Back to: Top Stats
Hash Details, Points, and Counts
Below is the full list of hash types used in this year's contest, the point
value of each crack for those hashes, and how many were in each of the Pro and
Street set. As you can see they were generally shaped very similarly, but with
some variation, and obviously with different plaintexts.
Although it is generally true that harder hashes are worth more points, they
are deliberately not perfectly proportional. Figure out how to game the
scores and focus your efforts accordingly.
Contest
Hash Name | Notes | Points Each | Pro Hashes | Street Hashes |
|---|
| bf
| bcrypt, Blowfish crypt, $2a$
| 550
| 3,654
| 3,646
|
| bwtdt
| s.md5(sha1(md5(s.sha1(p))))
| 65
| 3,553
| 3,547
|
| Challenge1
| Base64 MD5
| 25
| 4,911
| 4,912
|
| Challenge2
| OSX Salted SHA-512
| 80
| 9,882
| 9,882
|
| Challenge3
| Find them first...
| 35
| 15,023
| 15,690
|
| Challenge4
| Lossy Double MD5
| 5
| 5,000
| 5,000
|
| Challenge5
| RC2. Security Through Obscurity!
| 9,000
| 13
| 13
|
| Challenge7
| Cisco Type 4
| 6
| 10,000
| 10,000
|
| Challenge9
| MS EFS Files[*]. Good luck!
| 250,000
| 2
| 2
|
| cisco4
| Cisco Type 4
| 6
| 1,822
| 1,819
|
| des
| UNIX DES Crypt
| 55
| 20,423
| 20,193
|
| drupal7
| Salted SHA512
| 100
| 5,614
| 5,632
|
| dynamic_1
| joomla Salted MD5
| 35
| 3,590
| 3,570
|
| epi
| EPI Salted SHA1
| 50
| 1,747
| 1,762
|
| episerver
| EPI Salted SHA256
| 50
| 1,858
| 1,823
|
| gost
| GOST R 34.11-94
| 7
| 1,918
| 1,903
|
| md5
| FreeBSD MD5 Crypt, $1$
| 225
| 6,648
| 6,573
|
| mscash
| MS Cache V1 - Single salt
| 2
| 5,255
| 5,266
|
| mscash2
| MS Cache V2 - Single salt
| 80
| 1,897
| 1,927
|
| mssql12
| MS SQL 2012
| 75
| 7,302
| 7,358
|
| mysql-sha1
| MySQL SHA1
| 3
| 3,564
| 3,542
|
| nsldap
| Base64 SHA1
| 2
| 16,413
| 16,299
|
| nt
| NTLM, MD4-based
| 1
| 32,919
| 32,552
|
| oracle11
| Oracle 11g SHA1
| 30
| 1,820
| 1,794
|
| salted-sha1
| Base64 Salted SHA1
| 30
| 14,010
| 13,962
|
| scrypt
| Crypt::ScryptKDF style scrypt
| 500
| 1,820
| 1,821
|
| sha512crypt
| UNIX SHA512 Crypt, $6$
| 700
| 3,666
| 3,692
|
| sunmd5
| Sun Many Round Salted MD5
| 700
| 3,572
| 3,576
|
Encrypted File Points and Details
Here is the list of all encrypted file challenges, their plaintext
passphrases, the point values for each, and the hints that each
contained once the file was decrypted.
| Filename | Passphrase | Point Value | Encrypted Hint |
|---|
| Challenge6_pro_Company2_easy.pgp
| 2Lundy
| 10,000
| Company2: Illness
|
| Challenge6_street_Company2_easy.pgp
| !Chun
|
| Challenge6_pro_Company2_medium.pgp
| 2Mossuril
| 20,000
| Company2: Human and animal disease - not the computer type
|
| Challenge6_street_Company2_medium.pgp
| !Corriparta
|
| Challenge6_pro_Company2_hard.pgp
| 3Pseuderanthemum
| 40,000
| Company2: An infective agent that typically consists of a nucleic acid molecule in a protein coat
|
| Challenge6_street_Company2_hard.pgp
| 2LucerneAustralian
|
| Challenge8_pro_easy.pdf
| L4sV3g4z
| 10,000
| Company1: These guys never use their hands.
