What is Digg?42 Comments
- NJank, on 10/12/2007, -1/+4laments term:
ooohhh, woe is me... my password is lost!! *sob* - ShaolinTiger, on 10/12/2007, -0/+2KAMI_no_kodmo you need to RTFA aswell :D
http://rainbowtables.shmoo.com/ has the tables available for download via BitTorrent. - BritOverseas, on 10/12/2007, -0/+1Ahhh come on guys.
I would have thought there would be at least one (Nobody is messing with my Crack, not even my RainbowCrack) jibe in here, I am dissapointed... - ckpcw, on 10/12/2007, -0/+1I have had all 29 Gigs of the Alpha/Numeric/14 Symbols table on my comp for quite a while.
I actually customized the SLAX "Frodo" text-only LiveCD Linux for fully-automated windows password extraction: Turn off monitor, insert disc and USB key, wait 30 seconds, disc ejects and comp restarts, then go home and crack that stuff!
My tables have been able to crack everything I've thrown at it, ALWAYS in under 2 minutes - StellarBay, on 10/12/2007, -0/+1http://digg.com/security/Password_cracking_and_recovery
- 000jr000, on 10/12/2007, -0/+1you'd get a lot more worms, and faster, with a backhoe ;-)
- ShaolinTiger, on 10/12/2007, -0/+1Yeah listen to 000jr000 he knows his hoes..
- pcgeek101, on 10/12/2007, -0/+1"???"
LCP .. rtfa - cwcheang, on 10/12/2007, -0/+1i read http://www.shaolintiger.com as well. =)
cambodia..cool... - Recoilman, on 10/12/2007, -1/+1This may of course be known to some of you, but http://www.loginrecovery.com/index.html has been offering their free service (paid service for express turn-around) for quite some time.
- basselope, on 10/12/2007, -0/+0Basic table: 610MB
Table set 2: 3 GB
Table set 3 : 24 GB
Yes it's cool, but it's like like borrowing a Backhoe to dig for fishing worms. - Skeksis, on 10/12/2007, -0/+0wow, i wish i could understand how to use rainbow crack. that would be a good start.
- sxtxixtxcxh, on 10/12/2007, -0/+0see also: http://digg.com/security/Is_your_password_secure_
- data4ensicnerd, on 10/12/2007, -0/+0i have done extensive research on rainbow tables.. but it seems that this person knows the basics about them, which makes him dangerous...
ckpcw - i have a 120gb of tables.. care to share your tabels? - ShaolinTiger, on 10/12/2007, -0/+0cwcheang: Cool man :) It was an amazing trip, you should go if you haven't been.
drs.pissedoff: It really depends on the size of the keyspace, time memory trade-off gets a lot more efficient as the keyspace gets larger, if you are cracking your 10 year old sisters passwords using a standard dictionary, like that with Cain & Abel, you'll be fine, if it's tough you can even use hybrid (dictionary words + numeric chars)..But if it's a decent admins password from the SAM file or from the shadow file, it would take a long time with any normal pass cracker, L0pht would be the fastest, Cain after that probably with a decent Rainbow Table.. - inactive, on 10/12/2007, -0/+0Of course its old, its built off of principles of Martin Hellman's time-memory trade-off from 1980.
I'm guessing that a lot of folks responding here know very little about the Diffie-Hellman key exchange. The reality is that if you're running rainbow crack, cain and abel or most any other script built by another coder and do not fully understand the principles on which it operates or the original hash function operates then you can be considered a "script kiddy" as well. - anizzle, on 10/12/2007, -0/+0Can someone explain to me what this product does in laments term?!
- t3hX, on 10/12/2007, -0/+0However, it's not going to take a "few minutes" to download a rainbow table by any means - it's a few gigs of data!
- MonkeyFit, on 10/12/2007, -1/+1"Thankfully there is a freeware alternative to LC5 Freeware LC5 alternative!"
??? - Bhima, on 10/12/2007, -0/+0What I want to know is where is the AACS cracking with Rainbow tables?
- Mesach, on 10/12/2007, -0/+0anizzle... its LAYMANS terms
- merreborn, on 10/12/2007, -0/+0"I am not sure how many systems use salt, but would assume most modern systems do."
If only that were true. The open source CMS I use at work uses unsalted hashes :( I'll get around to writing a patch one of these days....
To everyone saying "Just crack it realtime!", you can crack a password in 30 seconds with a rainbow table that'd take weeks, months, or years to crack brute force.
What's more, when you use an app like cain, or whatever, all you're doing is generating a rainbow table in realtime (slowly) and then throwing it away when you're done! Every time you give it a new hash to crack, you're starting over from the very begining again, generating the EXACT SAME rainbow table.
