Skip to main content
Back to Contest Archive

Crack Me If You Can 2012

DEF CON 20 contest materials with hashcat winning, plus team standings, scoreboards, rules, photos, and hash-type breakdowns.

Event
DEF CON 20
Dates
July 2012
Winner
hashcat

Submitting results

Once you have cracked some passwords or encrypted files, submit them to us in a PGP signed & encrypted email. The payload varies a little depending on what you cracked.

Password hashes Every time you submit cracked passwords, send us all the plaintexts you have cracked so far, each on one line by itself. Don't include anything else on the lines, such as 'username:plaintext' or 'hash:plaintext', just 'plaintext'. We will verify them, and update the stats page. If you send us junk that's not correct plaintexts, we will assume you are spewing /dev/random at us and shun all future mail from you.

File challenges When you crack a challenge file, submit to us a line containing:

filename plaintext

Notice the space (' '), and there is no colon (':'). You can mix this in with a submission of password cracks. Unlike with password crack submissions, you do not need to send us all your challenge file cracks every time you crack a new challenge (although there is no problem doing so, either).

Submit often Try not to go too long between submitting updates. One every two hours or so is preferred. We want the stats pages to accurately reflect the progress of the different teams. Besides, a big jump in cracks/points after a long silence could mean that a team has stolen cracks from another team. Of course if you sleep a few hours and miss a couple we will forgive you. But if you go more than 12 hours without an update, we will assume you gave up or died of alchohol poisoning.

But not too often Do not flood us with submissions. We will assume you are trying to DoS us. We will ignore submissions from a team sent faster than once per five minutes. Sending us more than one per minute will disqualify your team. An exception is if you are the first to crack a challenge--send us that immediately, even if you just submitted. Even if we throttle you initially, we'll sort it out.

Example submission Here is what a submission process might look like.

$ cat cracked
plaintext1
challengefile.zip password
plaintext2
plaintext3

$ gpg -a -o submission-email.pgp.asc -r sub-2012@contest.korelogic.com \
                                                             -se cracked
$ mail -s "cracked" sub-2012@contest.korelogic.com \
					< submission-email.pgp.asc
Or attach the file keysub-email.pgp.asc to an empty email to sub-2012@contest.korelogic.com, such as if you are using Gmail.

Don't forget to use --default-key 0xDEADBEEF if you created a dedicated PGP key just for this event.





Back to Contest Archive