Presentation is loading. Please wait.

Presentation is loading. Please wait.

Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc.

Similar presentations


Presentation on theme: "Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc."— Presentation transcript:

1 Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc.

2 Robert Weiss (pwcrack) Owner, Password Crackers, Inc. Defcon Speaker Goon We don’t learn to hack – we hack to learn. Hit me on LinkedIn Twitter: @pwcrack

3 History Rainbow Tables are a refinement of an earlier, simpler algorithm by Martin Hellman (as in Diffie-Hellman) proposed in 1980. The Hellman algorithm was then improved by Ronald Rivest (the R in RSA) in 1982. Phillippe Oechslin then proposed a faster improvement in 2003.

4 Conventional Alternatives Password hashes can be brute-forced using tools such as Jack the Ripper, Hashcat, Cain and Abel, etc. These can be accelerated, but this can still take a very long time. A conventional table of all passwords and hashes could be built. But even for LM would take up about 3 Terabytes (without optimization or compression.) So conventional alternatives, not very exciting.

5 What is a Rainbow Table? A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length and from a specified character set. It is a form of time-memory tradeoff, using less CPU at the cost of more storage.

6 How do Rainbow Tables Work?

7 How do Rainbow Tables Work – Part 2?

8 What are the current practical capabilities of Rainbow Tables Any LM hash can be easily recovered. NTLM, MD5 or SHA1 lower than 7 characters (mixedalpha-numeric-all- space) done. Longer NTLM, MD5 or SHA1 with reduced character sets are done. New tables continue to be built using distributed systems daily.

9 You can use Rainbow Tables for anything, though. Office 2003 – Elcomsoft Thundertables or Ophcrack_office Unix Crypt() MySQL CiscoPIX

10 Using Rainbow Tables You can download your own Rainbow Tables (.rt) and then use a variety of software to test your hash list. Tables can vary in size (anywhere from a couple of meg to a couple hundred gb.) Rainbow Crack, Ophcrack and Cain and Abel all use.rt files.

11 Defeating Rainbow Tables Rainbow Tables by definition require pre-computing and can be defeated by adding unique salts to hashes that would increase the size or complexity of the table beyond what is practical.

12 WPA Renderman’s WPA tables are not really “Rainbow Tables.” They are pre-computed look- up tables. Still cool, but someone will probably make a more efficient Rainbow Table out of this data some day. Used by coWPAtty for faster lookups on common SSIDs. 33 gb Torrent available at Shmoo site. Some individual.torrents for 165 SSIDs available at http://www.offensive-security.com/wpa-tables/, but not well seeded and duplicative of the larger Torrent. However, more efficient if you only need specific SSIDs.

13 Why download if there is a online service? FreeRainbowTables.com OnlineHashCrack.com passcracking.com md5online.net crack-online.com hash-cracker.com

14 Creating Rainbow Tables. rtgen rtsort winrtgen Supports: LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes. GPU Accelerated Rainbow Tables Generator at cryptohaze.com

15 .rt naming convention md5_loweralpha-numeric#1- 7_0_3800x33554432_0.rt rcrack needs file parameters in filename so don’t rename. hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index

16 Common Downloadable RTs Shmoo –http://rainbowtables.shmoo.com/ Hak5 (1 of 2 is active) –http://www.hak5.org/w/index.php/Community_Rainbow_Tables FreeRainbowTables.com –http://www.freerainbowtables.com/en/tables/ WPA from Offensive Security (& Shmoo) CiscoPIX and MySQL torrents exist but do not appear to be active. GARR Mirror –http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables


Download ppt "Somewhere Over the Rainbow Tables Bob Weiss Password Crackers, Inc."

Similar presentations


Ads by Google