I have read the posting in the forums on passwords and rainbow tables and have 9 questions.
On my XP Pro SP2 machine I created a user test with a password of TestTest. I ran passwd7.exe and dumped the SAM to a text file and used john the ripper on it (john /mnt/hda1/pass.txt). The password returned was TESTTEST.
1) Why didn't john return TestTest?
2) Is there a Linux utility that can read the SAM directly? I dual boot XP and Linux. It would be nice if I didn't have to boot windows just to dump the SAM.
I have seen a lot of different information on rainbow tables. Some information conflicts one another.
As I understand LM hashes the maximum password length is 14 characters
(2 7 character strings in reality). Uses DES encryption. Converts passwords to uppercase. A rainbow table using
no space as the character set is 64GB in size
(ethicalhacker.net/content/view/94/24/). I have seen other LM tables that are 120GB in size
3) So which is right? As far as I can tell they both the use the same
4) Why isn't the space included hash generation?
5) I have seen postings that say when using winrtgen or rtgen only generate hashs using uppercase characters + whatever symbols you want and 7 character maximum password. Is this right?
NTLM and NTLMv2
Uses the LM and MD4 hash to generate the hash. Rainbow tables can be generated for NTLMv1 and NOT for NTLMv2.
6) Is the above true?
8) Is it possible to create a rainbow table for AD?
Rainbow table not needed
The WPA hash is generated using the SSID so you need to know the SSID to salt the dictionary so generating a table with every possible SSID is not pratical. You could generate a table with the default SSIDs. The Church Of Wifi seems to be the authority on this.
Rainbow tables cannot be generated for this.
I would like to generate my own rainbow tables or download them if possible, but I not sure which ones I need and/or find useful.
I saw a torrent for the full 120gb tables. can I use this to crack wpa? it is in the .rt extension.
if I have the space and the time is it worth downloading?
I have not yet seen 120 gig tables. I've heard they exist though. I have the 40 gig tables and yes they are worth it if you are in need off that sort of thing.
The reason why John Returned TESTTEST is exactly that....... windows stores two types of hashes by default this would be the LM hash and The NTLM hash. The weakest is the LM hash and john knows this. Therefore LM hashes are chopped up into 2 7 byte passwords making them weeker and converting them to upper case....Hence the TESTTEST and not the TestTest. Try cracking the NTLM hash and see what you get? On my machine I got the same results until cracking the NTLM hash then got the correct password. I hope this helps
The 7GB and later 40GB tables were meant to be proof of concept that rainbow tables for WPA/WPA2 could be done. There was a general consensus that larger tables were not really necessary for proof of concept.
I think I found the site but it seems to be down. once it is back up and I confirm that the tables are what I though they were I will edit this post with the web link.
Is this what your talking about because these a LM tables not for wpa
ya but the link I gave I think is version 2. no wpa guess that is a good and bad thing.
I have been doing some reading but those tables are they only good for xp passwords?