27 February 2006 | 429,351 views

Password Cracking with Rainbowcrack and Rainbow Tables

Cybertroopers storming your ship?

What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.


If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:


Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.


Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources


Digg This Post


Recent in General Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping
- U.S. State Department Hacked

Related Posts:
- Wophcrack – Web Based Interface For Ophcrack Password Cracking Tool
- Ophcrack 3.3.1 & LiveCD – Free Rainbow Table Password Cracking Tool
- Ophcrack 2.2 Password Cracker Released

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,164,320 views
- Hack Tools/Exploits - 615,125 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 429,351 views

Low-cost VPS Hosting

62 Responses to “Password Cracking with Rainbowcrack and Rainbow Tables”

  1. Jimmy 27 February 2006 at 10:41 am Permalink

    Top quality article!

  2. pegr 27 February 2006 at 1:42 pm Permalink

    For a good commercial L0phtCrack alternative (good speed, support for Rainbow tables, no copy protection nonsense), find SamInside. It’s about $30 and every bit as good as LC (I’ve used both).

  3. Darknet 27 February 2006 at 1:58 pm Permalink

    Jimmy: Thanks

    pegr: Yeah I remember that when it was in BETA, it was EXTREMELY fast when it first came out, I kind of forgot about it after that. Will check it out soon, I’m pretty sure I’ve still got it around here somewhere.

  4. Jimmy Tong 27 February 2006 at 3:01 pm Permalink

    I was wondering does this crack e-mail password too o_O, it seems dangerous

  5. Darknet 27 February 2006 at 3:09 pm Permalink

    Jimmy Tong: It depends how you have the password, this method is used for cracking ‘Hashed’ passwords in a short time, rather than brute forcing them for weeks. You need to use different techniques for e-mail passwords. In the case of e-mail passwords you are brute forcing the actual authentication mechanism, not the hash. You need to look at something like THC-Hydra. I’ll talk about that at another date :D

  6. [Geeks Are Sexy] Tech. News 27 February 2006 at 5:20 pm Permalink

    Yeah, Cain&Abel is an AWESOME tool.. I’ve used it alot for a couple of security audits i’ve done in the last few years, and I was never disapointed by it..

    “newly added support for Rainbow Tables”

    it’S been supporting it for the past year 1/2 I think.. so it’s now a “new” feature :)

    I’ve written a little tutorial about how you can brute-force you way in a network using Cain&Abel if anyone is interested, it’S located right here:

    Auditing your users passwords for complexity : convincing management to adopt a strong password policy



  7. BrownShoe 27 February 2006 at 6:07 pm Permalink


  8. WAlter 27 February 2006 at 6:39 pm Permalink


  9. UndrWing 27 February 2006 at 9:04 pm Permalink

    are you serious^^

  10. len 27 February 2006 at 9:35 pm Permalink

    one stupid guy tried to download this stuff at his work
    but as the dictionaries are so big he directly skyrocketed into the stratosphere of downloaders and had to explain himself why he needed this stuff at the workplace, which he couldn’t

    don’t say I didn’t warn you, at the workplace they can see everything

  11. Bill 1 March 2006 at 11:00 am Permalink

    All I want is to access my wife’s email account which she keeps at work. I know the address but not the password. Which program will help me find this.

  12. TRANSEND 1 March 2006 at 10:42 pm Permalink

    this is the biggest thing since distributed.net!!!!!!!!

    how about
    “distributed rainbow table” servers

    {{{{{support hacktivismo}}}}}

  13. Jaybone 2 March 2006 at 6:01 pm Permalink

    This shit seems legit-but the question I have for you is can you do a hack for minutes on a cell phone? I haven’t been able to do this-but I have made headlines around the world-lol-hehehe-jot back-Jaybone

  14. Siddharth 6 March 2006 at 9:27 am Permalink

    If you mean GSM interception then see this….


    If you mean GPRS session captures then u will need to get inside the Provider network and hack their MMS gateways/Internet gateways which is errr.. slightly difficult.

  15. Hus 24 March 2006 at 2:35 pm Permalink

    Good article.


  16. help me 17 April 2006 at 7:13 pm Permalink

    http://rainbowtables.shmoo.com/ dead :(

  17. sam 1 May 2006 at 1:00 pm Permalink

    saome one is regularly hacking my password so nw this time i want to the same with so plz help mme out as soon as possible?

  18. Spudster 8 May 2006 at 1:04 am Permalink

    Another site for free Rainbowtables is http://www.hashbreaker.com

  19. Darknet 8 May 2006 at 4:13 am Permalink

    Spudster: Thanks I’ll check that out. Progress is looking good, glad to see them on torrents, do they have many seeds?

  20. Spudster 8 May 2006 at 6:36 pm Permalink

    Currently there are 7 seeders, 3 of them are very high bandwidth and should be on for a while. Our SHA1 project is about 50% complete.

    Thanks – Spudster

  21. elaxender 7 July 2006 at 3:06 pm Permalink


    I want Stock footages. I saw some website about Stack footage. I want crack those avi on ther websites.
    some web this: http://www.alunablue.com
    And Most VIP : http://www.rocketclips.com
    I want every video footage on those web.
    Pls Help me about downloading thoes avi
    I Hope u Must Help me .Thanks

  22. Roflcopter 8 July 2006 at 5:09 am Permalink

    Say I knew someone’s account name for WoW…but I didn’t know their password..and they had around 5.2k gold that I’d like to get my hands on..theoretically…which program would I go about downloading to get in? :)

  23. prabhu 13 July 2006 at 1:08 pm Permalink

    These is very wast .
    No free download software are here.

  24. ayush 14 August 2006 at 6:09 am Permalink

    rainbowtable sucks!

