What are Rainbow Tables?
• Passwords stored in computers are changed from
their plain text form to an encrypted value.
• These values are called hashes, and there is a unique
plain text value for every hash.
A rainbow table is a lookup table offering a timememory tradeoff used in recovering the plaintext
password from a password hash generated by a
hash function
Approach invented by Martin Hellman
What Are Rainbow Tables?
• The concept behind rainbow tables is simple
• Make one-way hash functions two way by making a list of outputs for
all possible inputs up to a character limit
• Rainbow Tables are built once, and used many times
• Fast
• Password lookups become a table search problem
• The brute force work is pre-computed
• Perfect for cracking weak hashes
• Windows LM hashes of 14 characters or less can be cracked with trivial effort
• Any non salting password hash can be cracked easily
Rainbow table Cracking
Download one of the latest version and then extract it(we use windows version)–
http://project-rainbowcrack.com
• It includes three tools:
• rtgen program to generate rainbow tables.
• rtsort program to sort rainbow tables generated by rtgen.
• rcrack program to lookup rainbow tables sorted by rtsort.
• It also has a .txt file with name "charset.txt“ and it
contains all the available set of chars used to generate
the tables.
Generate a Rainbow Table
Default Syntax of the command:
rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len
chain_num part_index
Command:
$rtgen md5 loweralpha-numeric 1 5 0 10000 9682 0
Description: Continue those commands to generate more tables$rtgen md5 loweralpha-numeric 1 5 1 10000 9682 0
• hash_algorithm can be: LM, NTLM, MD5
$rtgen md5 loweralpha-numeric 1 5 2 10000 9682 0
• charset $rtgen
can be:
alpha-numeric,
loweralpha-numeric,
md5
loweralpha-numeric
1 5 3 10000 9682 0 etc.
$rtgen md5 loweralpha-numeric
1 5 4 10000
0 code.
• plaintext_len_min
describes the minimum
length9682
of hash
• plaintext_len_max describes the maximum length of hash code.
• table_index describes the order of the tables.
• chain_len describes the length of each "rainbow chain".
• chain_num describes the number of rainbow chains in the
rainbow table.
• part_index determines how the "start point" in each rainbow chain
is generated
Sort Rainbow Tables
• rtsort program is used to sort the "end point" of all rainbow
chains in a rainbow table to make table lookup easier.
The syntax of the command line is:
$rtsort md5_ loweralpha-numeric#1-5_0_10000x9682_0.rt
$rtsort md5_ loweralpha-numeric#1-5_1_10000x9682_0.rt
$rtsort md5_ loweralpha-numeric#1-5_2_10000x9682_0.rt
$rtsort md5_ loweralpha-numeric#1-5_3_10000x9682_0.rt
$rtsort md5_ loweralpha-numeric#1-5_4_10000x9682_0.rt
Crack Hashes
• Use rcrack tool to lookup the rainbow tables for the suitable - required Hash code.
• The default syntax of the command is:
crack /the/directory/of/*.rt -option hash_code
Here option can be:
-h: use_hash_directly_here
-f : pwdump_file
-l : hash_list_file
Command:
$rcrack *.rt -h D9DA8170E8BC9F27B2D32A6C9A6C697D
The plain text password of the given hash with reasonable time and memory will be shown
Edit Charset.txt List
• We can also change the character set from the character.txt file$set_cahr_name =[my,chars,-,symbols]
For more details:
http://www.liatsisfotis.com/2013/01/crack-hashes-using-rainbowtables.html
Password Manager(LastPass)
LastPass
• LastPass is easy, secure password and data management.
• Passwords in LastPass are protected by a master password, encrypted
locally, and synchronized to any other browser.
• All sensitive data is encrypted and decrypted locally before syncing
with LastPass. Your key never leaves your device, and is never shared
with LastPass. Your data stays accessible only to you.
LastPass
• https://www.youtube.com/watch?v=RM0fzHxMASQ
LastPass
• All sensitive data is encrypted locally
• Government-level encryption.
• Only you know the key to decrypt your data
• You control your security settings
• You can generate unique, strong passwords