1. ## understanding rtgen

Hello,

I am trying to make my own rainbow tables using rtgen. I am trying to understand the process but I am having some difficultly. Lets start with something simple: 4 tables, lm hashs, 3 alpha characters long.
I think the commands would be:
rtgen lm alpha 1 3 0 20000 400000000 0
rtgen lm alpha 1 3 0 20000 400000000 1
rtgen lm alpha 1 3 0 20000 400000000 2
rtgen lm alpha 1 3 0 20000 400000000 3

I have also seen the commands at:
antsight.com/zsl/rainbowcrack/rtgen_cfg6.txt
Those commands generates 64 tables.

I get the first four parameters: table to generate, character set, minimum password, and maximum password.
20000 is the chain length. higher numbers increase the probability success rate without increasing the table size much.
40000000 is the chain count. larger numbers increase the size of the tables, but will also increase the success rate
The last parameter is appended to the filename.

The fifth parameter is a table number. What does this do? I have seen references to running rtgen on multiple PCs, but I could do that by varying the last parameter. Why run rtgen multiple times with the same table number?

I know once the tables are generated I have to sort them using rtsort.

Thanks,

2. rtgen lm alpha 1 3 0 20000 400000000 0

rtgen - the soft
lm - type of hash
alpha - character set used
1 - minimum character word
3 - maximum character set
0 - number of the table
20000 - ????
4000000000 - number of hashes in a table
0 - number of table.

i created my tables using:
rtgen lm alpha-numeric-symbol14-space 1 7 30 2400 97505489 30
i m still creating them.i played arround till i find optimum size of table (97505489) so i can put exactly 3 tables on dvd. before u start creating table, simulate it with WINRTGEN ([oxid_DOT_it/downloads/winrtgen_DOT_zip). it will show u how much space is needed, the percentage of success, number of tables needed and stuff like that. u should have:
rtgen lm alpha 1 7 0 2400 XXXXXXXXXX 0,
rtgen lm alpha 1 7 1 2400 XXXXXXXXXX 1,
rtgen lm alpha 1 7 2 2400 XXXXXXXXXX 2, etc
where XXXXXXX is desired table size.maximum size is 2 gb. play around with Winrtgen

3. Thank you for the response. I download winrtgen 2.6. For me If I use
rtgen lm all 1 7 1 20000 93500000 56
According to winrtgen I will have 100% success in about 80GB with 3 tables fitting on 1 dvd.
However the index setting doesn't do anything. The numbers don't change if I increase the value.

Thanks,

4. i use 97505489 and 3 table are fiting to a dvd no problem.even some space left. just bare in mind that tables are a bit bigger then shown and a dvd has 4.470 gb ,not 4.7. i have 4 cpu pc,so i generate 3 table at once.i need 2 days to complete 3 tables=1 dvd. 1 table eats 1 cpu,no more, so i could generate 4 tables,but i need 1 cpu for my self.so it will take a long time,but then it is easy to crack,whats why it is a trade-off.

5. Thanks for the tip. I am always in favor of not wasting space.

Thanks,

6. why do u need alfa tables any way? if it simple alfa use mdcrack 1.83 to crack it. mdcrack is the fastest, i tried my self plenty of them. i create alfa_digit_some symbols_space, coz brute force will take ages. i even saw some online crackers, but they dont have all the passwords.

7. Actually I was going to generate NTLM tables and not LM as LM won't give me the proper case of the password. I also plan to use the mixalpha-numeric-all-space character set. If winftgen is correct I need 200 tables for a 99.59% probable success of 7 characters. The table should use almost 300GB of space.

Please note that I am only going to generate 1 or 2 tables as this is only going to be used as an example for something I am doing. I am trying to write the ultimate password cracking tutorial. I have taking (giving credit to the original authors) the various bits of information that are scattered around this forum and some websites and am putting them into 1 document.

mdcrack you say.... I will have to check this out.
Thanks,

8. i was playing around a lot with password cracking. u dont need ntlm hashes. lm are much easier to crack coz they use only upper cases letters. this is what i do:
1.get hashes from windows with PwDump 7.1. (or any other way)
2.crack the lm coz it is easier with rainbowtables/mdcrack.
if i get a password MEYOU you could try all combinations of upper and lower cases but u ll get 2^n combinations.
3.use mdcrack to crack the ntlm hash using a custom character set: meyouMEYOU and in 5 sec u ll have the right password.
tip: its much easier to crack ntlm knowing the char set, so u dont need to brute force all possible character and u dont need 300gb. windows vista have lm hashes disables. it also could be desabled on win xp.
is this what u r after???

9. That is some very helpful information. I will include it my tutorial. I am doing it the long way as several of the places I have done work for got smart and disabled lmhash. For those who haven't your steps will make my job that much easier.

Thanks,

10. i ll list a few progs used in cracking windows password. all the progs i tested my self:

1.Offline NT Password & Registry Editor (http://home.eunet.no/~pnordahl/ntpasswd/)
burn the iso to cd and boot from cd. this soft will allow to erase any password on any win os. u dont need to know any info in advance. it will display the users. u select the user and the pass will be deleted. it work 100%. (it also allow to reset the password, but erasing it works better. it can be changet after reboot)

1. PwDump (http://www.514.es/2007/06/pwdump7.html)
a small application wich run on win os. if attacker has an account on victim pc, just run the soft, save the hash and crack it when u have time. if attacker dont have account on pc, just boot any windows live cd (ERD commander, live windows cd, etc) and run the soft. get the hashes, crack it.

download the iso,burn on cd, boot from cd. after boot a small screen will be displayd with a list of pc users and their hashes. write hashes down, crack. very easy and simple program. just boot from cd and thats all

cracking the hashes:
1. MDCrack (http://c3rb3r.openwall.net/mdcrack/)
very fast ntlm/lm hash cracker. just give it the hash and it will digest it

2. OphCrack (http://ophcrack.sourceforge.net/)
it is a linux based live cd. download iso, burn, boot. it will display a list of users and will start to crack all of then. just stop cracking and select only user needed to be cracked to save time. it uses rainbow tables to crack. and as it is just on 700 mb cd the tables are limited. it is only alpha-digit hashes and a pass to up to 7 charatecrs can be cracked. the prog is useful for easy password

3. RainbowCrack (http://www.antsight.com/zsl/rainbowcrack/)
after generating rainbow tables, uthe the prog to crack the hash. any hash could be cracked with in 10 min, but creating tables can take weeks/months. there are other soft which uses rainbow tables

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•