  25. Daniel 28 December 2006 at 5:18 am Permalink


    Do you know if it’s posibel to crack the password of a rar file using a program and a sha-1 rainbowtable. Do you know of any programs that does this.
    All I’ve found so far have been std passwordcracking software wich uses std bruteforce and dictionary attacks (they take years to complete).

  26. Sean W. 21 January 2007 at 6:55 pm Permalink

    i suggest you crack the password with the hint i have for you to crack. email me back for the password hint

  27. Jonh 19 February 2007 at 1:51 pm Permalink

    I need to find out two passwords for hotmail and gmail acounts of my wife. Can anybody help?


  28. Fredric Renold 8 March 2007 at 12:06 am Permalink

    have a look at http://www.md5hashes.com – there seems to be a pretty large md5 hash database there with about a billion hashes

  29. Sypherknife 4 June 2007 at 6:07 am Permalink

    I’ve been looking for some good sources for rainbow tables for a while now, thanks for the links.

  30. Konpaku 4 June 2007 at 8:04 am Permalink

    Didn’t the Schmoo group have a todo with rainbow tables?

  31. Daniel 4 June 2007 at 8:45 am Permalink


    yes they tried to generate the tables originally but got beaten to it

  32. skan 22 June 2007 at 6:01 pm Permalink


    Where can I get free RC4 rainbow tables?
    I need them to crack a pdf password.


  33. Dee 27 June 2007 at 6:55 pm Permalink


    I have the problem that because i had to change my passwords many times recently i forgot the last version of it and now i cannot login…
    Stupid me didnt make any reminder question coz the first pass was relatively simple to memorize. Can I use this crack program to get access to my email again? (it is an important email of mine)
    The new password was a variation of the old one, so i know some parts of the password, does that make it easier?
    Does language matter?

    Thanks in advance,

  34. Cosmin 4 July 2007 at 8:18 am Permalink

    Anyone knows how can I crack an winace 2.x archive (160bit Blowfish encryption)? I remember some digits from password so I need an brute-force with template software.


  35. skan 4 July 2007 at 11:05 am Permalink

    there are some programs such as Advanced archive password recovery and some other

  36. RollinZombie 8 July 2007 at 7:16 pm Permalink

    Ok, here’s one for ya. My recently deceased father-in-law’s laptop was found after he was buried. My wife and sister-in-law think his will may be on it. It’s a Lenovo 3000 N100 with a biometric fingerprint scanner running Windows Vista Home Premium edition.

    Any suggestions??

  37. backbone 8 July 2007 at 9:17 pm Permalink

    watch myth busters hacking fingerprint scanners… the problem, you have to have your fathers fingerprint

  38. bulk_particle 17 August 2007 at 8:41 pm Permalink

    take the hdd out of laptop, and plug it in any other PC, (with suitable adapter – e.g. from 2.5″ to 3.5″ hdd). this will you need i guess is in some document format ( .doc or .txt or .rtf ….) you should be able to find it with simple search. if the hdd contents are fingerprint secured, just make image of the hdd with Ghost 10, put it on any other drive and open it with image explorer, or you should be able to access it on other hdd anyway.

  39. running vlans within other vlans, the nested vlan scam 17 July 2008 at 11:49 am Permalink

    I have a question: does the official Rainbow Cracker (at the website) also come with the script needed to actually automatically login with the generated words (which presumably isn’t going to be the same for every login screen or prompt), or does it just generate all possible character combos per any given set of characters?

    Cause obviously you are not going to sit there typing all of the combos in and then pressing Enter to see they work, one at a time.

    About the algorithm versions – in what way are all possible character set combos different, because the encryption system that generated them was different? If you can open something with a keystring / password, and you have the time (and the automated login script) and hw to so do, then it doesn’t matter =how= the password was generated anyway – all you are doing is using multiple instances of logins/passwords, one of which has to work. Of course it’s easier to do that if you know the character set used and the password length..

    So, the algorithm versions – they are reversed encryption formulae? ie – if you know the password was generated by whatever system of encryption, then you can apply as best as is possible an inverse of what generated the password. Or are they included because they generate specific-lengths of passwords of particular character sets? It’s just that I’d tend to see breaking encryptions as a whole different area that generating and bruting all possible combos (eg it’s more about reverse-engineering and probability), although yes as long as the encryption generates a password-type of key that’s used to decrypt with, then of course trying all combos will break that.

    Also, that really is only useful to decrypt something like a hard file (or data on it) offline – what I mean is, most things you have physical access to anyway would never need to be password cracked; it’s easier just to view the files some other way or change the password or reset it.
    Online / remote, it’d be useful but very difficult to get done, there’s a huge amount of ‘syn’ and ‘ack’ type of traffic going on with logins…….considering how many attempts it would take to run through the passwords before arriving at a combo that works, why not just use another method of sending data that will be accepted and that then lets you into the system, and you can make an account or change the existing passwords and so forth.

    It’d probably work best online after all, for getting into locked wireless networks.

  40. raxx 20 February 2009 at 5:36 am Permalink

    It seems pretty interesting to read all this.I still have nt used any software of these kinds.. Bt i want to know one thing which one is the best to hack or recover my lost mail passwords as i have been forgotten my security questions.

  41. katy 22 February 2009 at 7:46 pm Permalink

    really nice


  42. Husneyyy 22 February 2009 at 8:04 pm Permalink

    its really easy to find passwords. i forgot my id password. now i find it! thanks

  43. orronno 22 February 2009 at 8:47 pm Permalink

    I want to agree to learn how to crack.How can i start this.please give me some instructions and help to learn cracking.

  44. 12yearoldHACKERBIOTCH 27 February 2009 at 5:07 am Permalink

    Damn it all to hell….i needed something to find someone elses password, and none of those are for free. >_< hehe, anyway, thanks for filling me in on how to use this though ^^