1 / 16

Somewhere Over the Rainbow Tables

Somewhere Over the Rainbow Tables. Bob Weiss Password Crackers, Inc. Robert Weiss (pwcrack). Owner, Password Crackers, Inc. Defcon Speaker Goon We don’t learn to hack – we hack to learn. Hit me on LinkedIn Twitter: @pwcrack. History.

craigholmes
Download Presentation

Somewhere Over the Rainbow Tables

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc.

  2. Robert Weiss (pwcrack) • Owner, Password Crackers, Inc. • Defcon Speaker Goon • We don’t learn to hack – we hack to learn. • Hit me on LinkedIn • Twitter: @pwcrack

  3. History • Rainbow Tables are a refinement of an earlier, simpler algorithm by Martin Hellman (as in Diffie-Hellman) proposed in 1980. • The Hellman algorithm was then improved by Ronald Rivest (the R in RSA) in 1982. • Phillippe Oechslin then proposed a faster improvement in 2003.

  4. Conventional Alternatives • Password hashes can be brute-forced using tools such as Jack the Ripper, Hashcat, Cain and Abel, etc. These can be accelerated, but this can still take a very long time. • A conventional table of all passwords and hashes could be built. But even for LM would take up about 3 Terabytes (without optimization or compression.) • So conventional alternatives, not very exciting.

  5. What is a Rainbow Table? • A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length and from a specified character set. It is a form of time-memory tradeoff, using less CPU at the cost of more storage.

  6. How do Rainbow Tables Work?

  7. How do Rainbow Tables Work – Part 2?

  8. What are the current practical capabilities of Rainbow Tables • Any LM hash can be easily recovered. • NTLM, MD5 or SHA1 lower than 7 characters (mixedalpha-numeric-all-space) done. • Longer NTLM, MD5 or SHA1 with reduced character sets are done. • New tables continue to be built using distributed systems daily.

  9. You can use Rainbow Tables for anything, though. • Office 2003 – Elcomsoft Thundertables or Ophcrack_office • Unix Crypt() • MySQL • CiscoPIX

  10. Using Rainbow Tables • You can download your own Rainbow Tables (.rt) and then use a variety of software to test your hash list. • Tables can vary in size (anywhere from a couple of meg to a couple hundred gb.) • Rainbow Crack, Ophcrack and Cain and Abel all use .rt files.

  11. Defeating Rainbow Tables • Rainbow Tables by definition require pre-computing and can be defeated by adding unique salts to hashes that would increase the size or complexity of the table beyond what is practical.

  12. WPA • Renderman’s WPA tables are not really “Rainbow Tables.” They are pre-computed look-up tables. Still cool, but someone will probably make a more efficient Rainbow Table out of this data some day. • Used by coWPAtty for faster lookups on common SSIDs. • 33 gb Torrent available at Shmoo site. • Some individual .torrents for 165 SSIDs available at http://www.offensive-security.com/wpa-tables/, but not well seeded and duplicative of the larger Torrent. However, more efficient if you only need specific SSIDs.

  13. Why download if there is a online service? • FreeRainbowTables.com • OnlineHashCrack.com • passcracking.com • md5online.net • crack-online.com • hash-cracker.com

  14. Creating Rainbow Tables. • rtgen • rtsort • winrtgen • Supports: LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes. • GPU Accelerated Rainbow Tables Generator at cryptohaze.com

  15. .rt naming convention • md5_loweralpha-numeric#1-7_0_3800x33554432_0.rt • rcrack needs file parameters in filename so don’t rename. • hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index

  16. Common Downloadable RTs • Shmoo • http://rainbowtables.shmoo.com/ • Hak5 (1 of 2 is active) • http://www.hak5.org/w/index.php/Community_Rainbow_Tables • FreeRainbowTables.com • http://www.freerainbowtables.com/en/tables/ • WPA from Offensive Security (& Shmoo) • CiscoPIX and MySQL torrents exist but do not appear to be active. • GARR Mirror • http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables

More Related