Results 1 to 10 of 10

Thread: understanding rtgen

  1. #1
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default understanding rtgen

    Hello,

    I am trying to make my own rainbow tables using rtgen. I am trying to understand the process but I am having some difficultly. Lets start with something simple: 4 tables, lm hashs, 3 alpha characters long.
    I think the commands would be:
    rtgen lm alpha 1 3 0 20000 400000000 0
    rtgen lm alpha 1 3 0 20000 400000000 1
    rtgen lm alpha 1 3 0 20000 400000000 2
    rtgen lm alpha 1 3 0 20000 400000000 3

    I have also seen the commands at:
    antsight.com/zsl/rainbowcrack/rtgen_cfg6.txt
    Those commands generates 64 tables.

    I get the first four parameters: table to generate, character set, minimum password, and maximum password.
    20000 is the chain length. higher numbers increase the probability success rate without increasing the table size much.
    40000000 is the chain count. larger numbers increase the size of the tables, but will also increase the success rate
    The last parameter is appended to the filename.

    The fifth parameter is a table number. What does this do? I have seen references to running rtgen on multiple PCs, but I could do that by varying the last parameter. Why run rtgen multiple times with the same table number?

    I know once the tables are generated I have to sort them using rtsort.

    Thanks,

  2. #2
    Junior Member stasik's Avatar
    Join Date
    Dec 2007
    Posts
    29

    Default

    rtgen lm alpha 1 3 0 20000 400000000 0

    rtgen - the soft
    lm - type of hash
    alpha - character set used
    1 - minimum character word
    3 - maximum character set
    0 - number of the table
    20000 - ????
    4000000000 - number of hashes in a table
    0 - number of table.

    i created my tables using:
    rtgen lm alpha-numeric-symbol14-space 1 7 30 2400 97505489 30
    i m still creating them.i played arround till i find optimum size of table (97505489) so i can put exactly 3 tables on dvd. before u start creating table, simulate it with WINRTGEN ([oxid_DOT_it/downloads/winrtgen_DOT_zip). it will show u how much space is needed, the percentage of success, number of tables needed and stuff like that. u should have:
    rtgen lm alpha 1 7 0 2400 XXXXXXXXXX 0,
    rtgen lm alpha 1 7 1 2400 XXXXXXXXXX 1,
    rtgen lm alpha 1 7 2 2400 XXXXXXXXXX 2, etc
    where XXXXXXX is desired table size.maximum size is 2 gb. play around with Winrtgen

  3. #3
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Thank you for the response. I download winrtgen 2.6. For me If I use
    rtgen lm all 1 7 1 20000 93500000 56
    According to winrtgen I will have 100% success in about 80GB with 3 tables fitting on 1 dvd.
    However the index setting doesn't do anything. The numbers don't change if I increase the value.

    Thanks,

  4. #4
    Junior Member stasik's Avatar
    Join Date
    Dec 2007
    Posts
    29

    Default

    i use 97505489 and 3 table are fiting to a dvd no problem.even some space left. just bare in mind that tables are a bit bigger then shown and a dvd has 4.470 gb ,not 4.7. i have 4 cpu pc,so i generate 3 table at once.i need 2 days to complete 3 tables=1 dvd. 1 table eats 1 cpu,no more, so i could generate 4 tables,but i need 1 cpu for my self.so it will take a long time,but then it is easy to crack,whats why it is a trade-off.

  5. #5
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Thanks for the tip. I am always in favor of not wasting space.

    Thanks,

  6. #6
    Junior Member stasik's Avatar
    Join Date
    Dec 2007
    Posts
    29

    Default

    why do u need alfa tables any way? if it simple alfa use mdcrack 1.83 to crack it. mdcrack is the fastest, i tried my self plenty of them. i create alfa_digit_some symbols_space, coz brute force will take ages. i even saw some online crackers, but they dont have all the passwords.

  7. #7
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Actually I was going to generate NTLM tables and not LM as LM won't give me the proper case of the password. I also plan to use the mixalpha-numeric-all-space character set. If winftgen is correct I need 200 tables for a 99.59% probable success of 7 characters. The table should use almost 300GB of space.

    Please note that I am only going to generate 1 or 2 tables as this is only going to be used as an example for something I am doing. I am trying to write the ultimate password cracking tutorial. I have taking (giving credit to the original authors) the various bits of information that are scattered around this forum and some websites and am putting them into 1 document.

    mdcrack you say.... I will have to check this out.
    Thanks,

  8. #8
    Junior Member stasik's Avatar
    Join Date
    Dec 2007
    Posts
    29

    Default

    i was playing around a lot with password cracking. u dont need ntlm hashes. lm are much easier to crack coz they use only upper cases letters. this is what i do:
    1.get hashes from windows with PwDump 7.1. (or any other way)
    2.crack the lm coz it is easier with rainbowtables/mdcrack.
    if i get a password MEYOU you could try all combinations of upper and lower cases but u ll get 2^n combinations.
    3.use mdcrack to crack the ntlm hash using a custom character set: meyouMEYOU and in 5 sec u ll have the right password.
    tip: its much easier to crack ntlm knowing the char set, so u dont need to brute force all possible character and u dont need 300gb. windows vista have lm hashes disables. it also could be desabled on win xp.
    is this what u r after???

  9. #9
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    That is some very helpful information. I will include it my tutorial. I am doing it the long way as several of the places I have done work for got smart and disabled lmhash. For those who haven't your steps will make my job that much easier.

    Thanks,

  10. #10
    Junior Member stasik's Avatar
    Join Date
    Dec 2007
    Posts
    29

    Default

    i ll list a few progs used in cracking windows password. all the progs i tested my self:

    erasing password:
    1.Offline NT Password & Registry Editor (http://home.eunet.no/~pnordahl/ntpasswd/)
    burn the iso to cd and boot from cd. this soft will allow to erase any password on any win os. u dont need to know any info in advance. it will display the users. u select the user and the pass will be deleted. it work 100%. (it also allow to reset the password, but erasing it works better. it can be changet after reboot)

    getting password hashes:
    1. PwDump (http://www.514.es/2007/06/pwdump7.html)
    a small application wich run on win os. if attacker has an account on victim pc, just run the soft, save the hash and crack it when u have time. if attacker dont have account on pc, just boot any windows live cd (ERD commander, live windows cd, etc) and run the soft. get the hashes, crack it.

    2. Windows XP Login Recovery (http://www.loginrecovery.com/)
    download the iso,burn on cd, boot from cd. after boot a small screen will be displayd with a list of pc users and their hashes. write hashes down, crack. very easy and simple program. just boot from cd and thats all

    cracking the hashes:
    1. MDCrack (http://c3rb3r.openwall.net/mdcrack/)
    very fast ntlm/lm hash cracker. just give it the hash and it will digest it

    2. OphCrack (http://ophcrack.sourceforge.net/)
    it is a linux based live cd. download iso, burn, boot. it will display a list of users and will start to crack all of then. just stop cracking and select only user needed to be cracked to save time. it uses rainbow tables to crack. and as it is just on 700 mb cd the tables are limited. it is only alpha-digit hashes and a pass to up to 7 charatecrs can be cracked. the prog is useful for easy password

    3. RainbowCrack (http://www.antsight.com/zsl/rainbowcrack/)
    after generating rainbow tables, uthe the prog to crack the hash. any hash could be cracked with in 10 min, but creating tables can take weeks/months. there are other soft which uses rainbow tables

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •