Le CTF a terminé mais pas moi !

Posted on September 26, 2013 by thanatos

Je me suis amusé à modifier le ‘bruteforceur’ que j’ai utilisé pour le chall du CSAW CTF. C’est pour de futurs challs; Il suffit de mettre sa fonction ‘Brute’ en assembleur ou en C pourquoi pas. Le Bitonio bruteforce à l’ancienne en multithread (Sur CPU hein…) en utilisant tous les charactères printables (de space à tilda ). Au retour de la fonction, si EAX est à 1 c’est gagné. A vous de poser votre fonction.

Le bignou est dispo sur mon GitHub

Et ça dépote sur mon Phenom II 4 Core, Il torche les 742 Milliards de combinaison de 1 à 6 char en 47mn (263 Millions de Hash/sec). Après tout dépend du Hash, ici il ne coute rien en processing.

Et voila sur le CTF de ce week-end

$ time ./brute
0:40:20 Len 1 Thread 1 start: ' ' to  '7'
0:40:20 Len 1 Thread 2 start: '8' to  'O'
0:40:20 Len 1 Thread 3 start: 'P' to  'g'
0:40:20 Len 1 Thread 4 start: 'h' to  '~'
0:40:20 Len 2 Thread 1 start: '  ' to  '~7'
0:40:20 Len 2 Thread 2 start: ' 8' to  '~O'
0:40:20 Len 2 Thread 3 start: ' P' to  '~g'
0:40:20 Len 2 Thread 4 start: ' h' to  '~~'
0:40:20 Len 3 Thread 1 start: '   ' to  '~~7'
0:40:20 Len 3 Thread 2 start: '  8' to  '~~O'
0:40:20 Len 3 Thread 3 start: '  P' to  '~~g'
0:40:20 Len 3 Thread 4 start: '  h' to  '~~~'
0:40:20 Len 4 Thread 1 start: '    ' to  '~~~7'
0:40:20 Len 4 Thread 2 start: '   8' to  '~~~O'
0:40:20 Len 4 Thread 3 start: '   P' to  '~~~g'
0:40:20 Len 4 Thread 4 start: '   h' to  '~~~~'
0:40:21 Len 5 Thread 1 start: '     ' to  '~~~~7'
0:40:21 Len 5 Thread 2 start: '    8' to  '~~~~O'
0:40:21 Len 5 Thread 3 start: '    P' to  '~~~~g'
0:40:21 Len 5 Thread 4 start: '    h' to  '~~~~~'
0:40:47 Len 6 Thread 1 start: '      ' to  '~~~~~7'
0:40:47 Len 6 Thread 2 start: '     8' to  '~~~~~O'
0:40:47 Len 6 Thread 3 start: '     P' to  '~~~~~g'
0:40:47 Len 6 Thread 4 start: '     h' to  '~~~~~~'
0:54:22 Got a Winner ---->62:33:20:36:3D:57<->b3 6=W<---- WIN

real    14m1.966s
user    54m50.174s
sys     0m0.028s

Depuis le CTF qui était tombé en 4h , j’en suis  à 14 mn désormais (6 Char printables soit 42 Bits, pour 54mn de temps réel sur tous les CPUs).

1300x plus vite que la version “John | perl”

C’est clair, c’est pas openCL mais cela suffit à mon [Mode auto-satisfation ON]

Le drame c’est que comme d’hab, un charset de a à z fait mieux et plus vite ,)

$ time ./brute 
2:22:54 Len 1 Thread 1 start: 'a' to 'g' 
2:22:54 Len 1 Thread 2 start: 'h' to 'n' 
2:22:54 Len 1 Thread 3 start: 'o' to 't' 
2:22:54 Len 1 Thread 4 start: 'u' to 'z' 
2:22:54 Len 2 Thread 1 start: 'aa' to 'zg' 
2:22:54 Len 2 Thread 2 start: 'ah' to 'zn' 
2:22:54 Len 2 Thread 3 start: 'ao' to 'zt' 
2:22:54 Len 2 Thread 4 start: 'au' to 'zz' 
2:22:54 Len 3 Thread 1 start: 'aaa' to 'zzg'
2:22:54 Len 3 Thread 2 start: 'aah' to 'zzn' 
2:22:54 Len 3 Thread 3 start: 'aao' to 'zzt' 
2:22:54 Len 3 Thread 4 start: 'aau' to 'zzz' 
2:22:54 Len 4 Thread 1 start: 'aaaa' to 'zzzg' 
2:22:54 Len 4 Thread 2 start: 'aaah' to 'zzzn' 
2:22:54 Len 4 Thread 3 start: 'aaao' to 'zzzt' 
2:22:54 Len 4 Thread 4 start: 'aaau' to 'zzzz' 
2:22:54 Len 5 Thread 1 start: 'aaaaa' to 'zzzzg' 
2:22:54 Len 5 Thread 2 start: 'aaaah' to 'zzzzn' 
2:22:54 Len 5 Thread 3 start: 'aaaao' to 'zzzzt' 
2:22:54 Len 5 Thread 4 start: 'aaaau' to 'zzzzz' 
2:22:54 Len 6 Thread 1 start: 'aaaaaa' to 'zzzzzg' 
2:22:54 Len 6 Thread 2 start: 'aaaaah' to 'zzzzzn' 
2:22:54 Len 6 Thread 3 start: 'aaaaao' to 'zzzzzt' 
2:22:54 Len 6 Thread 4 start: 'aaaaau' to 'zzzzzz' 
2:22:55 Len 7 Thread 1 start: 'aaaaaaa' to 'zzzzzzg' 
2:22:55 Len 7 Thread 2 start: 'aaaaaah' to 'zzzzzzn' 
2:22:55 Len 7 Thread 3 start: 'aaaaaao' to 'zzzzzzt' 
2:22:55 Len 7 Thread 4 start: 'aaaaaau' to 'zzzzzzz' 
2:23:5 Got a Winner ---->78:66:70:63:65:79:70<->xfpceyp<---- WIN

real 0m11.081s
user 0m42.999s
sys 0m0.016s

 

This entry was posted in Asm, Coding and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code