After seeing yescrypt hashes appear in CMIYC a while back, I started developing a yescrypt cracker in pure Go. Since then, yescrypt has become the default /etc/shadow hash for many popular linux distros such as Debian, Ubuntu, RHEL, Fedora, and Arch (to name a few), but hash cracking support for this algo has been limited to JtR -- until now.

Here's a sneak peek of the yescrypt_cracker POC:

https://forum.hashpwn.net/post/446

#yescrypt #hashcracking #cyclone #hashpwn #hashcat #cmiyc #jtr #johntheripper #golang

Countdown for the next Jabbercracky hash cracking contest has begun! Mark your calendars for this weekend.

https://forum.hashpwn.net/post/390

#jabbercracky #hashcracking #competition #hashpwn #ctf #cmiyc #ctc #contest

If you want to compete in the #Defcon #CMIYC contest as a member of a pro team, team john_users is accepting new members. It is an amazing opportunity to learn from top password cracking experts. Sign up link: https://openwall.info/wiki/john/contests

May thy knife chip and shatter!

#cmiyc

so...

In prep fo rthis contest, I tried to get a few "generic" lists and rules together...

rockyou + https://github.com/NotSoSecure/password_cracking_rules

seemed to open ~60-75% of most breaches I had on hand... But, I am VERY SURE that the #CMIYC people taylored their hashlists to NOT work via rockyou... :(

If you have a GPU or not, I'm looking to get more familiar with hashcat + rule sets for making better guesses...

The test hashes provided don't go very far with wordlists/known rules alone...

#defcon31 #cmiyc

Catch Me If You Can -
Ukiyo-e style illustration
#babymetal #catchmeifyoucan #cmiyc #MaadaDaYo