Password Cracking with Rainbowcrack and Rainbow Tables

Find your website's Achilles' Heel


What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.

http://rainbowtables.shmoo.com/

If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:

Ophcrack

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.

LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources


http://www.tmto.org/
http://www.loginrecovery.com/

Digg This Post


Posted in: General Hacking, Hacking Tools, Password Cracking

, , , , , , , , , ,

Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,878 views
- Hack Tools/Exploits - 626,147 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 434,282 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


62 Responses to Password Cracking with Rainbowcrack and Rainbow Tables

  1. Jimmy February 27, 2006 at 10:41 am #

    Top quality article!

  2. pegr February 27, 2006 at 1:42 pm #

    For a good commercial L0phtCrack alternative (good speed, support for Rainbow tables, no copy protection nonsense), find SamInside. It’s about $30 and every bit as good as LC (I’ve used both).

  3. Darknet February 27, 2006 at 1:58 pm #

    Jimmy: Thanks

    pegr: Yeah I remember that when it was in BETA, it was EXTREMELY fast when it first came out, I kind of forgot about it after that. Will check it out soon, I’m pretty sure I’ve still got it around here somewhere.

  4. Jimmy Tong February 27, 2006 at 3:01 pm #

    I was wondering does this crack e-mail password too o_O, it seems dangerous

  5. Darknet February 27, 2006 at 3:09 pm #

    Jimmy Tong: It depends how you have the password, this method is used for cracking ‘Hashed’ passwords in a short time, rather than brute forcing them for weeks. You need to use different techniques for e-mail passwords. In the case of e-mail passwords you are brute forcing the actual authentication mechanism, not the hash. You need to look at something like THC-Hydra. I’ll talk about that at another date :D

  6. [Geeks Are Sexy] Tech. News February 27, 2006 at 5:20 pm #

    Yeah, Cain&Abel is an AWESOME tool.. I’ve used it alot for a couple of security audits i’ve done in the last few years, and I was never disapointed by it..

    “newly added support for Rainbow Tables”

    it’S been supporting it for the past year 1/2 I think.. so it’s now a “new” feature :)

    I’ve written a little tutorial about how you can brute-force you way in a network using Cain&Abel if anyone is interested, it’S located right here:

    Auditing your users passwords for complexity : convincing management to adopt a strong password policy

    Cheers!

    Kiltak

  7. BrownShoe February 27, 2006 at 6:07 pm #

    n00bs!

  8. WAlter February 27, 2006 at 6:39 pm #

    YO THIS SHIT IS REALLY OUTRAGOUS MAN I LIKE THIS STUFF I WANT TO LEARN MORE DO YOU GUYS KNOW HOW TO HACK AND THINGS I WANNA LEARN THIS STUFF.

  9. UndrWing February 27, 2006 at 9:04 pm #

    are you serious^^

  10. len February 27, 2006 at 9:35 pm #

    one stupid guy tried to download this stuff at his work
    but as the dictionaries are so big he directly skyrocketed into the stratosphere of downloaders and had to explain himself why he needed this stuff at the workplace, which he couldn’t

    don’t say I didn’t warn you, at the workplace they can see everything

  11. Bill March 1, 2006 at 11:00 am #

    All I want is to access my wife’s email account which she keeps at work. I know the address but not the password. Which program will help me find this.

  12. TRANSEND March 1, 2006 at 10:42 pm #

    this is the biggest thing since distributed.net!!!!!!!!

    how about
    “distributed rainbow table” servers

    {{{{{support hacktivismo}}}}}

  13. Jaybone March 2, 2006 at 6:01 pm #

    This shit seems legit-but the question I have for you is can you do a hack for minutes on a cell phone? I haven’t been able to do this-but I have made headlines around the world-lol-hehehe-jot back-Jaybone

  14. Siddharth March 6, 2006 at 9:27 am #

    If you mean GSM interception then see this….

    http://www.shoghi.co.in/off_the_air.htm.

