RainbowCrack & How To Use Rainbow Crack With Rainbow Tables

This article is about RainbowCrack & How to use Rainbow Crack with Rainbow Tables, this includes how to generate rainbow tables, where to download them and what tools to use.

RainbowCrack & How To Use Rainbow Crack?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

RainbowCrack & How To Use Rainbow Crack With Rainbow Tables

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

So what is RainbowCrack?

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker tries all possible plaintexts one by one in cracking time. It is time-consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically, these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

What are Rainbow Tables?

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large, although Rainbow Table attacks are very effective.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I download Rainbow Tables?

There are various locations you can download Rainbow Tablse, for example you can find a fairly comprehensive set of free Rainbow Tables at Project RainbowCrack including paid tables optimized for various things (LM, NTLM, MD5, SHA1 etc).

List of Rainbow Tables

You can generate them yourself with RainbowCrack, this will take a long time and a lot of disk space.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.


Where can I get a Rainbow Table Generator?

The tool to generate Rainbow Tables actually comes along with the RainbowCrack download, the tool is rtgen (for Windows rtgen.exe) .

Rainbow Table Generator - rtgen

What other software can I use for a Rainbow Table attack?

There is, of course, the original RainbowCrack as mentioned above.

Then there is:

Ophcrack Rainbow Table Password Cracker

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

LCP Download – L0phtcrack LC5 Password Cracking Alternative

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

This is basically a free version of l0phtcrack which ended up turning into commercial software.

Posted in: Password Cracking Tools

, , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

39 Responses to RainbowCrack & How To Use Rainbow Crack With Rainbow Tables

  1. Jimmy February 27, 2006 at 10:41 am #

    Top quality article!

  2. pegr February 27, 2006 at 1:42 pm #

    For a good commercial L0phtCrack alternative (good speed, support for Rainbow tables, no copy protection nonsense), find SamInside. It’s about $30 and every bit as good as LC (I’ve used both).

  3. Darknet February 27, 2006 at 1:58 pm #

    Jimmy: Thanks

    pegr: Yeah I remember that when it was in BETA, it was EXTREMELY fast when it first came out, I kind of forgot about it after that. Will check it out soon, I’m pretty sure I’ve still got it around here somewhere.

  4. Jimmy Tong February 27, 2006 at 3:01 pm #

    I was wondering does this crack e-mail password too o_O, it seems dangerous

  5. Darknet February 27, 2006 at 3:09 pm #

    Jimmy Tong: It depends how you have the password, this method is used for cracking ‘Hashed’ passwords in a short time, rather than brute forcing them for weeks. You need to use different techniques for e-mail passwords. In the case of e-mail passwords you are brute forcing the actual authentication mechanism, not the hash. You need to look at something like THC-Hydra. I’ll talk about that at another date :D

  6. BrownShoe February 27, 2006 at 6:07 pm #


  7. WAlter February 27, 2006 at 6:39 pm #


  8. UndrWing February 27, 2006 at 9:04 pm #

    are you serious^^

  9. len February 27, 2006 at 9:35 pm #

    one stupid guy tried to download this stuff at his work
    but as the dictionaries are so big he directly skyrocketed into the stratosphere of downloaders and had to explain himself why he needed this stuff at the workplace, which he couldn’t

    don’t say I didn’t warn you, at the workplace they can see everything

  10. Bill March 1, 2006 at 11:00 am #

    All I want is to access my wife’s email account which she keeps at work. I know the address but not the password. Which program will help me find this.

  11. TRANSEND March 1, 2006 at 10:42 pm #

    this is the biggest thing since distributed.net!!!!!!!!

    how about
    “distributed rainbow table” servers

    {{{{{support hacktivismo}}}}}

  12. Jaybone March 2, 2006 at 6:01 pm #

    This shit seems legit-but the question I have for you is can you do a hack for minutes on a cell phone? I haven’t been able to do this-but I have made headlines around the world-lol-hehehe-jot back-Jaybone

  13. Hus March 24, 2006 at 2:35 pm #

    Good article.


  14. help me April 17, 2006 at 7:13 pm #

    http://rainbowtables.shmoo.com/ dead :(

  15. sam May 1, 2006 at 1:00 pm #

    saome one is regularly hacking my password so nw this time i want to the same with so plz help mme out as soon as possible?

  16. Darknet May 8, 2006 at 4:13 am #

    Spudster: Thanks I’ll check that out. Progress is looking good, glad to see them on torrents, do they have many seeds?

  17. Spudster May 8, 2006 at 6:36 pm #

    Currently there are 7 seeders, 3 of them are very high bandwidth and should be on for a while. Our SHA1 project is about 50% complete.

    Thanks – Spudster

  18. Roflcopter July 8, 2006 at 5:09 am #

    Say I knew someone’s account name for WoW…but I didn’t know their password..and they had around 5.2k gold that I’d like to get my hands on..theoretically…which program would I go about downloading to get in? :)

  19. prabhu July 13, 2006 at 1:08 pm #

    These is very wast .
    No free download software are here.

  20. ayush August 14, 2006 at 6:09 am #

    rainbowtable sucks!

  21. Daniel December 28, 2006 at 5:18 am #


    Do you know if it’s posibel to crack the password of a rar file using a program and a sha-1 rainbowtable. Do you know of any programs that does this.
    All I’ve found so far have been std passwordcracking software wich uses std bruteforce and dictionary attacks (they take years to complete).

