Results 1 to 6 of 6

Thread: Cachedump and Rainbowcrack

  1. #1
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    2

    Default Cachedump and Rainbowcrack

    Cachedump is great for retrieving the cached Active Directory credentials from XP machines.

    With BigPatch for John the Ripper, these hashes can be broken through dictionary and incremental cracking. However, I'm wondering if anyone has been able to put Rainbowcrack to work on these types of hashes.

    cachedump & bigpatch
    http://www.off-by-one.net/misc/cachedump.html

    Information on the hashing process used on Active Directory credentials is at:
    http://www.securiteam.com/tools/5JP0I2KFPA.html

    Your help is very much appreciated! It doesn't look like anyone has published this vector before, so cachedump+rainbowcrack is new territory.

    Thanks,


    kidmystic

  2. #2
    xatar
    Guest

    Default cachedump+rainbowcrack

    Hi,

    AFAIK, the problem with using rainbowtables for cracking kerberos hashes, is that kerberos uses a salt value to hash the password.

    This means that for every one password, there are now 4096 possible different hashes. This means that for a dictionary or brute force attack, you will need to hash each password 4096 times based upon a further brute force of the 12 bit salt value. That isn't much of a problem for cracking techniques that create hashed 'on the fly' like the dictionary/brute force, it will just slow it down slightly.

    For a system that pre-computes the hashes, like rainbow tables, the size of that table will now be 4096 times bigger! I have 47GB of LM hashing tables! The kerberos hashing algorithm is much more complex and will require a much bigger set of tables, then multiply that by 4096!!!

    It really makes the use of rainbow tables inneffective.

    But that is only my current knowledge, if someone knows something different, please let use know.

    l8r,
    xatar.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    2

    Default

    So, if the password hash is salted with the unicode username, you could theoretically create rainbow tables based off that one username?

    If that is the case, then there would no longer be any improvement over brute force attacking, correct?

  4. #4
    xatar
    Guest

    Default

    This quote was taken from http://www.faqs.org/faqs/kerberos-fa...ection-25.html

    In Kerberos 4, a salt was never used. The password was the only input to the one-way hash function. This has a serious disadvantage; if a user happens to use the same password in two Kerberos realms, a key compromise in one realm would result in a key compromise in the other realm.

    In Kerberos 5 the complete principal name (including the realm) is used as the salt. This means that the same password will not result in the same encryption key in different realms or with two different principals in the same realm.
    So...

    In theory...

    Yes! You could create a rainbowtable based upon the salt value of the username@domain.com but I don't know how to rewrite the rtgen code to do that!

    You are right, there would be no advantage over brute force or wordlist attacks. Well, it would be faster to crack the password, but you would have to spend a week creating the tables first!!

    But I like the way you think, that the best skill a "hacker"/"penetration tester" can have!

    l8r,
    xatar.

  5. #5
    Junior Member
    Join Date
    Feb 2010
    Posts
    44

    Default Rainbowtable effectiveness?

    Right now I am learning more about password auditing. Xatar can you let me know whether the following is correct. I think I have three options:
    1) dictionary attack
    2) brute force attack
    3) rainbowtable attack
    When I understand correctly in option 3 you calculate the hashes in advance.
    So in principle you reach the effectiveness of a brute force and the efficiency of a dictionary attack.

    I read that the rainbowtable attack is not usefull when the hash uses a SALT value.
    I wonder whether this is true? See my thoughts below.
    hash (password + SALT)
    Let's say I have username 'admin' and password '12345'.
    Which value does the hash function use for the SALT?
    Would that be the value of the username, namely 'admin'?


    Let's assume that the HASH calculates the following HASH VALUES for the two separate values:
    for the username: admin the HASH is: xxxxx
    and for the password: 12345 the HASH is yyyyy

    I you calculate the hash for both values together would the HASH output be the same as above? In fact would the HASH value result in:
    HASH (password + SALT)
    =
    HASH (12345 + admin)
    =
    yyyyyxxxxx

    If that would be true you could create a rainbowtable based on generated random passwords and a variable you know the username 'admin'.

    Of course as soon as the username is different in another audit. The generated rainbowtable would be useless and a brute force would have the same effect.

    But if you use a commonly used username, let's say 'administrator' or 'admin'. The rainbowtable attack can be usefull and save some time.

    @Xatar: are my conclusions correct or am I going wrong somewhere?

    Thanks for your reply.

    Regards,

    Macamba

  6. #6
    xatar
    Guest

    Default

    the salt should be a psuedo-random 12bit number. This means that if you create a rainbow table based on one 12bit salt, it's useless for any other salt value and therefore username.

    So we are really limited to brute force and dictionary attacks, where every attempted password string is then hashed along with every 12bit salt value. It slows it down slightly, but it still works.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •