Use a combination of rainbow tables and ophcrack to crack windows passwords

Source: Internet
Author: User
Tags comparison table
    • Maximum access
Use a combination of rainbow tables and ophcrack to crack windows passwords

BySimon ~ Th, 2008.Filed under:Linux desktop applications, Windows applications.

This article is looking for the starting point of life ( original, if you need to reprint, please indicate the source, and retain the original link.

From the previous two articles (obtain valid methods for Windows XP administrator permissions, John/bkhive/samdump, and crack the Sam password in Linux)
It can be seen that I am interested in Windows system permissions. As the current oppression has not been overturned, the resistance continues. This article discusses how to use rainbow.
Another brute-force cracking mechanism combining table and ophcrack. The assumption here is that you have obtained encrypted hash. If you have no way to get the hash, please refer to the two mentioned above

To be honest, there are not many instructions on rainbow tables on Google. I believe that the most comprehensive explanation can be learned through this link. However, wiki is in English, unless there is a special need I have not planned to study carefully before. However, as far as I know, I want to explain the following:

Tables is a table that can be a combination of specified characters and a comparison table encrypted by MD5, lm, NTLM, and other encryption means. As you can imagine, these tables are quite large.
. When you get these tables, cracking the hash password is actually equivalent to dictionary cracking, and the speed of brute-force cracking is much higher than normal. Let me tell you the famous rainbow-based
How big is the table described in the help document of tables's open-source cracking software ophcrack:

Rainbow tables for LM passwords:

1. A table with a combination of all letters and numbers (1-7 digits) is divided into two alphanumeric
SSTIC04-10k (388 MB) And Alphanumeric
SSTIC04-5k (720 MB), I found that the two tables are consistent in the number of password combinations. But alphanumeric
SSTIC04-5k files more than doubled, if there is more than 1 GB of memory, the cracking speed 4 times faster (Why is there such a strange difference, not found ). They contain 80 billion hash entries,
Lm encryption is case-insensitive, so it can crack 2 ^ 83 1-14-bit lm passwords.

: Http:// /~ Oechslin/projects/ophcrack/

2. lm extension table, containing all letters + numbers + 33 special characters (!" # $ % & '() * +,-./:; <=>? @ [\] ^ _ '{| }~) The 96%-1-7 combination of 7 trillion contains hash characters, which can crack 2 ^ 92 lm passwords. Size 7.5 GB

Get: no official download, you can buy a DVD through the ophcrack website, price $240, address:

In addition, I found BT download, known as bigger, 33.8g (, or download the software generated by yourself (the generation method is described below ).

Rainbow tables for NTLM passwords:

1. NT hash table: A combination of 1-6 letters, numbers, 33 special characters, a combination of 7 letters, numbers, 8 lowercase letters, and characters. It contains 7 trillion hash characters, it can crack 7 trillion passwords. Size 8.5 GB

Get: there is no official download, you can buy a DVD through the ophcrack website, the size is described above 8.5g, price $240, address:

You can also look at (Address:, there are a lot of options, the maximum of 1-9 lowercase letters + number combination has 123 GB, be careful with your disk.

From the above content, we can see that rainbow
Tables is huge. In fact, these things are just dictionary files in a sense. Of course, it is different from the traditional dictionary. It is a huge character encryption hash and character addition.
In the pre-Password comparison table, the corresponding cracking tool is used for comparison during the cracking process, saving the process of encrypting and calculating characters, thus greatly saving time.

If the obtained rainbow tables mentioned above is difficult or is not satisfied with their combination method, you can also generate it by yourself. Here is an open-source tool:

Rainbowcrack: Author can be a lei Shuang Chinese.

Latest Version: rainbowcrack-1.2

Windowsbinary code ( and can be used on all platforms (source code for Windows/Linux/unix)((

Provides custom composite characters,

Provides LM, MD5, sha1, and custom combination encryption methods. If a patch (algorithm patch for rainbowcrack 1.2) is added, it also provides NTLM, md2, md4 and ripemd160 encryption.Algorithm

If you want to use a tool to generate a large table, you need to be prepared and require strong CPU and large available disk space, and a large amount of time (using a single PC in years ). Therefore, some tables are available for download on the tool's homepage.

