passwords and rainbow tables

[bofh28]

Hello,

I have read the posting in the forums on passwords and rainbow tables and have 9 questions.

Passwords
On my XP Pro SP2 machine I created a user test with a password of TestTest. I ran passwd7.exe and dumped the SAM to a text file and used john the ripper on it (john /mnt/hda1/pass.txt). The password returned was TESTTEST.
1) Why didn't john return TestTest?
2) Is there a Linux utility that can read the SAM directly? I dual boot XP and Linux. It would be nice if I didn't have to boot windows just to dump the SAM.

I have seen a lot of different information on rainbow tables. Some information conflicts one another.

LM hashes
As I understand LM hashes the maximum password length is 14 characters
(2 7 character strings in reality). Uses DES encryption. Converts passwords to uppercase. A rainbow table using
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/
no space as the character set is 64GB in size
(ethicalhacker.net/content/view/94/24/). I have seen other LM tables that are 120GB in size
(blogs.technet.com/robert_hensing/archive/2007/01/16/hak5-produces-120gb-lm-hash-rainbow-table-complete-charset.aspx)
3) So which is right? As far as I can tell they both the use the same
character set.
4) Why isn't the space included hash generation?
5) I have seen postings that say when using winrtgen or rtgen only generate hashs using uppercase characters + whatever symbols you want and 7 character maximum password. Is this right?

NTLM and NTLMv2
Uses the LM and MD4 hash to generate the hash. Rainbow tables can be generated for NTLMv1 and NOT for NTLMv2.
6) Is the above true?

Active Directory
8) Is it possible to create a rainbow table for AD?

WEP
Rainbow table not needed

WPA-PSK
The WPA hash is generated using the SSID so you need to know the SSID to salt the dictionary so generating a table with every possible SSID is not pratical. You could generate a table with the default SSIDs. The Church Of Wifi seems to be the authority on this.

WPAv2
Rainbow tables cannot be generated for this.
9) Correct?

I would like to generate my own rainbow tables or download them if possible, but I not sure which ones I need and/or find useful.

Thanks,

[theprez98]

WPAv2
Rainbow tables cannot be generated for this.
9) Correct?

Incorrect. The Church of WiFi tables are perfectly useful for both WPA1 and WPA2.

[intertan]

I saw a torrent for the full 120gb tables. can I use this to crack wpa? it is in the .rt extension.

if I have the space and the time is it worth downloading?

[purehate]

I have not yet seen 120 gig tables. I've heard they exist though. I have the 40 gig tables and yes they are worth it if you are in need off that sort of thing.

[TKYGD]

The reason why John Returned TESTTEST is exactly that....... windows stores two types of hashes by default this would be the LM hash and The NTLM hash. The weakest is the LM hash and john knows this. Therefore LM hashes are chopped up into 2 7 byte passwords making them weeker and converting them to upper case....Hence the TESTTEST and not the TestTest. Try cracking the NTLM hash and see what you get? On my machine I got the same results until cracking the NTLM hash then got the correct password. I hope this helps

[theprez98]

I saw a torrent for the full 120gb tables. can I use this to crack wpa? it is in the .rt extension.

if I have the space and the time is it worth downloading?

I have not yet seen 120 gig tables. I've heard they exist though. I have the 40 gig tables and yes they are worth it if you are in need off that sort of thing.

I am not aware of any 120GB tables. That's not to say they don't exist, but I would be surprised if I were not aware of them. If they have been made, it's not a CoWF-centered thing.

The 7GB and later 40GB tables were meant to be proof of concept that rainbow tables for WPA/WPA2 could be done. There was a general consensus that larger tables were not really necessary for proof of concept.

[intertan]

I think I found the site but it seems to be down. once it is back up and I confirm that the tables are what I though they were I will edit this post with the web link.

edit http://www.freewebs.com/rainbowtables/downloads.htm

[purehate]

http://rtables.blogspot.com/2006/12/...1-7-120gb.html


Is this what your talking about because these a LM tables not for wpa

[intertan]

ya but the link I gave I think is version 2. no wpa guess that is a good and bad thing.

I have been doing some reading but those tables are they only good for xp passwords?

[theprez98]

ya but the link I gave I think is version 2. no wpa guess that is a good and bad thing.

I have been doing some reading but those tables are they only good for xp passwords?

Yes. LM tables have nothing to do with WPA/WPA2 other than being the inspiration for the WPA tables.