Lance Grover

Lance Grover

CMIYC 2021

Posted date:


CrackMeIfYouCan 2021, I competed on team Crevasse.

This is a little old now, but figured I would post it as is…some of the other team also created some good posts, and this is mostly just for me to remind me what I did and that I need/want to do the following:
1. update all my systems

2. update my rule sets from what I am generating from the HIBP cracking

3. get my wordlists and rule sets out to all my rigs

4. get the PRINCE processor stuff out to all my rigs

5. setup central management….recipes….etc.

First when the contest opened they provided a list of hashes as History6 and we identified the hash type based on length 33 chars, and our first attempt of cracking as NTLM. The first attempt was to crack hashes as NTLM using the Rockyou wordlist with a custom “all rules” rule file based on best64/nsa65/hob064/my custom rules/dead0ne/d3adhob0/dive/kamaji34k/historical ALL rule similar to the OneRuleToRuleThemAll.rule (basically a big combination of all the rules, but have to clean them up for specific hash types, etc., then I add my custom rules to it from previous observations and previous competitions)

Next progress to my custom wordlist leveraging the same rules, the temp-all-rule was used (combination of all the above)

Next progress to the HIBP wordlist from the 2020 HIBP export with the above rules

last move to the Top2Billion, but running all rules was going to take until late Saturday on lists 4/5/6 – kept it running

on other rigs I ran the following:

  • found several plains based on months with numbers and other perms, created a list of month names with verious capitolizaitons, ran above rules
  • found several plains based on numbers written out in English, created word list with several perms of written in English, leveraged combinator.bin to join them, then ran above rules
  • found several plains based on music, pulled a list of top song names from github, performed some basic bash text cleanup to make it a single list of all words, created one with no space and one with a trailing space, then used combinator3.bin to join into 3 word phrases ensuring a space between each word but not at the end – performed rules on this
  • took existing plains and re-ran them through the rules
  • took existing plains and ran random rules on them
  • took existing plains and cut them to only the first 8 characters, then combined them with themselves, making 16 character perms – ran above rules on this, then later also ran random rules (bash: cut -c -8)
  • took a text file of the bible, cut it to single words, then performed combination of 2 and 3 words
  • took existing plains, split to 4 and 5 char lengths and ran rules
  • took existing plains, stripped out all capitols – ran rules (bash: sed “s/[A-Z]//g”)
  • took existing plains, stripped out all lowercase – ran rules (bash: sed “s/[a-z]//g”
  • took existing plains, stripped out all numbers – ran rules (bash: sed “s/[0-9]//g”
  • noticed several plains started or ended with _ or (number) and variations of this, created a custom rule set to apply this, ran it on the above word lists performing stacking rules, such as combining it with a combined stack of best64/nsa64/hob064
  • performed an 8 char brute force
  • performed a 9 char brute force for several hours
  • ran rules on 9/10/11 char lengths of the RogueGathering wordlist

rig with 6x nvidia 1080 cards – ran mostly the Top2Billion wordlist with custom all rules
rig with 6x nvidia 1060 cards – attempted brute force of 8 and 9 characters, also masked attack of several variations of what was seen in the plains, ran the random rules on larger lists
machine with single nvidia 1080 – ran the bible words, the numbers written out in English, the custom rules based off _ or (number) perms
machine with single nvidia 2060 – ran the rogegathering wordlist with rules, and splitting the existing perms into 8 char length then combining into 16 char
machine with single nvidia 1060 – ran months and shorter rules on HIBP/my custom wordlists/rockyou
laptop with single nvidia 2070 – ran random rules, and stripped out capitol or stripped out lower case or stripped out numbers
laptop with single nvidia 1070 – ran verification of older versions of hashcat, to ensure the hash encoding was correct (this only happened later on)