Author: hackest [h.s. T.]
Source: hackests blog
I. Overview
What is a rainbow table?
It is a huge set of hash values pre-computed for various possible letter combinations, not necessarily for MD5 algorithms, it can quickly crack various types of passwords. The more complex the password is, the larger the rainbow table is. Currently, the mainstream rainbow tables are more than GB. Well, it seems that more and more people are paying attention to the rainbow table recently, and there will be more and more hackers equipped with the rainbow table in the future. However, many people seem not very familiar with rainbow tables. However, it is certain that many people have certain misunderstandings about the rainbow table. Some even think that the rainbow table can crack the plaintext of all non-reverse algorithms. Is that true? This article describes how to obtain a rainbow table and how to use a rainbow table to crack the password.
Ii. How to obtain a rainbow table
1. Generate RainbowCrack
RainbowCrack is a password cracking tool that uses Time-Memory Trade-Off Technique to accelerate password cracking. This tool can be downloaded at http://project-rainbowcrack.com. RainbowCrack uses a rainbow table, that is, a pre-calculated plaintext and hash value comparison table. By creating such a rainbow table in advance, you can spend a lot of time cracking your passwords in the future. For more information, seeHere
2. Cain generation
Under the winrtgenfile of the installation directory of cain, a program named winrtgen.exe is installed.
Click "Add Table", 2.
The options below "Hash" are the types of rainbow tables that you can generate. Remember that rainbow tables are also classified. Someone used the MD5 rainbow table to run Windows LM Hash and asked me why I couldn't even crack such a simple combination ...... The MD5 rainbow table can only be used to crack the MD5 Hash. It is a loss of money because it is a waste of time and a joke.
Min Len is the minimum bit of the plaintext length of the password. The maximum bit of "Max Len", that is, the maximum bit of the plaintext length of the password. For example, if you fuzzy determine that the length of the Hash password in your hand is about 5 to 7 digits, then the minimum bit is 5 and the maximum bit is 7. Retain the default values for other options. "Charset" is a character set, that is, the characters contained in the plain text of the password. The drop-down list shows multiple options. After setting, click "OK" to generate the table. In this way, the generated table is 610.35 MB each.
3. Direct download
In addition to the above two generation tools, there may be some variants which will not be described here. Why download? Why do I need to download a file that can be generated by myself? Well, the reason is that the download process is much better than the generation process. I have tested the 4-Core 4 GB memory machine to generate a 2 GB rainbow table. It takes seven days to generate a 2 GB rainbow table, in 7 days, the bandwidth of 1 MB (about 160 KB/S) can be downloaded by about 30 Gbit/S (I have limited bandwidth, sometimes unable to connect, only about 4 Gbit/S per day ). The effect is obviously higher than generation. Of course, if you have a supercomputer group, you may also generate it yourself. For the majority of Network Security enthusiasts, direct download is reliable!
Where can I download it?
It depends on the password you need to crack. If you want to crack Windows Hash, we recommend that you useOphcrackAnd the table size is relatively small. The software can be downloaded for free, and the table can be used for several hundred MB for free, or evenOnline query. Online query uses a free table of several hundred MB, which has a general effect. However, it is sufficient for a simple password. Some may not be used. Here we will mention it. In fact, you only need to pay attention to the Hash format. For example, if the password of a user in Windows is hackest, enter "7831a0ffabee5fb3aad3b435b51404ee: Workshop" in the box next to "hash ". Then "sumbit hash" can get the returned results. Occasionally, only a few digits are displayed. You can also query the password Hash string here. As for other billing tables, I have also sent seeds before. Http://www.hexsafe.com/download/Ophcrack % 20XP % 20 Special % 20Tables. torrent, Which is Ophcrack XP Special Tables. Generally, a non-Vista password Hash can be used to break the vast majority of the passwords. However, a small part of Hash is found to be correct during use, but cannot be cracked. Therefore, do not trust the entire table. Remember, the table is not full! Tables are never the largest, but larger. The Vista password Hash can be found here under the table, http://www.hexsafe.com/download/Ophcrack % 20 Vista % 20 Special % 20 NTHASH % 20Table. torrent this is Ophcrack Vista Special NTHASH. It is officially a paid table, but it is shared outside China and can be obtained for free. If these tables cannot run, and you are sure that your Hash is not wrong, you can only find LC5 out of the horse. LC5 is definitely broken, but it takes a long time!
Free Rainbow Tables
Http://www.freerainbowtables.com/en/tables/
Image download: http://tbhost.eu/rt.php
Provides various types of rainbow table downloads, including LM, NTLM, MD5, and SHA1. Do not drop the table of French characters. It is almost useless for Chinese people. But if you have special needs, let's go ...... All provided here are. different from the traditional one. ri format ,. rti ratio. rt has a directory. index file, it is said that the speed ratio of the column is. rt is faster (it has never been compared and cannot be determined whether it is true ).
It is also said that the 120 GB (actually 119.2 GB) rainbow table generated in China can also find download points, although not how stable ...... However, it seems that this table does not support spaces in characters.
3. How to use a rainbow table
For more information about Ophcrack, refer to another article in my blog.
Windows password cracking strategy:Html> http://www.bkjia.com/Article/200908/40985.html
This article focuses on how to use the Free Rainbow Tables to crack the Hash of a Rainbow table. The following uses the MD5 rainbow table as an example to describe how to use the rainbow table to crack the MD5 password. Assume that the 32-bit MD5 value of a hackest string in plaintext is 1097795aeee01c9ab3167f252c932572. The tool to be used is rcracki_mt.exe. The latest version is 0.6.1.
Click here to download the file: http://www.bkjia.com/Soft/200911/16143.htmlCopy the tool and related dll files to the rainbow table directory, and then run the command "F: MD5> rcracki_mt.exe-h 1277795aeee01c9ab%7f252c932572 *. rti" to start cracking. 3.
When the table where the Hash is located is repeated, the task is ended and the result is displayed. According to my machine configuration, it takes about 2 hours for a GB MD5 table to be listed all over once. During this period, there will be very cards, so it is generally run during sleep, or you can't really stand it. For other tables, such as LM, the software can only recognize the Hash into two segments, as does NTLM. However, this MD5 table does not support 16-bit MD5 Hash, but I think this software code can be identified as long as it needs to be changed, because the 32-bit Hash contains the 16-bit Hash value, you only need to remove the 32-bit Hash value from the first 8 bits and the last 8 bits, and the rest is the 16-bit Hash value. The software can only compare the 16-bit Hash in the table.