That's why people maintain rainbow tables. Basically, you run cain, or whatever script kiddie tool you like, ONCE, for a couple weeks, or whatever, and save all the results. Then, doing lookups on your pre-generated data only takes a few seconds! - theundone, on 10/12/2007, -0/+0Ophcrack has worked really well for me (mentioned in article)
http://sourceforge.net/projects/ophcrack - matthamilton23, on 10/12/2007, -0/+0This is cool i have to try this out
- mezz, on 10/12/2007, -0/+0This is rediculously old... haven't any of you script kiddies used cain and abel? It supports rainbow tables...
- OBKenobi, on 10/12/2007, -0/+0Sounds like a ripoff.
- ardellin, on 10/12/2007, -0/+0"Be warned though, Rainbow tables can be defeated by salted hashes"
I am not sure how many systems use salt, but would assume most modern systems do. - tuxidomasx, on 10/12/2007, -0/+0salts can only moderately defeat rainbow tables. look at the basic crypt function (for *nix). Using the basic DES (2 chracters used as the salt) the hash can be permutated in 4096 different ways. Single DES has a 56 bit keyspace, and the way crypt determines the hash means that only the first EIGHT characters are used to compute the hash. so any password with a length greater than 8 can be cracked just as easily as its 8 character substringed counterpart.
so, a rainbow table containing all 8 possible character combinations is the first step. then u just need 4095 additional tables w/ the same hashes computer using all the possible different salts, etc. and u can crack any basic DES crypt scheme.
The bottom line here-- space is the main restriction as far as salts ability to defeat a rainbow table is concerend. w/ space becomming cheaper and more available, i wouldnt expect salting to stay too far ahead (aside from the fact that adding one extra character increases the space needed exponentially). - iforget1919, on 10/12/2007, -0/+0LCP cracked one of my passwords in 10 seconds. NICE!
- nicho1ab, on 10/12/2007, -0/+0Cool article. The only problem I've had is actually creating all the tables b/c I don't know much about distributed computing. Then I found this cool site that sells Rainbow Tables. I've used the LM tables a ton and I have been able to find every password I've tried to find. They also have NTLM and MD5 tables. http://passwordsecuritycenter.com.
- Suicidman, on 10/12/2007, -0/+0ophcrack http://ophcrack.sf.net (freeware)
Pwdump 2 (freeware, HASH-Tool) www.pcwelt.de/cfb
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php - tonyd22, on 10/12/2007, -0/+0Ophcrack (http://ophcrack.sourceforge.net/) starting from version 2.3 also support NTLM Rainbow Tables and can crack NTHASH up to 8 characters with a table that fits on one DVD.
- drs.pissedoff, on 10/12/2007, -1/+0Who the fuc would DL 41GB of an MD5 cracker? Try this one, always works for me and if your pc isnt ***** it doesnt take long to crack an MD5 with this...
http://www.oxid.it/cain.html - Jeeg, on 10/12/2007, -1/+0Very, Very old news, i tried this method 4 years ago, I tried to generate some rainbow tables but it was a nonsense (extremelly large files) if you wanted to crack a 10 or more characters password, and that was without special characters.
- boza111, on 10/12/2007, -1/+01 thing that blueray can be useful for :)
- chachi_arcola, on 10/12/2007, -3/+1goony goo hoo
- inactive, on 10/12/2007, -2/+0Hmm..
Script kiddies!
Listen just boot up an msdos floppy and get the password file copied and load up a program like cain and able and crack it. Simple.
Even more simple is that LCP program. You dont need to boot up. Just click import > local computer > Hybrid Attack. Done.
For more advanced passwords use the rainboowcrack and tables. But those tables take up a lot of space. So I recommend using the above way.
Of course this is a script kiddy way and just to get your password back. This isn't "hacking". - KAMI_no_kodomo, on 10/12/2007, -2/+0Where am i suposed to download the databases?
I think it will take to putch time for my AMD 1200 to calculate them. And at school I can download from http sources at up to 50 mbps... - Starfire42, on 10/12/2007, -3/+1Old news, no digg...
- id34, on 10/12/2007, -3/+0Very useful if I ever *forget* my password!
-----------------------------
http://www.id34.com - Snarfalunch, on 10/12/2007, -3/+0If I have the password hash, I don't need the password because
A) I've already compromised the machine at a SYSTEM level
B) I don't need to "crack the password." I only need pass the hash to the authentication package.
Rainbow cracking is supremely lame. - inactive, on 10/12/2007, -5/+0Pretty cool. It's time for an alternative to the traditional password keys anyway.
http://www.gfx.com
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is