My Rainbow Table Research....

[>Dart>]

Hey folks, I took a break after all that Oracle stuff I was working on Semester. I got a B in the class! WOOT! Now i'm taking a look into Rainbow Tables this semester.

From what iv read on google and in wikis that Rainbow Tables can be used for Fast brute forcing...minus all the technical details.

As of my understanding, there seems to be 3 ways to make and use these tables:

A. http://www.antsight.com/zsl/rainbowcrack/ This software seems to be able to be a command line interface which can make rainbow tables (rtgen.exe), sort them (rtsort.exe) and then use them (rcrack.exe).

B. http://www.freerainbowtables.com/ This software seems to be able to use special "indexed" rainbow tables that use less space and are faster then standard rainbow tables (such as tables made with rtgen) But the problem with this plan is im not sure how to "make" the rainbow tables. They offer the tool RCRACKI which will use them...but they don't offer a tool to make there special "indexed" tables.....

C. http://www.oxid.it/cain.html Cain and Able seems to be able to make and use rainbow tables...but it requires installation...not really sure what is special with this besides the GUI.

Here's the point. I think it would be better to make the "indexed" tables rather then the standard tables due to there speed and space. I have a external 250GB hard drive that someone gave me that im going to store my tables on. My goal is to make a Rainbow table that will be able to crack any LM password this semester. My resources are the 250GB hard drive. I got a job over the summer and have access to 10 IBM 2.3Ghz P4s with 512DDR memory to make the tables. I think rainbowcrack configuration example 6 would do it.

My questions:
1. Does anyone know how to create these indexed tables that RCRACKI can use. Im NOT a fan of spoon feeding...iv looked and sent some e-mails and I just cant figure it out.
2. Is there any certin software package that could make the tables more efficiently and more quickly then others?
3. Each rainbow table has parameters such as: lm_alpha-numeric-symbol32-space#1-7_0_15200x67108864_0.rt. I cant really find a good document that describes what these parameters mean...all I know is that lm=Hash type and alpha-numeric-symbol32-space goes to the line in the charset.txt file that says what character set to use. and .rt is the file extention can anyone explane to me the rest of these parameters or point me to a document that has them?

So far I think this is what im dealing with. Ill keep this post updated with my activity's as they progress. =^.^=. This might make a good class presentation for my intermediate computer servicing course...or my networking course.

P.S: I just got my A+ certification! WOOT!

[bofh28]

In the latest version of the password cracking guide I discuss rcracki (the indexed tables).
A is good but if you use BT3F and need NTLM, MD2, MD4 and RIPEMD160 you will need to recompile. Instructions are in the guide.
B is my preferred option as it saves space, however I can't get rcracki to compile. B is also based on A and thus the names of the software are the same, rcrack, rtgen, rsort, etc.
C I tried it once and did not like the interface, but that is just me.

1. Read the password cracking guide
2. rcracki seems to be the best option
3. http://www.freerainbowtables.com/en/faq/ question 4.1

Congratulations on the B in the Oracle course and the A+ cert.

[abrocky]

ref the freerainbow tables, from what i've read you need to either download them, or buy them on an external harddrive. they do update them it seems.

[>Dart>]

Hey, thanks bofh28.

I got a update. I havent read the password cracking guide yet...but its on my to do list. Turns out I am going to use rcracki. Im going to download the LM tables as a start and play with those a little. My teacher is interested in this project and he wants to know how it works out. The problem is that my download speed is around 100kb a second here on my DSL...I asked him if I could use the schools T1 line to download them...1MB a second. He says go for it!...if anyone asks say its for my net+ class im taking with him.

So im going to download these tables today...or start today in our lab while we work. My external drive needs USB 2.0 due to its power needs...all my computers I have use USB 1.0...looks like Ill buy a USB 2.0 PCI card off ebay next week...or just use the schools computers for cracking. Ill use VMware useing a XP box since the schools computers have Vista and Vista hashes are a whole other story...at the moment!

=^.^=

[Lancerguy]

I would generate the tables with rtgen.exe if I were you. I think it would be more beneficial to your classwork and you would gain a better understanding of the time and process it takes to generate and use the tables. Also, you can distribute the process yourself over the PCs you have available and it would probably take less time than downloading it. As for the filename you were asking about, lm_alpha-numeric-symbol32-space#1-7_0_15200x67108864_0.rt

It simply means it is for LM hash, using all alpha, numeric, symbols, and space character. The numbers after that correspond to some different calculation values I am trying to locate ATM. I'll let you know if I find it. It is my understanding that Cain and Abel don't actually generate rainbow tables, but you can use your existing tables to crack passwords with C&A.

