Posts

Extracting Secrets from Packet Captures (A CMIYC2024 Story)

Image
  " Interest is the most important thing in life; happiness is temporary, but interest is continuous. " - Georgia O'Keeffe Introduction: The focus of this blog entry will be on tools and scripts to analyze packet captures. This  is the result of falling down a rabbit hole when writing the previous tutorial on the CMIYC 2024 WIFI cracking challenge: [ Link ]. In that writeup I realized I hadn't been keeping up on the state of automated tooling to help extract secrets and interesting data from packet captures. So I asked for tips and suggestions on what I could use. And you all responded! This is another reason why these blog posts are really beneficial to me. I learn so much writing them, so thank you! As a disclaimer, while I will be using the CMIYC2024 dataset to explore using some of these tools, these tools are not really suited for password cracking competitions. For short competitions, you are better off performing manual analysis of the data. As a spoiler, none

CMIYC2024: Wifi Cracking Challenge

Image
" It is never too late to be who you might have been. " - George Elliot Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenges. You can view my previous two write-ups using the following links. Each one covered a specific challenge of the CMIYC contest: [ Striphash ] and [ Radmin3 hashes ].  I'll admit, in my previous posts I was focusing on the plumbing of the challenges. Aka how to extract the hashes and get them in a format that you can run password cracking attacks against. But I danced around how to run successful cracking sessions against those hashes. There's a lot of reasons for that, but the biggest one is that I wasn't very successful during the contest itself. I needed time to step back, and start investigating all the challenges and hints that Korelogic gave out during the contest but I didn't have time to really dig into. Then with sleep and no pressing deadlines I could start to solve, understand,

CMIYC 2024: RAdmin3 Challenge

Image
"Nothing is more permanent than a temporary solution. " - Russian Proverb Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenge. You can view the previous entry focusing on the StripHash challenge [ here ]. Like the last write-up, this one is going to focus on one specific hash format (RAdmin3), details about that hash format, and how to load those hashes into a cracking session. I'm going to defer most of the actual cracking of these passwords to a later writeup though since running a successful cracking session relies on solving other challenges found throughout the contest. Important Links, Tools, and References for this Post: Synactiv's blog post: Cracking Radmin Server 3 Passwords Link:   https://www.synacktiv.com/en/publications/cracking-radmin-server-3-passwords Reason:  This is really an amazing blog post going into dumping Radmin password hashes, reverse engineering their hashing algorithm, and then cracking t

CMIYC 2024: Striphash Challenge

Image
"I can accept failure. Everyone fails at something. But I can't accept not trying. " - Michael Jordan Introduction: First off, I really want to thank the team over at Korelogic for putting together a truly impressive contest. Korelogic always uses the CMIYC contest to push for change/improvements in password cracking tools and this event in particular was jam packed with different challenges that forced teams to really stretch their skills vs. letting their GPUs go Brrrrrrrrrrrr.  Second, I'd like to compliment the skill shown by all the players. One thing Korelogic mentioned after the contest was that the Street challenges were the same level of difficulty as those given to the Pro teams. Looking at the scoreboard and seeing street teams succeed like they did highlights the the level of ability on display. As far as the number of players who just popped on to learn something new, that's also impressive  There's a ton of stuff going on during Defcon and the fa