What are Rainbow Tables? • Passwords stored in computers are changed from their plain text form to an encrypted value. • These values are called hashes, and there is a unique plain text value for every hash. A rainbow table is a lookup table offering a timememory tradeoff used in recovering the plaintext password from a password hash generated by a hash function Approach invented by Martin Hellman What Are Rainbow Tables? • The concept behind rainbow tables is simple • Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit • Rainbow Tables are built once, and used many times • Fast • Password lookups become a table search problem • The brute force work is pre-computed • Perfect for cracking weak hashes • Windows LM hashes of 14 characters or less can be cracked with trivial effort • Any non salting password hash can be cracked easily Rainbow table Cracking Download one of the latest version and then extract it(we use windows version)– http://project-rainbowcrack.com • It includes three tools: • rtgen program to generate rainbow tables. • rtsort program to sort rainbow tables generated by rtgen. • rcrack program to lookup rainbow tables sorted by rtsort. • It also has a .txt file with name "charset.txt“ and it contains all the available set of chars used to generate the tables. Generate a Rainbow Table Default Syntax of the command: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index Command: $rtgen md5 loweralpha-numeric 1 5 0 10000 9682 0 Description: Continue those commands to generate more tables$rtgen md5 loweralpha-numeric 1 5 1 10000 9682 0 • hash_algorithm can be: LM, NTLM, MD5 $rtgen md5 loweralpha-numeric 1 5 2 10000 9682 0 • charset $rtgen can be: alpha-numeric, loweralpha-numeric, md5 loweralpha-numeric 1 5 3 10000 9682 0 etc. $rtgen md5 loweralpha-numeric 1 5 4 10000 0 code. • plaintext_len_min describes the minimum length9682 of hash • plaintext_len_max describes the maximum length of hash code. • table_index describes the order of the tables. • chain_len describes the length of each "rainbow chain". • chain_num describes the number of rainbow chains in the rainbow table. • part_index determines how the "start point" in each rainbow chain is generated Sort Rainbow Tables • rtsort program is used to sort the "end point" of all rainbow chains in a rainbow table to make table lookup easier. The syntax of the command line is: $rtsort md5_ loweralpha-numeric#1-5_0_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_1_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_2_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_3_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_4_10000x9682_0.rt Crack Hashes • Use rcrack tool to lookup the rainbow tables for the suitable - required Hash code. • The default syntax of the command is: crack /the/directory/of/*.rt -option hash_code Here option can be: -h: use_hash_directly_here -f : pwdump_file -l : hash_list_file Command: $rcrack *.rt -h D9DA8170E8BC9F27B2D32A6C9A6C697D The plain text password of the given hash with reasonable time and memory will be shown Edit Charset.txt List • We can also change the character set from the character.txt file$set_cahr_name =[my,chars,-,symbols] For more details: http://www.liatsisfotis.com/2013/01/crack-hashes-using-rainbowtables.html Password Manager(LastPass) LastPass • LastPass is easy, secure password and data management. • Passwords in LastPass are protected by a master password, encrypted locally, and synchronized to any other browser. • All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. LastPass • https://www.youtube.com/watch?v=RM0fzHxMASQ LastPass • All sensitive data is encrypted locally • Government-level encryption. • Only you know the key to decrypt your data • You control your security settings • You can generate unique, strong passwords