    If you mean GPRS session captures then u will need to get inside the Provider network and hack their MMS gateways/Internet gateways which is errr.. slightly difficult.

  15. Hus March 24, 2006 at 2:35 pm #

    Good article.

    Thanks

  16. help me April 17, 2006 at 7:13 pm #

    http://rainbowtables.shmoo.com/ dead :(

  17. sam May 1, 2006 at 1:00 pm #

    saome one is regularly hacking my password so nw this time i want to the same with so plz help mme out as soon as possible?

  18. Spudster May 8, 2006 at 1:04 am #

    Another site for free Rainbowtables is http://www.hashbreaker.com

  19. Darknet May 8, 2006 at 4:13 am #

    Spudster: Thanks I’ll check that out. Progress is looking good, glad to see them on torrents, do they have many seeds?

  20. Spudster May 8, 2006 at 6:36 pm #

    Currently there are 7 seeders, 3 of them are very high bandwidth and should be on for a while. Our SHA1 project is about 50% complete.

    Thanks – Spudster

  21. elaxender July 7, 2006 at 3:06 pm #

    Hello

    I want Stock footages. I saw some website about Stack footage. I want crack those avi on ther websites.
    some web this: http://www.alunablue.com
    http://www.animationsforvideo.com
    http://www.buyoutfootage.com
    http://www.hypereye.tv
    http://www.reelhouse.com
    And Most VIP : http://www.rocketclips.com
    I want every video footage on those web.
    Pls Help me about downloading thoes avi
    I Hope u Must Help me .Thanks

  22. Roflcopter July 8, 2006 at 5:09 am #

    Say I knew someone’s account name for WoW…but I didn’t know their password..and they had around 5.2k gold that I’d like to get my hands on..theoretically…which program would I go about downloading to get in? :)

  23. prabhu July 13, 2006 at 1:08 pm #

    These is very wast .
    No free download software are here.

  24. ayush August 14, 2006 at 6:09 am #

    rainbowtable sucks!

  25. Daniel December 28, 2006 at 5:18 am #

    Hi

    Do you know if it’s posibel to crack the password of a rar file using a program and a sha-1 rainbowtable. Do you know of any programs that does this.
    All I’ve found so far have been std passwordcracking software wich uses std bruteforce and dictionary attacks (they take years to complete).

  26. Sean W. January 21, 2007 at 6:55 pm #

    i suggest you crack the password with the hint i have for you to crack. email me back for the password hint

  27. Jonh February 19, 2007 at 1:51 pm #

    I need to find out two passwords for hotmail and gmail acounts of my wife. Can anybody help?

    Thanks

  28. Fredric Renold March 8, 2007 at 12:06 am #

    have a look at http://www.md5hashes.com – there seems to be a pretty large md5 hash database there with about a billion hashes

  29. Sypherknife June 4, 2007 at 6:07 am #

    I’ve been looking for some good sources for rainbow tables for a while now, thanks for the links.

  30. Konpaku June 4, 2007 at 8:04 am #

    Didn’t the Schmoo group have a todo with rainbow tables?

  31. Daniel June 4, 2007 at 8:45 am #

    @konpaku

    yes they tried to generate the tables originally but got beaten to it

  32. skan June 22, 2007 at 6:01 pm #

    Hello.

    Where can I get free RC4 rainbow tables?
    I need them to crack a pdf password.

    Thanks

  33. Dee June 27, 2007 at 6:55 pm #

    Hi!

    I have the problem that because i had to change my passwords many times recently i forgot the last version of it and now i cannot login…
    Stupid me didnt make any reminder question coz the first pass was relatively simple to memorize. Can I use this crack program to get access to my email again? (it is an important email of mine)
    The new password was a variation of the old one, so i know some parts of the password, does that make it easier?
    Does language matter?

    Thanks in advance,
    Dee

  34. Cosmin July 4, 2007 at 8:18 am #

    Anyone knows how can I crack an winace 2.x archive (160bit Blowfish encryption)? I remember some digits from password so I need an brute-force with template software.

