TheTAZZone - Internet Chaos

Tutorial- Rainbow Tables

ORIGINALLY POSTED BY JAYMILL230 FOR THETAZZONE/TAZFORUM HERE

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network

Rainbow Tables are precalculated tables that include millions of hashes, based on what your configuration is. The technical name for this process is “Time-Memory trade off technique” developed by Philippe Oechslin. What I will aim to do in this tutorial is guide you through generating your own tables (if you want to), using these tables in two different programs, and how to take advantage of these tables without having to take the time to generate them yourself.

Where to get the Program

To get the program, direct your browser to

http://www.antsight.com/zsl/rainbowcrack/

, The Project Rainbow crack website. Here you will see a quick table of downloads. If you are on windows you are going to download the zipped binary file (you probably don’t need the source, unless your a developer). Extract it to your c drive (c:\). You now have the program and are ready to go to the next step.

Generating Rainbow Tables

You have a couple of different preset options while generating your rainbow tables. the first preset (we’ll call this #0) is the smallest, and does not include alpha-numeric passwords. However, if the password is only letters, you have a 99.9% success rate in under a minute. This preset takes up 610mb of space. The second preset (#1) is probably you best bet if you are generating your own home table. This table is alpha-numeric, but it does not include any speacial characters (+,-,=,/,_ etc.). This setup takes approximately 3gb, but only has to sit on your hard drive long enough for you to burn it to a good dvd-r. This can also crack an LM hash in under a minute. Configuration 5 includes many special characters, and takes up 24 gb. Finally configuration 6 includes all special characters and takes up 64 gb. Both have success rates over 99%. I am only going to cover how to create the first 2 types in this tutorial, but if you want to generate the latter two, just drop me a message here or in a PM and I’ll set it up for you.

Creating Configuration #0
1) Open up your command line by going to start–>run, and enter cmd into box.
2) navigate to the directory where rainbowcrack is located. For this version(if you unzipped it onto your c drive) enter this into the command line;

Code: Select all
c:\>cd c:\rainbowcrack-1.2a-win

3) now that you are in the right directory we are ready to begin generating hashes for the rainbow tables. you will need to enter each one of these in turn, waiting for the previous to finish calculating.

a) rtgen lm alpha 1 7 0 2100 8000000 all
b) rtgen lm alpha 1 7 0 2100 8000000 all
c) rtgen lm alpha 1 7 0 2100 8000000 all
d )rtgen lm alpha 1 7 0 2100 8000000 all
e) rtgen lm alpha 1 7 0 2100 8000000 all

This table should finish calculating in under a day, with a fairly modern processor.

Calculating Configuration #1
*Follow steps 1 and 2 from above*
3) Enter these lines into the command line, waiting for each to finish;

a) rtgen lm alpha-numeric 1 7 0 2400 40000000 all
b) rtgen lm alpha-numeric 1 7 1 2400 40000000 all
c) rtgen lm alpha-numeric 1 7 2 2400 40000000 all
d) rtgen lm alpha-numeric 1 7 3 2400 40000000 all
e) rtgen lm alpha-numeric 1 7 4 2400 40000000 all

This table will take roughly 5 days to finish, or at least it did for me, trying to make sure that I didn’t waste time in between commands.

Sorting our Tables
Once these commands have finished, you should have 5 new files in your rainbowcrack directory that look like this (config #0);

128,000,000 bytes lm_alpha#1-7_0_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_1_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_2_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_3_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_4_2100x8000000_all.rt

Rainbowcrack and Cain&Abel only accept sorted rainbow tables so we need to execute the following commands;

rtsort lm_alpha#1-7_0_2100x8000000_all.rt
rtsort lm_alpha#1-7_1_2100x8000000_all.rt
rtsort lm_alpha#1-7_2_2100x8000000_all.rt
rtsort lm_alpha#1-7_3_2100x8000000_all.rt
rtsort lm_alpha#1-7_4_2100x8000000_all.rt

(obviously change these values depending on your configuration.)

Cracking with RainbowCrack

To crack with the rainbow crack program first use this command;

Code: Select all
c:\>rcrack c:\rainbowcrack\*.rt -l random_lm_alpha#1-7.hash**note, replace “c:\rainbowcrack\” with where you placed your sorted rainbow tables**

This command generated 10 random hashes, and checks out the functionality of rcrack, this is just to make sure everything is working. Now for the actual cracking of the passwords. Use a program similair to pwdump (there are several versions available to use) to pull the hashes off your computer and place them into a .txt file. Then use this command in rainbow crack;

Code: Select all
rcrack c:\rainbowcrack\*.rt -f pwfile.txt

again, change c:\rainbow crack to wherever your rainbow tables are, and place your password file into the same directory. Also, change the name of the .txt to what you named it. Rainbow crack should now go through and find the plain text of each one of the hashes on your system.