After talking about these tables for a long time, we only mentioned various rainbow tables. We also need a tool to use these tables. We recommend the well-known ophcrack here:


Latest Version: ophcrack-2.4.1,20.windowsbinary file package (ophcrack-win32-installer-2.4.1.exe) and source code (ophcrack-2.4.1.tar.gz) available for all platforms (such as Windows, Linux, and unix)

Using the software to crack requires two conditions

1. You need to provide rainbow tables.

2. requires that the hash of the password has been obtained, the method can refer to John/bkhive/samdump, in Linux to crack the Sam password, so the home page also provides a bkhive-1.1.1.tar.gz and samdump2-1.1.1.tar.gz.

In addition, ophcrack also provides a live CD, the latest version 1.2.2,: ophcrack-livecd-1.2.2.iso

Ophcrack-livecd is based on a small Linux system called slax6. The entire system includes slax6, ophcrack for Linux, and rainbow tables with small letters and numbers. Size 477 m

Therefore, you can start the attack without installing the CD.

Lm encryption and NTLM encryption for Windows passwords:

Lm is also called lanmanage. It is an ancient and fragile password encryption method for Windows. Any password with more than 7 characters is divided into seven parts, and the last password with less than 7 characters is
Use 0 to make up 7 digits, and then combine them into a hash through encryption. In fact, after cracking software decomposition, the LM password cracking limit is 7 bits, which makes today's PC computing speed shorter.
It is possible to crack the LM encrypted password (up to two weeks). If you use rainbow tables,
The time may be dropped to an hour. This fragile encryption method is still in use in Windows2003. Of course, we can also disable lm Encryption By setting registry parameters, replacing it
NTLM encryption (LM and NTLM encryption hash are generated by default). The method is as follows:

1. Open the Registry Editor;

2. Locate HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA;

3. Select "edit" and "add value" from the menu ";

4. Enter lmcompatibilitylevel in the Value Name and the value type is DWORD. Click OK;

5. Double-click the new data and set the following values as needed:

0-Send LM and NTLM responses;

1-Send LM and NTLM responses;

2-only send NTLM response;

3-only send NTLMv2 response; (effective for Windows 2000)

4-only send NTLMv2 response and reject lm; (Windows 2000 is valid)

5-only send NTLMv2 response, deny LM and NTLM; (valid for Windows 2000)

6. Close the Registry Editor;

7. Restart the machine

The introduction of NTLM encryption in Windows NT SP3 and the gradual introduction of NTLM 2.0 encryption after Windows solve this problem, making it a luck to crack a password with a length of more than 8 characters in a short term. However, lm encryption is enabled by default, unless it is disabled by the above method.

Look for the starting point of life, If You Need To reprint please indicate the source
This site domain name changed from original to

Tags:Linux, ophcrack, rainbow tables, Sam, Windows

Related Articles
    • "Free rainbow tables" distributed computing cracking password (0)
    • Linux PhP5 connection SQL Server 2000 (0)
    • Shared Folders restricted by Linux Mount Windows users (7)
    • Valid methods for obtaining Windows XP administrator permissions (practice verification) (12)
    • John/bkhive/samdump, crack Sam password in Linux (3)

Maximum access

    • Puff-13,488 views, a wall-crawling software designed for Chinese citizens
    • Free and easy-to-use VPN, ultravpn, and wall crawling tools-8,267 views
    • Valid methods for obtaining Windows XP administrator permissions (practice verification)-7,563 views
    • Use a combination of rainbow tables and ophcrack to crack windows passwords-5,896 views
    • C/C ++ reference (STL reference) chm format file-4,830 views
    • Shared Folders restricted by Linux Mount Windows users-4,105 views
    • Google's Chinese version of the gradient image-3,545 views
    • Proxy Switchy! Chromium extension like foxyproxy-3,519 views
    • Configure PhP5 in Linux to connect to Oracle 10.2.0-3,228 views
    • Simple use of file sync tool rsync in Windows-3,148 views
» Shared folder "Free rainbow tables" restricted by Linux Mount Windows users distributed computing cracking password» reader's comments
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.