    Thanks

  35. skan July 4, 2007 at 11:05 am #

    there are some programs such as Advanced archive password recovery and some other

  36. RollinZombie July 8, 2007 at 7:16 pm #

    Ok, here’s one for ya. My recently deceased father-in-law’s laptop was found after he was buried. My wife and sister-in-law think his will may be on it. It’s a Lenovo 3000 N100 with a biometric fingerprint scanner running Windows Vista Home Premium edition.

    Any suggestions??

  37. backbone July 8, 2007 at 9:17 pm #

    watch myth busters hacking fingerprint scanners… the problem, you have to have your fathers fingerprint

  38. bulk_particle August 17, 2007 at 8:41 pm #

    take the hdd out of laptop, and plug it in any other PC, (with suitable adapter – e.g. from 2.5″ to 3.5″ hdd). this will you need i guess is in some document format ( .doc or .txt or .rtf ….) you should be able to find it with simple search. if the hdd contents are fingerprint secured, just make image of the hdd with Ghost 10, put it on any other drive and open it with image explorer, or you should be able to access it on other hdd anyway.

  39. running vlans within other vlans, the nested vlan scam July 17, 2008 at 11:49 am #

    I have a question: does the official Rainbow Cracker (at the website) also come with the script needed to actually automatically login with the generated words (which presumably isn’t going to be the same for every login screen or prompt), or does it just generate all possible character combos per any given set of characters?

    Cause obviously you are not going to sit there typing all of the combos in and then pressing Enter to see they work, one at a time.

    About the algorithm versions – in what way are all possible character set combos different, because the encryption system that generated them was different? If you can open something with a keystring / password, and you have the time (and the automated login script) and hw to so do, then it doesn’t matter =how= the password was generated anyway – all you are doing is using multiple instances of logins/passwords, one of which has to work. Of course it’s easier to do that if you know the character set used and the password length..

    So, the algorithm versions – they are reversed encryption formulae? ie – if you know the password was generated by whatever system of encryption, then you can apply as best as is possible an inverse of what generated the password. Or are they included because they generate specific-lengths of passwords of particular character sets? It’s just that I’d tend to see breaking encryptions as a whole different area that generating and bruting all possible combos (eg it’s more about reverse-engineering and probability), although yes as long as the encryption generates a password-type of key that’s used to decrypt with, then of course trying all combos will break that.

    Also, that really is only useful to decrypt something like a hard file (or data on it) offline – what I mean is, most things you have physical access to anyway would never need to be password cracked; it’s easier just to view the files some other way or change the password or reset it.
    Online / remote, it’d be useful but very difficult to get done, there’s a huge amount of ‘syn’ and ‘ack’ type of traffic going on with logins…….considering how many attempts it would take to run through the passwords before arriving at a combo that works, why not just use another method of sending data that will be accepted and that then lets you into the system, and you can make an account or change the existing passwords and so forth.

    It’d probably work best online after all, for getting into locked wireless networks.

  40. raxx February 20, 2009 at 5:36 am #

    It seems pretty interesting to read all this.I still have nt used any software of these kinds.. Bt i want to know one thing which one is the best to hack or recover my lost mail passwords as i have been forgotten my security questions.
    Thanxx

  41. katy February 22, 2009 at 7:46 pm #

    really nice

    thanks***

  42. Husneyyy February 22, 2009 at 8:04 pm #

    its really easy to find passwords. i forgot my id password. now i find it! thanks

  43. orronno February 22, 2009 at 8:47 pm #

    I want to agree to learn how to crack.How can i start this.please give me some instructions and help to learn cracking.

