RE: Rainbow Tables



http://rainbowtables.shmoo.com/


Tom Brennan, CISSP
Technology Risk Practice Manager
AccessIT Group Inc.
115 Route 46 West, Mt. Lakes, NJ 07046
Direct: 973-296-3862
Web: www.accessitgroup.com

-----Original Message-----
From: Tony Stark [mailto:stark192@xxxxxxxxxxx]
Sent: Thursday, February 09, 2006 1:47 PM
To: Brett.Simpson@xxxxxxx; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: Rainbow Tables

Hello Brett,

Fortunatly for this project we are only doing LM passwords, all on
Windows machines. Yeah, I'd hate to try this with salt, I could take a
long vacation while that ran..<g>

Thx for the info, I'll jump on the links and check them out.

Tony


From: "Simpson, Brett" <Brett.Simpson@xxxxxxx>
To: "Tony Stark" <stark192@xxxxxxxxxxx>, <pen-test@xxxxxxxxxxxxxxxxx>
Subject: RE: Rainbow Tables
Date: Thu, 9 Feb 2006 12:59:53 -0500

-----Original Message-----
From: Tony Stark [mailto:stark192@xxxxxxxxxxx]
Subject: Re: Rainbow Tables


Snip...

Reason for this...the idea is that if we take the current list of
passwords create a pre-computed hash table the next time we audit
we'd run LC5 (till I convense them otehrwise) and all but the
passwords that changed and new accounts would get knocked out right
away.

Does anyone have a hint as to how I should do this? Is there a way
to take the hashes and the cracked clear text and merge them into a
table?

http://www.antsight.com/zsl/rainbowcrack/

For non lan manager hashes this would require a tremendouse amount of
disk space (tera to peta bytes). Every password can have a large number

of salts (the exact number depends of the type of hash i.e. md5,
sha-1,etc).

So let's say you have a UNIX system using the older crypt then you
would have 4096 salts that are possible per password. So for every
clear text version of a password you would have to store 4096 different

salts. I have an English dictionary I use with JtR so 411,563 words..
Then I use rules mode and that number jumps to 15,773,164 (171MB). Now
times that by 4096 salts and you get 64,606,879,744 variations (700+
TB).

For Windows if your looking at the lanman hashes (not nt hashes) then
they only have one salt so it would be possible to generate a table on
common words and variations for only a couple hundred megabytes.

You should also read the teracrack article.

http://security.sdsc.edu/publications/teracrack.pdf

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------



This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this e-mail in error please notify the originator of the message. This also confirms that this
e-mail message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the
individual sender, except where the sender specifies and with authority, states them to be the views of AccessIT Group.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: Whitespace in passwords - now alt+xxx
    ... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... Did anyone ever get a rainbow table working on NTLM? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... wouldn't it be easier to create a diccionary with the passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: SV: Rainbow Tables
    ... Emne: Rainbow Tables ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)