Announcement

Collapse
No announcement yet.

Details forth coming..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Details forth coming..

    Stay tuned for the announcement for this contest.

    The quick and dirty:

    Password cracking contest. 53000+ hashes. You have 48 hours to crack them. GO!

  • #2
    Re: Details forth coming..

    That sounds much more fun than doing stuff at the conference.

    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

    Comment


    • #3
      Re: Details forth coming..

      Originally posted by minga View Post
      Stay tuned for the announcement for this contest.

      The quick and dirty:

      Password cracking contest. 53000+ hashes. You have 48 hours to crack them. GO!
      Yeah, A lot more details need to come. A LOT. :-P
      "Haters, gonna hate"

      Comment


      • #4
        Re: Details forth coming..

        I heard minga is offering a prize of a dollar for every password cracked*.





        *This statement is a 100% fabrication of the truth.
        And I heard a voice in the midst of the four beasts, And I looked and behold: a pale horse. And his name, that sat on him, was Death. And Hell followed with him.

        Comment


        • #5
          Re: Details forth coming..

          Originally posted by HighWiz View Post
          I heard minga is offering a prize of a dollar for every password cracked*.





          *This statement is a 100% fabrication of the truth.
          Yeah, I hope this isn't an elaborate plan to get the yahoo and hot mail passwords of his ex girlfriends, or something similar. Just curious...I mean I'd want to know these things. Rofl to the Copter.
          "Haters, gonna hate"

          Comment


          • #6
            Re: Details forth coming..

            Passcracking.ru

            Done.

            :)

            Comment


            • #7
              Re: Details forth coming..

              Originally posted by Nikita View Post
              Yeah, A lot more details need to come. A LOT. :-P
              Agreed. So much more detail is necessary. Use this thread as an example of what kind of details need to be added. Contests are srs bizness.

              https://forum.defcon.org/showthread....hlight=tangent
              "They-Who-Were-Google are no longer alone. Now we are all Google."

              Comment


              • #8
                Re: Details forth coming..

                Originally posted by SHA-hi View Post
                Passcracking.ru

                Done.

                :)
                That site only has MD5 rainbow tables. How many UNIX systems store their passwords in raw-md5 format? What about Active Directory? What about LDAP Servers ? Not to mention that the current queue is 64752 other hashes ;) Good luck with that.

                Another thought on rainbow tables - they take a long time to complete a single lookup. How long with a lookup of xxxxx passwords take ? ;)

                Details any minute now...

                Comment


                • #9
                  Re: Details forth coming..

                  Originally posted by minga View Post
                  That site only has MD5 rainbow tables. How many UNIX systems store their passwords in raw-md5 format? What about Active Directory? What about LDAP Servers ? Not to mention that the current queue is 64752 other hashes ;) Good luck with that.

                  Another thought on rainbow tables - they take a long time to complete a single lookup. How long with a lookup of xxxxx passwords take ? ;)

                  Details any minute now...
                  ? The text is probably out of date. I know for a fact it has more than md5 hashes. I've used it just last week to find some SHA-1s. Lookup times on the server was 597ms latency, and 1.48seconds download (on my 180kb/s connection). Not too bad, I would estimate the lookup actually only takes 150ms on a dedicated version of this system (one that doesn't have on average 64000~ requests indicated). Of course, without an optimized guessing algorithm we're looking at 77 years for a hash_function("CaP1s2LoCk") to collide with hash_value. (at the max in our 150ms/operation system). If we optimize it we're probably looking at maybe a week before we hit a real collision in a sizeable database?

                  Some passwords I've rainbow-tabled from the database my co-workers use:

                  myname200 (where 200 is their system ID)
                  Companyname1
                  banking123
                  password (I went for a two hour lunch when I saw this).

                  Folks, we REALLY need to get the word of salting your hashes out there.

                  Comment


                  • #10
                    Re: Details forth coming..

                    Originally posted by SHA-hi View Post
                    ?
                    Folks, we REALLY need to get the word of salting your hashes out there.

                    Most of the LDAP servers I have seen in the "wild" have stopped using SHA - and now use SSHA. Salted SHAs. What other Operating System / Application uses SHA to store password hashes? Just curious.

                    Comment

                    Working...
                    X