x 3080 Ti, and an old laptop.
  3. --------
  5. Day 0:
  7. Prior to the competition, I spent some time to revive our submission infrastructure from the previous year. We have a simple python flask submission server backed by a sqlite database. Team members regularly POST their potfile to this server which dedupes all submissions, stores them in the db, and forwards anything new to Korelogic's email address. Email responses are scraped with a separate script and then posted to a Discord channel for easy visibility. The vast majority of setup is fighting with PGP and email (every year I dream of Korelogic moving to a simple webserver submission process. I also dream of documenting how my server works. After 3 years of CMIYC, neither has occurred). While getting everything set up, I spent a little time cracking a handful of the test hashes just to make sure things were working correctly.
  10. --------
  12. Day 1:
  14. The hash lists were quite straightforward this year, which was quite nice to see after the madness last year. We were provided a single yaml file with all the hashes, plus some metadata per hash. Looking at the scoreboard and the point distribution per hash type, it was immediately obvious that bcrypt was going to be the thing to make it or break it for our team. So setting to work, I extracted all the hashes with some simple yq [1] commands, and also created a handful of files associating some of the metadata with the hashes. For example:
  16. cat 01.yaml | yq '.users[] | keys[] as $k | .[$k] | .PasswordHash + ":" + .SurName' -r > hash_surname.txt
  18. To start with, I just ran simple -a0 attacks against each hash mode, making a note of which wordlists & rule files I made it through before the attacks started getting long (aiming for < 10 min per attack). I ran into a small issue with the ssha512 hashes where hashcat wanted the identifier in all caps and the submission system wanted them in lowercase. This was fixed very easily with a find/replace on our python submission server.
  20. After this was done, I jumped directly to focus on the bcrypt hashes. I knew the metadata had to be relevant so I set to work creating some -a9 attacks based on given name, surname, and username. Running these with 1500 rules each gave me no hits at all. I saw a few other teams getting some bcrypts, but not a lot (as you would expect to see with a working -a9 attack), so I changed tactics and went with a straight dictionary attack. After 20k words or so, I finally had a handful of cracks. Upon further examination, I could find no correlation at all between my cracks and the metadata. A random person with an Indian name and an Indian city had some Polish word for their password? Something seemed off. I also postulated that maybe there was some sort of correlation between all the people who shared a surname (I saw most surnames were shared between 10-100 people).
  22. Not making much progress here, I started looking at the other cracks and continued to run more attacks on the fast hashes. Many cracks appeared to be 2-4 words separated by spaces, with a 1 appended. For example:
  24. I will not permit1
  25. here goes nothing1
  26. time in her life1
  27. Almost anything1
  28. thinking about1
  29. You want to watch1
  30. find something1
  31. all the colors1
  32. that I knew him1
  33. this is the story1
  34. Do you know the1
  35. beautiful woman1
  36. know about the1
  37. If you have any1
  38. responsible for1
  40. I did a bunch of searching but couldn't figure out exactly what these were. My best guess was quotes from songs. Along this train of thought, I parsed a wordlist that I have of 1.2m song titles on Spotify and this got a decent number of hits. I noticed some other patterns in my cracks as well - Japanese characters, Cyrillic, and some chemical compounds. Some examples:
  42. 03a3e98c480cd82e2126f059adf80679:全然
  43. 8fb2c8e88edb578dc8f4ad49e1ae941d:Vá!
  44. e94bbb1e13a542bf8591337acb3a0114:桜井
  45. 8301b153e7c83cc1609d9a224c730704:CH₂O
  46. 49299f4e709f4eb9cfa0d4fd2f1a6fa9:Lestarstöð
  47. b19a09b6ef9761a8e4ce81e994962716:KC₄H₅O₆
  48. 2d3a9545fb483985e58fd625e42fd14b:藤井
  49. ac15e41a75c2d81b5af083b61ee9cf44:今何時ですか
  50. 198a87c7b5e1ca05b084301c8e77a42e:どちらですか
  51. d523fdc74a1b269e2a059531ff2989c7:Девятую1
  52. 29f8f2a689697bcb0238da2a4b5ad3b0:Порошенко
  53. aaec5f377f9eac500482215948a285ab:Натюрлих!
  54. 14d36db44aad3e9a95c20b20c6044e82:என்பதைத்1
  55. dca178f61f45429fd8f50b6897430055:Сагайдачний
  56. c2a165877d7d6c32c8b9d7f2839c3eac:ᵈ¹
  57. 655b25220ad8a690e9b0edb2db233c5d:CaMg(CO₃)₂
  59. However at this point, I really felt like I was hitting a wall on what to try next so I decided to call it a day go relax for the rest of the night.
  61. --------
  63. Day 2:
  65. We had received some hints from Korelogic at this point, but none made any sense to me. One of the clues was in the form of an encrypted PGP message, so I used gpg2john and tried to crack it with JTR in the background. This eventually cracked with the password "acquisition" and gave another useless clue. I kept notes of all the clues so I could revisit them later.
  67. At the start of day 2, I finally decided it was time to sit down and write a python script to parse all the metadata and load it into a sqlite database along with all the passwords I had discovered so far in order to look for commonalities. This went surprisingly easier than expected and soon I was querying the data in all sorts of ways to see if anything popped out at me. Almost instantly I noticed some patterns emerge when querying by department. The Engineering department had many of those phrases with numbers and special characters appended, Telecom had a ton of hits starting with #3&4%#!, and Sales had a lot of business-y words with the current year appended.
