Ethical Hacking:Cracking a hash with rainbow crack
Wednesday, July 07, 2010
, Posted by gurur@j at 7/07/2010 10:52:00 AM
The first step is to generate the rainbow tables,which is done using the utility"rtgen".We need to provide some configuration options such as the hashing algorithm the character set,the password lenghts,etc.
The Parameters are as follows:
rtgen hash_algorithm charset plaintext_len_min Plaintext_len_max table_index chain_len chain_num part_index hash_algorithm The hash algorithm to use for generating the tables md5,ntlm/lm for Windows
charset
The character set for the password.supported option are:
| numeric | 0123456789 |
|---|---|
| alpha | ABCDEFGHIJKLMNOPQRSTUVWXYZ |
| alpha-numeric | ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 |
| loweralpha | abcdefghijklmnopqrstuvwxyz |
| loweralpha-numeric | abcdefghijklmnopqrstuvwxyz0123456789 |
| mixalpha | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ |
| mixalpha-numeric | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 |
| ascii-32-95 | !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_'{|}~ |
| alpha_numeric-symbol32-space | ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ |
Plaintext_len_min Plaintext_len_max
These are some of the more obvious parameters.They define the minimum and maximum lengths of the plaintext for which the password is to be found .So for a length from 1 to 7 there will be no likelihood of there being a hash for a 8 character password,but most combinations within the specified character set will likely be present.
table_index chain_len chain_num part_index
These are the least obvious and most complicated parameters.Since you have some idea of rainbow tables,you will probably Know what chain_Length means.Hint ,it is the number of hash-reduce cycles which from the chain,and lead to the final hash stored for each chain.
- The table_index is used to define which reduce function to use for the table and the part_index is for deciding how to generate the initial starting point for the rainbow table.
- The settings recommended by the creators for the software for a 99.9% probability of cracking hashes are (for md5): rtgen md5 loweralpha-numeric 1 7 0 3800 33554432 0 Instead of md5,you could have used any other algorithm here.Rainbowcrack can be extended using dlls to support hash algorithm.Here we are generating a rainbow table with the following specefications.
| hash_algorithm | md5 |
|---|---|
| charset | loweralpha-numeric=[abcdefghijklmnopqrstuvwxyz0123456789] |
| plaintext_len_min | 1 |
| plaintext_len_max | 7 |
| chain_len | 3800 |
| chain_num | 33554432 |
- This command has to run 6times for each table index,from 0 to 5,and each time it will take around 2hrs on a Core i5 system!Each resulting file will be around 512MB,making the whole table collection around 3GB in size.
- As you increase the number of characters in the character set and the length,the size will go up drastically.
- This will result is file named "md5_loweralpha-numeric#1-7_0_03800x33554432_o.rt" to "md5_loweralpha-numeric#1-7_0_3800x33554432_5.rt" The resulting rainbow table will not be stored,and hence will not be easy to search in.So the next step is to sort the table using the rsort command.This command simply takes the filename of the unsorted tables as a paramater.
- This takes under a minute to execute. Since rainbow table are large,you can also use rt2rtc command to compress the table into".rtc" files which can be used with the cracking applicaions without needing to be decompressed. Now that we have out rainbow tables,what do we do next?Use them of course! The following images show how easy it is to do with the graphical Rinbowcrack GUI.
Currently have 0 comments: