Tutorial- Rainbow Tables
ORIGINALLY POSTED BY JAYMILL230 FOR THETAZZONE/TAZFORUM HERE
Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network
Rainbow Tables are precalculated tables that include millions of hashes, based on what your configuration is. The technical name for this process is “Time-Memory trade off technique” developed by Philippe Oechslin. What I will aim to do in this tutorial is guide you through generating your own tables (if you want to), using these tables in two different programs, and how to take advantage of these tables without having to take the time to generate them yourself.
Where to get the Program
To get the program, direct your browser to
, The Project Rainbow crack website. Here you will see a quick table of downloads. If you are on windows you are going to download the zipped binary file (you probably don’t need the source, unless your a developer). Extract it to your c drive (c:\). You now have the program and are ready to go to the next step.
Generating Rainbow Tables
You have a couple of different preset options while generating your rainbow tables. the first preset (we’ll call this #0) is the smallest, and does not include alpha-numeric passwords. However, if the password is only letters, you have a 99.9% success rate in under a minute. This preset takes up 610mb of space. The second preset (#1) is probably you best bet if you are generating your own home table. This table is alpha-numeric, but it does not include any speacial characters (+,-,=,/,_ etc.). This setup takes approximately 3gb, but only has to sit on your hard drive long enough for you to burn it to a good dvd-r. This can also crack an LM hash in under a minute. Configuration 5 includes many special characters, and takes up 24 gb. Finally configuration 6 includes all special characters and takes up 64 gb. Both have success rates over 99%. I am only going to cover how to create the first 2 types in this tutorial, but if you want to generate the latter two, just drop me a message here or in a PM and I’ll set it up for you.
Creating Configuration #0
1) Open up your command line by going to start–>run, and enter cmd into box.
2) navigate to the directory where rainbowcrack is located. For this version(if you unzipped it onto your c drive) enter this into the command line;
- Code: Select all
3) now that you are in the right directory we are ready to begin generating hashes for the rainbow tables. you will need to enter each one of these in turn, waiting for the previous to finish calculating.
a) rtgen lm alpha 1 7 0 2100 8000000 all
b) rtgen lm alpha 1 7 0 2100 8000000 all
c) rtgen lm alpha 1 7 0 2100 8000000 all
d )rtgen lm alpha 1 7 0 2100 8000000 all
e) rtgen lm alpha 1 7 0 2100 8000000 all
This table should finish calculating in under a day, with a fairly modern processor.
Calculating Configuration #1
*Follow steps 1 and 2 from above*
3) Enter these lines into the command line, waiting for each to finish;
a) rtgen lm alpha-numeric 1 7 0 2400 40000000 all
b) rtgen lm alpha-numeric 1 7 1 2400 40000000 all
c) rtgen lm alpha-numeric 1 7 2 2400 40000000 all
d) rtgen lm alpha-numeric 1 7 3 2400 40000000 all
e) rtgen lm alpha-numeric 1 7 4 2400 40000000 all
This table will take roughly 5 days to finish, or at least it did for me, trying to make sure that I didn’t waste time in between commands.
Sorting our Tables
Once these commands have finished, you should have 5 new files in your rainbowcrack directory that look like this (config #0);
128,000,000 bytes lm_alpha#1-7_0_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_1_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_2_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_3_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_4_2100x8000000_all.rt
Rainbowcrack and Cain&Abel only accept sorted rainbow tables so we need to execute the following commands;
(obviously change these values depending on your configuration.)
Cracking with RainbowCrack
To crack with the rainbow crack program first use this command;
- Code: Select all
**note, replace “c:\rainbowcrack\” with where you placed your sorted rainbow tables**
c:\>rcrack c:\rainbowcrack\*.rt -l random_lm_alpha#1-7.hash
This command generated 10 random hashes, and checks out the functionality of rcrack, this is just to make sure everything is working. Now for the actual cracking of the passwords. Use a program similair to pwdump (there are several versions available to use) to pull the hashes off your computer and place them into a .txt file. Then use this command in rainbow crack;
- Code: Select all
rcrack c:\rainbowcrack\*.rt -f pwfile.txt
again, change c:\rainbow crack to wherever your rainbow tables are, and place your password file into the same directory. Also, change the name of the .txt to what you named it. Rainbow crack should now go through and find the plain text of each one of the hashes on your system.
Cracking with Cain & Abel
If your tired of looking at your command line lets try a GUI version. You can download Cain and Abel from
. Once you have the program installed, open it up. First go to the ‘Cracker Tab’ and make sure you are on LM and NTLM Hashes in the left toolbar. Click the “+” sign on the top, right above the network tab. This will bring up some options for you, but they are all pretty self explanatory. Once you have the hashes displayed in Cain and Abel, pick the one that you would like to crack first. Right click on that hash and navigate to cryptanalysis–>LM hashes–> via Rainbow Tables (RainbowCrack). This will bring up a new screen. Add your sorted tables to the list and select start. Cain and Abel will display the result once it has finished.
Don’t feel like making these tables yourself?
Guess what? You don’t have to! There are several different sites that will do this for you, all you need to do is send them the file.
first is me: I will gladly crack any files for you, PM them to me here, or head on over to my website
, and PM them to me there, or soon, use the auto-submission form.
number two is RainbowCrack Online- You can find them at
number three is:
-hasn’t been online for awhile, not sure, but the md5 cracker is up.
There are a few others online, just google around for them.
A couple of side notes
You can also create rainbow tables of the same size, with nearly the same commands for md5 hashes and sha1 hashes. All you have to do it change lm to md5 or sha1 while creating and sorting these tables. You can send me md5 and sha1 hashes, but I won’t get to those until much later, so don’t expect them back anytime soon.
You can download password dump 6 from my website as well, http:/afterlife.f2o.org in the downloads section, it will be under ‘other programs’.
I hope that this helps you out if you were thinking about using Rainbow Tables, or you were just wondering what they were. If you have any questions about using any of the programs in this tutorial, feel free to post questions in this thread.