RAINBOW
TABLES
Rainbow Tables are precalculated tables that include millions of
hashes, based on what your configuration is. The technical name for
this process is "Time-Memory trade off technique" developed by Philippe
Oechslin. What I will aim to do in this tutorial is guide you through
generating your own tables (if you want to), using these tables in two
different programs, and how to take advantage of these tables without
having to take the time to generate them yourself.
Where to get the Program
To get the program, direct your browser to
http://www.antsight.com/zsl/rainbowcrack/ , The Project Rainbow crack
website. Here you will see a quick table of downloads. If you are on
windows you are going to download the zipped binary file (you probably
don't need the source, unless your a developer). Extract it to your c
drive (c:\). You now have the program and are ready to go to the next
step.
Generating Rainbow Tables
You have a couple of different preset options while generating your
rainbow tables. the first preset (we'll call this #0) is the smallest,
and does not include alpha-numeric passwords. However, if the password
is only letters, you have a 99.9% success rate in under a minute. This
preset takes up 610mb of space. The second preset (#1) is probably you
best bet if you are generating your own home table. This table is
alpha-numeric, but it does not include any speacial characters
(+,-,=,/,_ etc.). This setup takes approximately 3gb, but only has to
sit on your hard drive long enough for you to burn it to a good dvd-r.
This can also crack an LM hash in under a minute. Configuration 5
includes many special characters, and takes up 24 gb. Finally
configuration 6 includes all special characters and takes up 64 gb.
Both have success rates over 99%. I am only going to cover how to
create the first 2 types in this tutorial, but if you want to generate
the latter two, just drop me a message here or in a PM and I'll set it
up for you.
Creating Configuration #0
1) Open up your command line by going to start-->run, and enter cmd
into box.
2) navigate to the directory where rainbowcrack is located. For this
version(if you unzipped it onto your c drive) enter this into the
command line;
Code:
c:\>cd c:\rainbowcrack-1.2a-win
3) now that you are in the right directory we are ready to begin
generating hashes for the rainbow tables. you will need to enter each
one of these in turn, waiting for the previous to finish calculating.
a) rtgen lm alpha 1 7 0 2100 8000000 all
b) rtgen lm alpha 1 7 0 2100 8000000 all
c) rtgen lm alpha 1 7 0 2100 8000000 all
d )rtgen lm alpha 1 7 0 2100 8000000 all
e) rtgen lm alpha 1 7 0 2100 8000000 all
This table should finish calculating in under a day, with a fairly
modern processor.
Calculating Configuration #1
*Follow steps 1 and 2 from above*
3) Enter these lines into the command line, waiting for each to finish;
a) rtgen lm alpha-numeric 1 7 0 2400 40000000 all
b) rtgen lm alpha-numeric 1 7 1 2400 40000000 all
c) rtgen lm alpha-numeric 1 7 2 2400 40000000 all
d) rtgen lm alpha-numeric 1 7 3 2400 40000000 all
e) rtgen lm alpha-numeric 1 7 4 2400 40000000 all
This table will take roughly 5 days to finish, or at least it did for
me, trying to make sure that I didn't waste time in between commands.
Sorting our Tables
Once these commands have finished, you should have 5 new files in your
rainbowcrack directory that look like this (config #0);
128,000,000 bytes lm_alpha#1-7_0_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_1_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_2_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_3_2100x8000000_all.rt
128,000,000 bytes lm_alpha#1-7_4_2100x8000000_all.rt
Rainbowcrack and Cain&Abel only accept sorted rainbow tables so we
need to execute the following commands;
rtsort lm_alpha#1-7_0_2100x8000000_all.rt
rtsort lm_alpha#1-7_1_2100x8000000_all.rt
rtsort lm_alpha#1-7_2_2100x8000000_all.rt
rtsort lm_alpha#1-7_3_2100x8000000_all.rt
rtsort lm_alpha#1-7_4_2100x8000000_all.rt
(obviously change these values depending on your configuration.)
Cracking with RainbowCrack
To crack with the rainbow crack program first use this command;
Code:
c:\>rcrack c:\rainbowcrack\*.rt -l random_lm_alpha#1-7.hash
**note, replace "c:\rainbowcrack\" with where you placed your sorted
rainbow tables**
This command generated 10 random hashes, and checks out the
functionality of rcrack, this is just to make sure everything is
working. Now for the actual cracking of the passwords. Use a program
similair to pwdump (there are several versions available to use) to
pull the hashes off your computer and place them into a .txt file. Then
use this command in rainbow crack;
Code:
rcrack c:\rainbowcrack\*.rt -f pwfile.txt
again, change c:\rainbow crack to wherever your rainbow tables are, and
place your password file into the same directory. Also, change the name
of the .txt to what you named it. Rainbow crack should now go through
and find the plain text of each one of the hashes on your system.
Cracking with Cain & Abel
If your tired of looking at your command line lets try a GUI version.
You can download Cain and Abel from www.oxid.it . Once you have the
program installed, open it up. First go to the 'Cracker Tab' and make
sure you are on LM and NTLM Hashes in the left toolbar. Click the "+"
sign on the top, right above the network tab. This will bring up some
options for you, but they are all pretty self explanatory. Once you
have the hashes displayed in Cain and Abel, pick the one that you would
like to crack first. Right click on that hash and navigate to
cryptanalysis-->LM hashes--> via Rainbow Tables (RainbowCrack).
This will bring up a new screen. Add your sorted tables to the list and
select start. Cain and Abel will display the result once it has
finished.
Don't feel like making these tables yourself?
Guess what? You don't have to! There are several different sites that
will do this for you, all you need to do is send them the file.
first is me: I will gladly crack any files for you, PM them to me here,
or head on over to my website http://afterlife.f2o.org, and PM them to
me there, or soon, use the auto-submission form.
number two is RainbowCrack Online- You can find them at
http://www.rainbowcrack-online.com/
number three is: http://www.milw0rm.com/cracker/
-hasn't been online for awhile, not sure, but the md5 cracker is up.
There are a few others online, just google around for them.
A couple of side notes
You can also create rainbow tables of the same size, with nearly the
same commands for md5 hashes and sha1 hashes. All you have to do it
change lm to md5 or sha1 while creating and sorting these tables. You
can send me md5 and sha1 hashes, but I won't get to those until much
later, so don't expect them back anytime soon.
You can download password dump 6 from my website as well,
http:/afterlife.f2o.org in the downloads section, it will be under
'other programs'.
I hope that this helps you out if you were thinking about using Rainbow
Tables, or you were just wondering what they were. If you have any
questions about using any of the programs in this tutorial, feel free
to post questions in this thread.
Original Tutorial
by jaymill230 for TheTAZZone-TAZForum
Originally posted on January 14th, 2007 here
Do not use, republish, in whole or in part, without the consent of
the Author. TheTAZZone policy is that Authors retain the rights to the
work they submit and/or post...we do not sell, publish, transmit, or
have the right to give permission for such...TheTAZZone merely retains
the right to use, retain, and publish submitted work within it's
Network.