  22. Sean W. January 21, 2007 at 6:55 pm #

    i suggest you crack the password with the hint i have for you to crack. email me back for the password hint

  23. Jonh February 19, 2007 at 1:51 pm #

    I need to find out two passwords for hotmail and gmail acounts of my wife. Can anybody help?


  24. Sypherknife June 4, 2007 at 6:07 am #

    I’ve been looking for some good sources for rainbow tables for a while now, thanks for the links.

  25. Konpaku June 4, 2007 at 8:04 am #

    Didn’t the Schmoo group have a todo with rainbow tables?

  26. Daniel June 4, 2007 at 8:45 am #


    yes they tried to generate the tables originally but got beaten to it

  27. skan June 22, 2007 at 6:01 pm #


    Where can I get free RC4 rainbow tables?
    I need them to crack a pdf password.


  28. Dee June 27, 2007 at 6:55 pm #


    I have the problem that because i had to change my passwords many times recently i forgot the last version of it and now i cannot login…
    Stupid me didnt make any reminder question coz the first pass was relatively simple to memorize. Can I use this crack program to get access to my email again? (it is an important email of mine)
    The new password was a variation of the old one, so i know some parts of the password, does that make it easier?
    Does language matter?

    Thanks in advance,

  29. Cosmin July 4, 2007 at 8:18 am #

    Anyone knows how can I crack an winace 2.x archive (160bit Blowfish encryption)? I remember some digits from password so I need an brute-force with template software.


  30. skan July 4, 2007 at 11:05 am #

    there are some programs such as Advanced archive password recovery and some other

  31. RollinZombie July 8, 2007 at 7:16 pm #

    Ok, here’s one for ya. My recently deceased father-in-law’s laptop was found after he was buried. My wife and sister-in-law think his will may be on it. It’s a Lenovo 3000 N100 with a biometric fingerprint scanner running Windows Vista Home Premium edition.

    Any suggestions??

  32. backbone July 8, 2007 at 9:17 pm #

    watch myth busters hacking fingerprint scanners… the problem, you have to have your fathers fingerprint

  33. bulk_particle August 17, 2007 at 8:41 pm #

    take the hdd out of laptop, and plug it in any other PC, (with suitable adapter – e.g. from 2.5″ to 3.5″ hdd). this will you need i guess is in some document format ( .doc or .txt or .rtf ….) you should be able to find it with simple search. if the hdd contents are fingerprint secured, just make image of the hdd with Ghost 10, put it on any other drive and open it with image explorer, or you should be able to access it on other hdd anyway.

  34. running vlans within other vlans, the nested vlan scam July 17, 2008 at 11:49 am #

    I have a question: does the official Rainbow Cracker (at the website) also come with the script needed to actually automatically login with the generated words (which presumably isn’t going to be the same for every login screen or prompt), or does it just generate all possible character combos per any given set of characters?

    Cause obviously you are not going to sit there typing all of the combos in and then pressing Enter to see they work, one at a time.

    About the algorithm versions – in what way are all possible character set combos different, because the encryption system that generated them was different? If you can open something with a keystring / password, and you have the time (and the automated login script) and hw to so do, then it doesn’t matter =how= the password was generated anyway – all you are doing is using multiple instances of logins/passwords, one of which has to work. Of course it’s easier to do that if you know the character set used and the password length..

    So, the algorithm versions – they are reversed encryption formulae? ie – if you know the password was generated by whatever system of encryption, then you can apply as best as is possible an inverse of what generated the password. Or are they included because they generate specific-lengths of passwords of particular character sets? It’s just that I’d tend to see breaking encryptions as a whole different area that generating and bruting all possible combos (eg it’s more about reverse-engineering and probability), although yes as long as the encryption generates a password-type of key that’s used to decrypt with, then of course trying all combos will break that.

    Also, that really is only useful to decrypt something like a hard file (or data on it) offline – what I mean is, most things you have physical access to anyway would never need to be password cracked; it’s easier just to view the files some other way or change the password or reset it.
    Online / remote, it’d be useful but very difficult to get done, there’s a huge amount of ‘syn’ and ‘ack’ type of traffic going on with logins…….considering how many attempts it would take to run through the passwords before arriving at a combo that works, why not just use another method of sending data that will be accepted and that then lets you into the system, and you can make an account or change the existing passwords and so forth.

    It’d probably work best online after all, for getting into locked wireless networks.

  35. raxx February 20, 2009 at 5:36 am #

    It seems pretty interesting to read all this.I still have nt used any software of these kinds.. Bt i want to know one thing which one is the best to hack or recover my lost mail passwords as i have been forgotten my security questions.

  36. katy February 22, 2009 at 7:46 pm #

    really nice


  37. Husneyyy February 22, 2009 at 8:04 pm #

    its really easy to find passwords. i forgot my id password. now i find it! thanks

  38. orronno February 22, 2009 at 8:47 pm #

    I want to agree to learn how to crack.How can i start this.please give me some instructions and help to learn cracking.

  39. 12yearoldHACKERBIOTCH February 27, 2009 at 5:07 am #

    Damn it all to hell….i needed something to find someone elses password, and none of those are for free. >_< hehe, anyway, thanks for filling me in on how to use this though ^^