Ok, so I've got some free time and I'm sitting here with not a lot to do. I had downloaded Rainbowcrack several weeks ago, but was not really sure how to use it. Well, I finally got around to reading the tutorial and I at least understand how to generate rainbow tables. This brings me to a question. Which configuration is the most practical. I know configuration #6 would be the most useful, but that would take a couple years to compute (and I'm not willing to leave my computer on as it heats up my room; also don't have that much patience). Also how long would it take to compute a #5 configuration.
One thing I'm still not too clear on is what KIND of passwords it can crack. I've been told that it can't crack passwords with salt. If I think of any more questions that I can't find in my research I'll be sure to post here.
RainbowCrack
RainbowCrack
Last edited by Stavros on 09 Aug 2008, 13:38, edited 1 time in total.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, most useful are imo tables for md5 hashes, alphanumeric with a max. length of 10 would provide a good balance between benefits and needed time for generating.
lm hashes are imo not really interesting, because when you have access to retrieve the lm hash you can most likely also simply boot a Linux live distro.
lm hashes are imo not really interesting, because when you have access to retrieve the lm hash you can most likely also simply boot a Linux live distro.
Download the LANMAN hashes (alphanumeric, 32 special characters, plus space). About 60GB -- it'll take you a week or so on a good torrent, but well worthwhile.
Being able to crack LANMAN means that you can retrieve the password off of the vast majority of Windows systems out there. Have physical access to the machine? Grab the SAM and SYSTEM files after booting into an alternate OS. No physical access (command-line only)? Grab the SAM and SYSTEM files from %systemroot%\repair or run a utility like pwdump to get the password hashes.
I've only seen a VERY small handful of systems with LANMAN disabled. Only slightly more frequently have I seen passwords of more than 14 characters (which causes the LANMAN hash to be skipped). More often than not (by far), the LANMAN hash is available for all user accounts on the system.
In a corporate environment, this frequently includes a "default" Administrator login that is set onto all machines in the company (for the IT staff). This means you get the keys to the kingdom.
Being able to crack LANMAN means that you can retrieve the password off of the vast majority of Windows systems out there. Have physical access to the machine? Grab the SAM and SYSTEM files after booting into an alternate OS. No physical access (command-line only)? Grab the SAM and SYSTEM files from %systemroot%\repair or run a utility like pwdump to get the password hashes.
I've only seen a VERY small handful of systems with LANMAN disabled. Only slightly more frequently have I seen passwords of more than 14 characters (which causes the LANMAN hash to be skipped). More often than not (by far), the LANMAN hash is available for all user accounts on the system.
In a corporate environment, this frequently includes a "default" Administrator login that is set onto all machines in the company (for the IT staff). This means you get the keys to the kingdom.
C|EH, ECSA, C|EI
Halock Security Labs
http://www.halock.com
Halock Security Labs
http://www.halock.com
I was wondering if anyone had a download for lm hashes. I see a couple. I have no idea why any of them are greater than 64 GB. I see one torrent that has 120GB worth of lm hashes which is rediculous since a 64GB hash (Configuration 6) would work just fine.
Anyway, classes start today so I'm going to have to put this on hold. I'm generating md5 hashes right now.
Anyway, classes start today so I'm going to have to put this on hold. I'm generating md5 hashes right now.
From the Shmoo Group:Stavros wrote:I was wondering if anyone had a download for lm hashes. I see a couple. I have no idea why any of them are greater than 64 GB. I see one torrent that has 120GB worth of lm hashes which is rediculous since a 64GB hash (Configuration 6) would work just fine.
Anyway, classes start today so I'm going to have to put this on hold. I'm generating md5 hashes right now.
http://205.127.87.136:6969/torrents/alp ... 50E0BFA933
C|EH, ECSA, C|EI
Halock Security Labs
http://www.halock.com
Halock Security Labs
http://www.halock.com
rain bow tables
well im making the
md5_mixalpha-numeric-all-space#4-13_1_24000x67108864.rt
& i need half year to Finish it
Does anyone have something similar?
md5_mixalpha-numeric-all-space#4-13_1_24000x67108864.rt
& i need half year to Finish it
Does anyone have something similar?
If you're looking to crack windows password hashes, md5 won't do you any good.
For windows, download the LANMAN password hashes. Due to fundamental weaknesses in LANMAN, you can get all alphanumeric, 32 special characters and space for the _entire_ possibility set of LANMAN (which supports up to 14 character passwords) for about 60GB.
For windows, download the LANMAN password hashes. Due to fundamental weaknesses in LANMAN, you can get all alphanumeric, 32 special characters and space for the _entire_ possibility set of LANMAN (which supports up to 14 character passwords) for about 60GB.
C|EH, ECSA, C|EI
Halock Security Labs
http://www.halock.com
Halock Security Labs
http://www.halock.com
rong section i know sry
anyway...
im looking for goods md5's
im looking for goods md5's
Since MD5 doesn't have the inherent weaknesses of LANMAN (in particular, the splitting of the password into 2 7 character sections before hashing), you're going to be limited by length. The rt set that you were after is going to be your best tradeoff of size versus password complexity (it was what....about 50GB?).
Cracking MD5, SHA, 3DES, NTLM, etc. is going to generally be going for the low-hanging fruit -- weak passwords that are short and/or based off of dictionary words. Given that, you can normally get away with a more standard dictionary attack on the password hash....just about the same effectiveness as rainbow tables.
Cracking MD5, SHA, 3DES, NTLM, etc. is going to generally be going for the low-hanging fruit -- weak passwords that are short and/or based off of dictionary words. Given that, you can normally get away with a more standard dictionary attack on the password hash....just about the same effectiveness as rainbow tables.
C|EH, ECSA, C|EI
Halock Security Labs
http://www.halock.com
Halock Security Labs
http://www.halock.com