I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used.
Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it.
The tool is available at the RainbowCrack site. A detailed description of this nifty tool can also be found here.
So, firstly I had to generate the rainbow tables. The command line syntax is:
rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index
where:
hash_algorithm
Rainbow table is hash algorithm specific. Rainbow table for a certain hash algorithm only helps to crack hashes of that type.
charset
The charset includes all possible characters for the plaintext. Loweralpha-numeric" stands for "abcdefghijklmnopqrstuvwxyz0123456789", which is defined in configuration file charset.txt.
plaintext_len_min and plaintext_len_max
These two parameters limit the plaintext length range of the rainbow table. In the example above, the plaintext length range is 1 to 4. So plaintexts like "a" and "1234" are likely contained in the rainbow table generated. But plaintext "12345" with length 8 will not be contained.
table_index
The table_index parameter selects the reduction function. Rainbow table with different table_index parameter uses different reduction function.
chain_len
This is the rainbow chain length. Longer rainbow chain stores more plaintexts and requires longer time to generate.
chain_num
Number of rainbow chains to generate. Rainbow table is simply an array of rainbow chains. Size of each rainbow chain is 16 bytes.
part_index
To store a large rainbow table in many smaller files, use different number in this parameter for each part and keep all other parameters identical.
For simplicity, I chose to create a rainbow table for MD5 hashes where the maximum length of the number of characters is set to 4.
You can also use tables that have already been generated and which can be found here.
After table generation, the next step is sorting which uses the tool rtsort.exe and the only argument needed when using it in this case was the name of the table we generated (MD5xx.rt).
I then also decided to use the hash for 0000 so I could get my results more quickly (since this is a simple demo) and so I used this site to do that.
I then loaded the GUI version of the Rainbowcrack (rtgui), loaded the hash for 0000, selected the Rainbow table I had created and hey presto! quick results.
A few points to note, there are 2 other GUI based applications that are in the same folder. These are to be used if and only if you're aware of the kind of GPU processor your device has and if not, just stick to the one without any suffix (rtgui.exe). If you get an error that a .cl program cannot load, just reload the rtgui.exe and try again after you have successfully generated and sorted your tables.
Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it.
The tool is available at the RainbowCrack site. A detailed description of this nifty tool can also be found here.
So, firstly I had to generate the rainbow tables. The command line syntax is:
rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index
where:
hash_algorithm
Rainbow table is hash algorithm specific. Rainbow table for a certain hash algorithm only helps to crack hashes of that type.
charset
The charset includes all possible characters for the plaintext. Loweralpha-numeric" stands for "abcdefghijklmnopqrstuvwxyz0123456789", which is defined in configuration file charset.txt.
plaintext_len_min and plaintext_len_max
These two parameters limit the plaintext length range of the rainbow table. In the example above, the plaintext length range is 1 to 4. So plaintexts like "a" and "1234" are likely contained in the rainbow table generated. But plaintext "12345" with length 8 will not be contained.
table_index
The table_index parameter selects the reduction function. Rainbow table with different table_index parameter uses different reduction function.
chain_len
This is the rainbow chain length. Longer rainbow chain stores more plaintexts and requires longer time to generate.
chain_num
Number of rainbow chains to generate. Rainbow table is simply an array of rainbow chains. Size of each rainbow chain is 16 bytes.
part_index
To store a large rainbow table in many smaller files, use different number in this parameter for each part and keep all other parameters identical.
For simplicity, I chose to create a rainbow table for MD5 hashes where the maximum length of the number of characters is set to 4.
You can also use tables that have already been generated and which can be found here.
After table generation, the next step is sorting which uses the tool rtsort.exe and the only argument needed when using it in this case was the name of the table we generated (MD5xx.rt).
I then also decided to use the hash for 0000 so I could get my results more quickly (since this is a simple demo) and so I used this site to do that.
I then loaded the GUI version of the Rainbowcrack (rtgui), loaded the hash for 0000, selected the Rainbow table I had created and hey presto! quick results.
A few points to note, there are 2 other GUI based applications that are in the same folder. These are to be used if and only if you're aware of the kind of GPU processor your device has and if not, just stick to the one without any suffix (rtgui.exe). If you get an error that a .cl program cannot load, just reload the rtgui.exe and try again after you have successfully generated and sorted your tables.
Comments
Post a Comment