If you generate a table with all characters for LM passwords, it will pretty much definitively crack any LM password you run through it. Take ophcrack Live for example, it has miniature tables on it, and it has cracked every password I've run through the CD.

[bofh28]

I would generate the tables with rtgen.exe if I were you. I think it would be more beneficial to your classwork and you would gain a better understanding of the time and process it takes to generate and use the tables. Also, you can distribute the process yourself over the PCs you have available and it would probably take less time than downloading it. As for the filename you were asking about, lm_alpha-numeric-symbol32-space#1-7_0_15200x67108864_0.rt

It simply means it is for LM hash, using all alpha, numeric, symbols, and space character. The numbers after that correspond to some different calculation values I am trying to locate ATM.

http://www.freerainbowtables.com/en/faq/ question 4.1

I'll let you know if I find it. It is my understanding that Cain and Abel don't actually generate rainbow tables, but you can use your existing tables to crack passwords with C&A.

The last time I checked when you download Cain and Abel you get the latest version of winrtgen too. There is a separate version of winrtgen available on the website but it is not current.

To Dart
I agree with Lancerguy, generate your own. You will learn more this way.

[>Dart>]

Hey guys...generate your own? Ya, thats what got me all fired up about this project in the first place, the idea that I could make the tables myself by my own sweat and blood! Talk about the pride and accomplishment when your done!

I started generating LM configuration 6 using rtgen. My primary computer is a Dell P3 1Ghz 256MB SD Ram...my other computer in my room that I dont use a lot is a P4 1.3Ghz 512RD Ram...I think id have to use that. But thats all I have to me at the moment. Iv tryed asking my work if I coudl use some computers...they said no...tryed some other places...I even asked Staples Office Supply Store...my grandfather works there...he said no. The only place I "might" have a chance with would be at the college...They might let me bring in my own computer and hook it up and run it day and night...and I can come to school and check on it each day. MJC wont let me use there computers for this type of thing, Iv asked before they said they dont have any...but I know they have a LOT in storage...oh well.

It seems my only way would be to download the LM tables....but I might want to get a LARGE NTLM table...but I cant find any for download that would cover everything up to say 9-10 characters...but I fear I dont have the disk space for something like that...my external drive is only a 250GB. Also I need to look into the calculation parameters that would be decent if I would make a NTLM table.

[bofh28]

I started generating LM configuration 6 using rtgen. My primary computer is a Dell P3 1Ghz 256MB SD Ram...my other computer in my room that I dont use a lot is a P4 1.3Ghz 512RD Ram...

It seems my only way would be to download the LM tables....but I might want to get a LARGE NTLM table...but I cant find any for download that would cover everything up to say 9-10 characters...but I fear I dont have the disk space for something like that...my external drive is only a 250GB. Also I need to look into the calculation parameters that would be decent if I would make a NTLM table.

LM is a good place to start. Having a fast processor and large amounts of storage is the best thing. RAM is not important at this stage. When you get to sorting the tables the more RAM the better. In fact having at least the size of the rainbow table you generate plus 256MB of free RAM will make sorting much faster.

You won't find NTLM tables for 9-10 characters. LM tables are smaller because the password is converted to uppercase and broken into two 7 character strings. So covering most passwords is easier. To find the amount disk is easy:
take the number of characters used and raise it to the power of the length of the password. For example, for LM there are 69 english characters raise that to the power of 7. So 69^7 = 7.5 TB
If you limit LM table generation to uppercase and numbers only it is 36^7 = 78GB.

[imported___CG__]

3. Each rainbow table has parameters such as: lm_alpha-numeric-symbol32-space#1-7_0_15200x67108864_0.rt. I cant really find a good document that describes what these parameters mean...all I know is that lm=Hash type and alpha-numeric-symbol32-space goes to the line in the charset.txt file that says what character set to use. and .rt is the file extention can anyone explane to me the rest of these parameters or point me to a document that has them?

the 15200 and 67108864 are your chain length and chain count.

you really need to go read the Time-Memory Trade-Off paper for the math background on the chain length and chain count, using the tool in cain (rtgen) you can see how the different chain lengths and counts affect your success rate and the size of your tables.

I also wrote some stuff up on rainbow tables and rainbow crack awhile ago, here: http://www.ethicalhacker.net/content/view/94/24/

hope that helps

[>Dart>]

Thanks guys, ya. I worked with the school today..I found out 1 of the schools lab has a slow connection (200Kbs)...the Magic Lab next door is 1Mbs. I found that kinda of interesting! Also I know about the 7 character thing....and I agree that having a LM table is a good thing to have. Im going to do more reading up on the match and caculations from what you posted. Thanks.