  69. The Sales ones were easy to work with. I started running attacks against fast hashes to discover the base words used, then built out rules to match the dates and special characters appended and prepended. Since the hashes were narrowed down, the wordlist was so small, and the rules were quite simple, this even lead to very fast cracks on bcrypt. I used hashcat's -S flag and actually saw a significant speed improvement.
  71. The Telecom passwords starting with #3&4%#! I noticed all came from an old breach [2]. I ran this list against the Telecom bcrypt hashes and got a bunch of hits. I then started looking through hashmob's lists for other words that I saw in the Telecom passwords. They have a bot for this on their Discord but it wasn't working for me for some reason, so I just grep'd through my local copy of their founds lists. I saw hits in Time Warner Cable Business Class [3], [4], [5] which all lead to a number of other bcrypt cracks. Throughout the rest of the competition I kept coming back Telecom and grep to try to find if there were any other lists I had missed. I also attributed the hint about "reused passwords" to this one, though I'm not sure whether that's correct.
  73. Looking through the sqlite db some more, I found a few more patterns. Cyrillic names tended to have Cyrillic passwords, Japanese names had Japanese passwords, and Icelandic names had Icelandic passwords. All of these looked so rare though, I decided not to target these patterns. I figured it would take too long to figure out how to determine if a name fell into one of these categories for the amount of points it would get us.
  75. Revisiting one of the hints, I realized that "custom auth plugin was mangling some labels" might be referring to the fact that some passwords were unix epoch timestamps rather than user-created passwords, like they had mislabled the "created date" field as "password." I fought with datetime parsing in python for longer than I would've liked and eventually figured out how to convert all the "created date" timestamps in the metadata to unix epoch.
  77. Another PGP encrypted hint came, which fell quickly to JTR with the password "Bowie". This was about a particular password format: Environment[sep]Usage[sep]Host-Number. I quickly discovered the GHosting accounts in the metadata that seemed to be the relevant accounts for this, and broke down the letters in the usernames into 2 parts (Environment and Usage presumably) since they were all p/u/d then o/fs/mw/db/w/k/f. Maybe p/u/d = production, user acceptance, development, and then usage was things like database, web server, kubernetes, filesystem, etc. I tried a ton of masks and custom wordlists along this route but never got any hits. In hindsight I think I mostly tried long names (since the hint said the passwords were long) like database instead of db and assumed that the 2 separators would be the same length, and that the numbers at the end were correct for that system. I did try some other variations as well, but just didn't stumble onto a single correct one somehow.
  79. Finally I fought with 2-4 word phrases some more, especially in the Engineering section, with little luck. I parsed the Letters of J.R.R. Tolkien [6] because I thought I saw a handful of phrases from it and it seemed like a document that Korelogic would've chosen, so I left it running on bcrypts overnight.
  81. --------
  83. Day 3:
  85. I woke up in the morning to find my session had crashed some time in the night and I had way less cracks than I wanted. With only a few hours left, and most of the remaining hashes appearing to be these phrases, I knew that had to be my top priority. I started Googling phrases like mad, trying to find commonalities between them. Taking 3-4 phrases at a time with quotes in Google and seeing what they spit out. It was really slow going as many of the phrases showed up in a lot of different texts and it was impossible to tell which phrases were correlated with each other.
  87. I hit on what I thought were a few other possible sources - Hitchhiker's Guide to the Galaxy (a hint mentioned sci-fi books), Fahrenheit 451 (the same hint mentioned 451), The 5th Wave (another sci-fi book/movie), Star Trek IV The Voyage Home screenplay (I definitely saw some Spock references), some random book by Dostoevsky (idek). However, none of these returned hits very quickly. I did everything I could to optimize the attack, mainly targeting the phrases with rules that matched the following patterns:
  89. 12 character phrase + digit + special char ($!@%)
  90. 13 character phrase + special character ($!@%)
  91. 14-16 character phrase + 1
  93. Finally a hint was sent out about the CRC Handbook of Chemistry and Physics. I tried parsing this and using it. I worked under the assumption this mostly applied to the Research & Development department, and the chemical compounds came from here. I even wrote a python script to convert numbers to their unicode subscripts for chemical compounds (because the pdf parsing didn't handle subscripts). But at the end of the day, I got almost no hits at all from this.
  95. While almost all of the above cracking was done on my 4090, I had a machine with a 3080 Ti that I sent a couple of long running tasks to throughout the competition. With about an hour left in the competition I finally got around to submitting whatever that machine had recovered so far. After being neck and neck with team Hashmob for the past 24 hours, this was just barely enough to bump me ahead of them. They almost closed the gap in the last few minutes before the end as my final book attacks expired, but I just barely eked out 3rd place when all was said and done.
  98. --------
  100. Final thoughts:
  102. The submissions per device for our team was as follows.
  104. 4090 - 6,368 hashes
  105. laptop - 21 hashes
  106. 3080 Ti - 16 hashes
  108. Huge thank you to Korelogic for hosting this competition and putting together such a great set of hashes this year. This format worked quite well with the way the password categories were evenly spread across increasingly difficult hash types so you could start simple and work your way up.
  110. Congrats to Hashcat and Cynosure Prime on 1st and 2nd place respectively. And thank you to Hashmob for keeping the fire under me until the very last second in this competition as well as providing a great open community for hash cracking in general.
  112. --------
  114. References:
  116. [1]
  119. [2]
  122. [3]
  125. [4]
  128. [5]
  131. [6]
Add Comment
Please, Sign In to add comment