What is RainbowCrack & Rainbow Tables?
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.
In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.
You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.
Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.
These files are called Rainbow Tables.
You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.
Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.
So where do I get these Rainbow Tables?
You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.
Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.
If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.
Or these guys, not free but cheap http://www.rainbowcrack-online.com/
Some free tables here http://wired.s6n.com/files/jathias/index.html
What software is available for use with Rainbow Tables?
There is of course the original RainbowCrack as mentioned above.
Then there is:
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.
Cain and Abel (newly added support for Rainbow Tables)
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.
LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.
Please note this is a COMMERCIAL product.
Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003
Thankfully there is a freeware alternative to LC5 in the form of LCP.
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool
- Wophcrack – Web Based Interface For Ophcrack Password Cracking Tool
- Ophcrack 3.3.1 & LiveCD – Free Rainbow Table Password Cracking Tool
- Ophcrack 2.2 Password Cracker Released
Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,137,498 views
- Hack Tools/Exploits - 581,384 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 414,263 views