Password Cracking Contest | SAINTCON 2018

Password Cracking Competition

Brought to you by BashNinja @_bashNinja


SAINTCON's third annual Password Cracking Competition!

The first year we had Josh Dustin provide a list of themed pancake passwords, last year we had 60 Million passwords tweaked and sourced from, this year we're going to switch it up again!

Instead of having a large amount of passwords to crack, you're going to go through a series of challenges where your password cracking skills will be invaluable. What does that mean? It means you should brush up on cracking all forms of passwords. Do you know how to crack a Windows LM or NTLM Hash? What about HTTP Basic Auth or .htpasswd files? Maybe we can put in a little bit of /etc/passwd? Or even a WPA2 Handshake? The sky is the limit here. Let's hope you're up to the challenge.

Don't have a beefy password cracking rig? Look into joining a friend who has one or even building your own in the cloud for a few bucks an hour! This competition will be all about how knowlegable your are in password formats and how good you are at cracking password hashes. Are you crafty at making good word lists? Perhaps you can beat all the big systems by a more methodical approach and locking in your mangle and dictionary skills! Have you played with every hash format under the sun? Maybe you have your cracking environment setup even before the CTF begins. We'd love to have as many are willing to play join us!


This year, the password cracking competition is all about your knowledge of cracking various password formats. Our goal here is to expose everyone to as many different formats as possible. This year it's not about loading all the passwords, clicking go, and then coming back 3 days later and submitting everything you've solved. You'll be bouncing between formats every 5 passwords. We hope to challenge our players, and teach them to be versitale in all the password formats they may come across.


All SAINTCON participants are encouraged and invited to play. The competition times are below.

Password Cracking Event Starts - Tuesday Sep 25th === 10:00am

Password Cracking Event Ends - Thursday Sep 27th === 10:00pm

How to Play

Submit the cracked hashes to the Competition Portal API

    "Team": "bashNinja",
    "Password": "saintcon",

Note: Abusing this API is a waste of time, so don't bother.



Crack the HASHES that are posted.

Submit the cracked hashes to the Competition Portal API


Each hash will be valued according to difficulty. The values range between 1 and 10.


If you need help submitting a password, you can tweet @SAINTCONPcrack or ask for assistance on the #password_cracking channel in Slack. Slack is also a great place to work collaboratively on the passwords.

Hints may be given for some passwords during the course of the game. Hints will be announced via the Twitter Feed.