  44. 12yearoldHACKERBIOTCH February 27, 2009 at 5:07 am #

    Damn it all to hell….i needed something to find someone elses password, and none of those are for free. >_< hehe, anyway, thanks for filling me in on how to use this though ^^

Trackbacks/Pingbacks

  1. Solareon’s Blog » Rainbow Tables (password cracking) - February 27, 2006

    […] Darknet – Password Cracking with Rainbow Tables […]

  2. blog.charliezone.nl » Password Cracking met Rainbowcrack en Rainbow Tables - February 27, 2006

    […] read more | digg story […]

  3. AlbanyWiFi.com » Blog Archive » Password Cracking with Rainbowcrack and Rainbow Tables - February 27, 2006

    […] read more | digg story […]

  4. Laran Evans » Blog Archive » Password Cracking with Rainbowcrack and Rainbow Tables - February 27, 2006

    […] read more | digg story […]

  5. The Completely Evil Blog » Blog Archive » Password Cracking with Rainbowcrack - February 27, 2006

    […] This one is for all my former security auditing buddies. The link is for a freeware password cracking tool. The cracking tool has downloadable dictionaries (called rainbow tables), and is supposed to be much faster than a typical brute force attack. […]

  6. r00tware » Password Cracking with Rainbowcrack and Rainbow Tables - February 27, 2006

    […] read more | digg story […]

  7. MogBlog » Password cracking tools - February 28, 2006

    […] link […]

  8. Elamb - March 7, 2006

    Password Cracking with Rainbowcrack and Rainbow Tables…

    A good article clearly explaining how you can crack most passwords within a few minutes with the correct resources, includes ……

  9. Ophcrack 2.2 Password Cracker Released » - March 28, 2006

    […] We mentioned it in our RainbowCrack and Rainbow Tables article. […]

  10. 4MJ » Ophcrack recupera la password di Windows - March 29, 2006

    […] E’ stata rilasciata la versione 2.2. di Ophcrack, un programma che estrae le password di sistema di windows. Si basa su un algoritmo che mette in relazione memoria e tempo usando le tabelle rainbow. Si tratta di una variante dell’algoritmo di Hellman ma più efficiente. Recupera infatti, fino al 99% delle password nel giro di pochi secondi. […]

  11. Top 15 Security/Hacking Tools & Utilities » - April 17, 2006

    […] LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article. […]

  12. Human v6.66 » Blog Archive » Cleaning out my… bookmarks - April 17, 2006

    […] Prima imagine e bara de bookmark-uri din FireFox. Nimic interesant acolo, doar cateva link-uri pe care le folosesc foarte des. Devine interesant la lista, si ma voi grabi sa fac lista mai repede ca deja intarzii :). Password Cracking with Rainbowcrack and Rainbow Tables » […]

  13. Good Password Guidelines - How to Make a Strong/Secure Password » - April 19, 2006

    […] Even more so if you are utilising some decent Rainbow Tables and the RainbowCrack method (time/memory trade-off). […]

  14. Symantec Dumps L0phtcrack Password Cracker » - April 20, 2006

    […] Luckily there are some good alternatives, even a free alternative for L0phtcrack itself called LCP which we mentioned in our Rainbow Crack and Rainbow Tables article. […]

  15. Paul Goscicki » Blog Archive » Crack your Windows password - May 19, 2006

    […] Should work for 99% of the passwords. Alternatively, you may also read this guide. […]

  16. Ophcrack Live CD » 4MJ - January 8, 2007

    […] Ophcrack 2.3, il un programma gratuito in grado di estrarre le password di sistema di windows, è ora disponibile anche in versione Live CD: dopo aver scaricato l’immagine iso di 462Mb ed averla masterizzata, vi basterà inserire il cd-rom all’avvio del computer ed Ophcrack in automatico crackerà le password degli account di sistema. Ophcrack si basa su un algoritmo che mette in relazione memoria e tempo usando le tabelle rainbow. Si tratta di una variante dell’algoritmo di Hellman ma più efficiente. Recupera infatti, fino al 99% delle password nel giro di pochi secondi. […]

  17. HERRAMINETAS HACKING « MUNDO HACKING - September 27, 2008

    […] LCP fu

  18. Recupero password windows | hack & Tips - December 5, 2008

    […] sulla slax-linux) che si basa su un algoritmo che mette in relazione memoria e tempo usando le tabelle rainbow. Si tratta di una variante dell