|
| Challenge8_street_easy.pdf
| D3FCoN21
|
| Challenge8_pro_medium.pdf
| ZZt0pr0x
| 20,000
| Company1: Number 1 sport in the world.
|
| Challenge8_street_medium.pdf
| FyI4All1
|
| Challenge8_pro_hard.pdf
| 24Le`m0ns
| 40,000
| Company1: The best of the best with a little kradness thrown in.
|
| Challenge8_street_hard.pdf
| 69C4m4r0!
|
| Challenge9 Pro Medium [*]
| Sw3at3r!
| 250,000
| Company3: "That is not dead which can eternal lie, And with strange aeons even death may die." and "Lovecraft"
|
| Challenge9 Street Medium
| waddles1
|
| Challenge9 Pro Hard
| B00k&s3cr3ts
| 250,000
| Company3: Cthulhu Lexicon
|
| Challenge9 Street Hard
| ScaryWoods123
|
| Challenge10_pro_easy.zip
| 1a2b3c4d
| 10,000
| Company6 has password-change mechanisms intended to reject passwords
containing common dictionary words of four characters or more.
|
| Challenge10_street_easy.zip
| 4d3c2b1a
|
| Challenge10_pro_medium.zip
| c0lds0re
| 20,000
| Company6's Active Directory requires a minimum of 9 character long
passwords.
|
| Challenge10_street_medium.zip
| h3adach3
|
| Challenge10_pro_hard.zip
| c00rslit3!
| 40,000
| Company6 has password-strength enforcement that prevents multiple
users from selecting duplicate passwords.
|
| Challenge10_street_hard.zip
| c0ldb33rs.
|
| Challenge11_pro_easy.7z
| foofa321
| 10,000
| Company7 has password-change mechanisms intended to reject passwords
containing common dictionary words of four characters or more.
|
| Challenge11_street_easy.7z
| wakka123
|
| Challenge11_pro_medium.7z
| 7Eleven!
| 20,000
| Company7's Active Directory requires a minimum of 9 character long
passwords.
|
| Challenge11_street_medium.7z
| 1GIJoe!!
|
| Challenge11_pro_hard.7z
| fop4rfcfop4rfc
| 40,000
| Company7 has password-strength enforcement that prevents multiple
users from reusing common topologies (patterns).
|
| Challenge11_street_hard.7z
| ItsJustMath
|
| Challenge12_pro_easy.odt
| Ch3ck0ut.
| 10,000
| Company8 has password-change mechanisms intended to reject passwords
containing common dictionary words of four characters or more.
|
| Challenge12_street_easy.odt
| Perform$$
|
| Challenge12_pro_medium.odt
| r3DR3dW!n3
| 20,000
| Company8's Active Directory requires a minimum of 9 character long
passwords.
|
| Challenge12_street_medium.odt
| MarrYM3?
|
| Challenge12_pro_hard.odt
| juNK^r00M!
| 40,000
| Company8 has password-strength enforcement that shape users'
passwords to use random topologies (patterns).
|
| Challenge12_street_hard.odt
| N1gHt!m4r3
|
| Challenge13_pro_easy.kdbx
| F1rePL4Ce.
| 10,000
| Company5: The only place Tiamat and Bahumet get along in.
|
| Challenge13_street_easy.kdbx
| D4rlA!2
|
| Challenge13_pro_medium.kdbx
| Qu3nCHmE^
| 20,000
| Company5: AD&D Monster Manual
|
| Challenge13_street_medium.kdbx
| C0lL3ct$100
|
| Challenge13_pro_hard.kdbx
| Sh4RK%nAD0*
| 40,000
| Company5: 1st Ed Monster Manual and Fiend Folio
|
| Challenge13_street_hard.kdbx
| M3an`G1rlS!
|
[ *] Challenge 9 was encrypted files containing
hints, but it was treated and scored as password hashes, since guessing
the users' passwords was the way to decrypt the files.
|