Cracking with Cain & Abel
If your tired of looking at your command line lets try a GUI version. You can download Cain and Abel from

www.oxid.it

. Once you have the program installed, open it up. First go to the ‘Cracker Tab’ and make sure you are on LM and NTLM Hashes in the left toolbar. Click the “+” sign on the top, right above the network tab. This will bring up some options for you, but they are all pretty self explanatory. Once you have the hashes displayed in Cain and Abel, pick the one that you would like to crack first. Right click on that hash and navigate to cryptanalysis–>LM hashes–> via Rainbow Tables (RainbowCrack). This will bring up a new screen. Add your sorted tables to the list and select start. Cain and Abel will display the result once it has finished.

Don’t feel like making these tables yourself?
Guess what? You don’t have to! There are several different sites that will do this for you, all you need to do is send them the file.

first is me: I will gladly crack any files for you, PM them to me here, or head on over to my website

http://afterlife.f2o.org

, and PM them to me there, or soon, use the auto-submission form.

number two is RainbowCrack Online- You can find them at

http://www.rainbowcrack-online.com/

 

number three is:

http://www.milw0rm.com/cracker/


-hasn’t been online for awhile, not sure, but the md5 cracker is up.

There are a few others online, just google around for them.

A couple of side notes
You can also create rainbow tables of the same size, with nearly the same commands for md5 hashes and sha1 hashes. All you have to do it change lm to md5 or sha1 while creating and sorting these tables. You can send me md5 and sha1 hashes, but I won’t get to those until much later, so don’t expect them back anytime soon.

You can download password dump 6 from my website as well, http:/afterlife.f2o.org in the downloads section, it will be under ‘other programs’.

I hope that this helps you out if you were thinking about using Rainbow Tables, or you were just wondering what they were. If you have any questions about using any of the programs in this tutorial, feel free to post questions in this thread.

6 Responses to Tutorial- Rainbow Tables

  1. Hijackkiller January 10, 2011 at 12:37 pm

    This tutorial was great. I just want to say this to everyone who tries to use this. If you create a table and it does not crack a password, do not think you failed. Remember how many different table types there are. You literally have to make one sorted table of each type. If Alpha does not work try alpha-numeric, if that doesn’t work try md5 or wpa-psk….etc. It will be a long process, but believe me when i say the payout is huge.

  2. admin February 18, 2010 at 7:19 am

    Hi Gayo, the best thing would be to ask that question in our forum where you might get the help you need.

  3. John Vanisherkul February 16, 2010 at 8:46 am

    Just thought i’d mention that Astalavista has a free password cracking system here:
    http://www.astalavista.com/index.php?app=onlinetools&module=rainbowtables

  4. Gayo February 14, 2010 at 5:29 am

    Can anyone crack this hash for me please. Tried the online ones but all those come up with “Not Found”. Is it because the pass word might have any special characters?

    This is a NT hash 529983819b08d89020039becc926b841
    Thanx in advance
    Gayo

  5. admin August 3, 2009 at 10:29 am

    Thanks for your input…

    Not sure if you’re right or not Dave…best thing to do is post in our forum where the tut was originally made and ask the author himself.

    Eg

  6. dave July 28, 2009 at 7:25 am

    Hi, i think u r putting the code wrong..

    3) now that you are in the right directory we are ready to begin generating hashes for the rainbow tables. you will need to enter each one of these in turn, waiting for the previous to finish calculating.

    a) rtgen lm alpha 1 7 0 2100 8000000 all
    b) rtgen lm alpha 1 7 0 2100 8000000 all
    c) rtgen lm alpha 1 7 0 2100 8000000 all
    d )rtgen lm alpha 1 7 0 2100 8000000 all
    e) rtgen lm alpha 1 7 0 2100 8000000 all

    isn’t it suppose to look like this?

    3) now that you are in the right directory we are ready to begin generating hashes for the rainbow tables. you will need to enter each one of these in turn, waiting for the previous to finish calculating.

    a) rtgen lm alpha 1 7 0 2100 8000000 all
    b) rtgen lm alpha 1 7 1 2100 8000000 all
    c) rtgen lm alpha 1 7 2 2100 8000000 all
    d )rtgen lm alpha 1 7 3 2100 8000000 all
    e) rtgen lm alpha 1 7 4 2100 8000000 all

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertise

If you'd like to advertise on The Mutt ( aka TheTAZZone.com ) feel free to contact us at: administration[at]thetazzone.com

TheTAZZone is a non-commercial entity. We do not sell any products or services ourselves. Our revenue comes from advertising and donations only.

We appreciate your support! Your advertising revenue ( or donations ) helps us to continue to upgrade, improve, and offset the costs of maintaining this site.

Donations can be made through the page ' Donate '.