RE: Rainbow Tables

Another piece of software is
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/. They use more
memory to speed up the cracking time and they have downloadable
(alpha-numeric only) table sets.

-----Original Message-----
From: Tony Stark [mailto:stark192@xxxxxxxxxxx]
Sent: Thursday, February 09, 2006 1:47 PM
To: Simpson, Brett; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Rainbow Tables

Hello Brett,

Fortunatly for this project we are only doing LM passwords,
all on Windows machines. Yeah, I'd hate to try this with
salt, I could take a long vacation while that ran..<g>

Thx for the info, I'll jump on the links and check them out.

Tony


From: "Simpson, Brett" <Brett.Simpson@xxxxxxx>
To: "Tony Stark" <stark192@xxxxxxxxxxx>, <pen-test@xxxxxxxxxxxxxxxxx>
Subject: RE: Rainbow Tables
Date: Thu, 9 Feb 2006 12:59:53 -0500

-----Original Message-----
From: Tony Stark [mailto:stark192@xxxxxxxxxxx]
Subject: Re: Rainbow Tables


Snip...

Reason for this...the idea is that if we take the current list of
passwords create a pre-computed hash table the next time we audit
we'd run LC5 (till I convense them otehrwise) and all but the
passwords that changed and new accounts would get knocked
out right
away.

Does anyone have a hint as to how I should do this? Is
there a way
to take the hashes and the cracked clear text and merge
them into a
table?

http://www.antsight.com/zsl/rainbowcrack/

For non lan manager hashes this would require a tremendouse
amount of
disk space (tera to peta bytes). Every password can have a
large number
of salts (the exact number depends of the type of hash i.e. md5,
sha-1,etc).

So let's say you have a UNIX system using the older crypt then you
would have 4096 salts that are possible per password. So for every
clear text version of a password you would have to store
4096 different
salts. I have an English dictionary I use with JtR so
411,563 words..
Then I use rules mode and that number jumps to 15,773,164
(171MB). Now
times that by 4096 salts and you get 64,606,879,744
variations (700+ TB).

For Windows if your looking at the lanman hashes (not nt
hashes) then
they only have one salt so it would be possible to generate
a table on
common words and variations for only a couple hundred megabytes.

You should also read the teracrack article.

http://security.sdsc.edu/publications/teracrack.pdf

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking
applications on your website. Up to 75% of cyber attacks are
launched on shopping carts, forms, login pages, dynamic
content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting
and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • RE: Whitespace in passwords - now alt+xxx
    ... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... Did anyone ever get a rainbow table working on NTLM? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... wouldn't it be easier to create a diccionary with the passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: SV: Rainbow Tables
    ... Emne: Rainbow Tables ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)