Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: passwords and rainbow tables

  1. #1
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default passwords and rainbow tables

    Hello,

    I have read the posting in the forums on passwords and rainbow tables and have 9 questions.

    Passwords
    On my XP Pro SP2 machine I created a user test with a password of TestTest. I ran passwd7.exe and dumped the SAM to a text file and used john the ripper on it (john /mnt/hda1/pass.txt). The password returned was TESTTEST.
    1) Why didn't john return TestTest?
    2) Is there a Linux utility that can read the SAM directly? I dual boot XP and Linux. It would be nice if I didn't have to boot windows just to dump the SAM.

    I have seen a lot of different information on rainbow tables. Some information conflicts one another.

    LM hashes
    As I understand LM hashes the maximum password length is 14 characters
    (2 7 character strings in reality). Uses DES encryption. Converts passwords to uppercase. A rainbow table using
    ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/
    no space as the character set is 64GB in size
    (ethicalhacker.net/content/view/94/24/). I have seen other LM tables that are 120GB in size
    (blogs.technet.com/robert_hensing/archive/2007/01/16/hak5-produces-120gb-lm-hash-rainbow-table-complete-charset.aspx)
    3) So which is right? As far as I can tell they both the use the same
    character set.
    4) Why isn't the space included hash generation?
    5) I have seen postings that say when using winrtgen or rtgen only generate hashs using uppercase characters + whatever symbols you want and 7 character maximum password. Is this right?

    NTLM and NTLMv2
    Uses the LM and MD4 hash to generate the hash. Rainbow tables can be generated for NTLMv1 and NOT for NTLMv2.
    6) Is the above true?

    Active Directory
    8) Is it possible to create a rainbow table for AD?

    WEP
    Rainbow table not needed

    WPA-PSK
    The WPA hash is generated using the SSID so you need to know the SSID to salt the dictionary so generating a table with every possible SSID is not pratical. You could generate a table with the default SSIDs. The Church Of Wifi seems to be the authority on this.

    WPAv2
    Rainbow tables cannot be generated for this.
    9) Correct?

    I would like to generate my own rainbow tables or download them if possible, but I not sure which ones I need and/or find useful.

    Thanks,

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by bofh28 View Post

    WPAv2
    Rainbow tables cannot be generated for this.
    9) Correct?
    Incorrect. The Church of WiFi tables are perfectly useful for both WPA1 and WPA2.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Member
    Join Date
    Mar 2010
    Posts
    87

    Default

    I saw a torrent for the full 120gb tables. can I use this to crack wpa? it is in the .rt extension.

    if I have the space and the time is it worth downloading?

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I have not yet seen 120 gig tables. I've heard they exist though. I have the 40 gig tables and yes they are worth it if you are in need off that sort of thing.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    1

    Talking LM Vs NTLM

    The reason why John Returned TESTTEST is exactly that....... windows stores two types of hashes by default this would be the LM hash and The NTLM hash. The weakest is the LM hash and john knows this. Therefore LM hashes are chopped up into 2 7 byte passwords making them weeker and converting them to upper case....Hence the TESTTEST and not the TestTest. Try cracking the NTLM hash and see what you get? On my machine I got the same results until cracking the NTLM hash then got the correct password. I hope this helps

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by intertan View Post
    I saw a torrent for the full 120gb tables. can I use this to crack wpa? it is in the .rt extension.

    if I have the space and the time is it worth downloading?
    Quote Originally Posted by pureh@te View Post
    I have not yet seen 120 gig tables. I've heard they exist though. I have the 40 gig tables and yes they are worth it if you are in need off that sort of thing.
    I am not aware of any 120GB tables. That's not to say they don't exist, but I would be surprised if I were not aware of them. If they have been made, it's not a CoWF-centered thing.

    The 7GB and later 40GB tables were meant to be proof of concept that rainbow tables for WPA/WPA2 could be done. There was a general consensus that larger tables were not really necessary for proof of concept.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Member
    Join Date
    Mar 2010
    Posts
    87

    Default

    I think I found the site but it seems to be down. once it is back up and I confirm that the tables are what I though they were I will edit this post with the web link.

    edit http://www.freewebs.com/rainbowtables/downloads.htm

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    http://rtables.blogspot.com/2006/12/...1-7-120gb.html


    Is this what your talking about because these a LM tables not for wpa

  9. #9
    Member
    Join Date
    Mar 2010
    Posts
    87

    Default

    ya but the link I gave I think is version 2. no wpa guess that is a good and bad thing.

    I have been doing some reading but those tables are they only good for xp passwords?

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by intertan View Post
    ya but the link I gave I think is version 2. no wpa guess that is a good and bad thing.

    I have been doing some reading but those tables are they only good for xp passwords?
    Yes. LM tables have nothing to do with WPA/WPA2 other than being the inspiration for the WPA tables.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •