RainbowCrack – A Password Cracking Tool

RainbowCrack is a password cracking tool available for Windows and Linux operating systems. Unlike other password cracking tools, RainbowCrack uses a time-memory tradeoff algorithm to crack hashes along with large pre-computed “rainbow tables” that help to reduce password cracking time.

Features include:

  • Available rerminal-based and GUI-friendly interface
  • Works well with multi-core processors
  • Rainbow table generation, sort, conversion and lookup
  • Support for GPU acceleration (Nvidia CUDA and AMD OpenCL)
  • Bolster rainbow table of any hash calculation and charset.
  • Support rainbow table in raw file format (.rt) and compact file format (.rtc).

A time-memory tradeoff hash cracker need a pre-computation stage, at the time all plaintext/hash pairs within the selected hash algorithm, charset, plaintext length are computed and results are stored in files called rainbow table. It is time consuming to do this kind of computation. But once the one time pre-computation is finished, hashes stored in the table can be cracked with much better performance than a brute force cracker.

Source: https://project-rainbowcrack.com
RainbowCrack Homepage | Kali RainbowCrack Repo

Intro to Rainbow Tables

The main benefit of Rainbow Tables is that while the actual creation of the rainbow tables takes much more time than cracking a single hash, after they are generated you can use the tables over and over again. Additionally, once you have generated the Rainbow Tables, RainbowCrack is faster than brute force attacks and needs less memory than full dictionary attacks.

Rainbow Tables are popular with a particularly weak password algorithm known as Microsoft LM hash. LM stands for LAN Manager, this password algorithm was used in earlier days of Windows and still lives on only for compatibility reasons. By default Windows XP or even Windows Server 2003 keeps the LM hash of your passwords in addition to a more secure hash (NTLM or NTLMv2). This allows for the benefit of backwards compatibility with older operating systems on your network but unfortunately makes the job of password cracking easier if you can obtain the LM hashes instead of the NTLM hashes.

Microsoft’s LAN Manager algorithm and its weaknesses

So why is the LM algorithm weak? “The LANManger scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as ‘salt.” [2]

These three issues give rainbow tables their cracking power.  By converting all characters to uppercase you effectively cut your key space in half.  So if you had passwords of only characters (A-Z, a-z) you would think you would have 52 possibilities, but in reality with LM, you only have 26 because password are converted to all uppercase.  So my way secure password of PaSsWoRd would be converted automatically to PASSWORD.

Passwords longer than 7 characters are split into 2 chunks so a 14 character password is effectively turned into two, seven character passwords (and converted to uppercase).  The chunks can also be attacked separately as you will see when we start cracking passwords.

Lastly, by not salting any of the passwords no extra complexity is added to stored passwords.

For some more background info check out the LM section of Wikipedia.org: http://en.wikipedia.org/wiki/LM_hash

From the Rainbow Tables wiki:

“Rainbow tables use a refined algorithm by using a number of different reduction functions to create multiple parallel chains within a single “rainbow” table, reducing the probability of false positives from accidental chain collisions, and thus increasing the probability of a correct password crack. As well as increasing the probability of a correct crack for a given table size, the use of multiple reduction functions also greatly increases the speed of lookups.

Rainbow tables are specific to the hash function they were created for e.g., MD5 tables can crack only MD5 hashes. The theory of this technique was first pioneered by Philippe Oechslin [3] as a fast form of time-memory tradeoff [4], which he implemented in the Windows password cracker Ophcrack. The more powerful RainbowCrack program was later developed that can generate and use rainbow tables for a variety of character sets and hashing algorithms, including LM hash, MD5, SHA1, and NTLM.”[5]

Let’s check out some sample rainbow table configurations and see how they fare, as we go thru the tutorial all of this should make more sense.

LM configuration #0

charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ]
keyspace8353082582
table size610 MB
success probability0.9990

Has a success probability of 99.90% and only takes up 610 MB.

LM configuration #1

charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
keyspace80603140212
table size3 GB
success probability0.9904

Has a success probability of 99.04% and takes up 3 GB.

LM configuration #5

charset[[email protected]#$%^&*()-_+= ]
keyspace915358891407 (2^39.7)
table size24 GB
success probability0.99909

Has a success probability of 99.1% and takes up 24 GB.  This is starting to get large but 1) not THAT large with as cheap as hard drive space is and 2) with the character set involved.  Don’t forget this will work on passwords up to 14 characters as well.  What starts to make a difference is how long it takes to compute these tables.

LM configuration #6

charset[[email protected]#$%^&*()-_+=~`[]{}|:;”‘<>,.?/ ]
keyspace7555858447479 (2^42.8)
table size64 GB
success probability0.999

Has a success probability of 99.9% and takes up 64 GB.  This character set includes all possible characters on a standard keyboard (not including alt+xxx characters). So this table set is probably going to make any windows secret key laugh hysterically 14 characters in minutes. This is incredible yet on one PC it will take around 2 years to produce these tables (Faster Time-Memory Trade-Off Technique).

tools included in the rainbowcrack package

rcrack – Rainbow table password cracker
 [email protected]:~# rcrack
RainbowCrack 1.7
Copyright 2017 RainbowCrack Project. All rights reserved.
http://project-rainbowcrack.com/

usage: ./rcrack path [path] [...] -h hash
./rcrack path [path] [...] -l hash_list_file
./rcrack path [path] [...] -lm pwdump_file
./rcrack path [path] [...] -ntlm pwdump_file
path:              directory where rainbow tables (*.rt, *.rtc) are stored
-h hash:           load single hash
-l hash_list_file: load hashes from a file, each hash in a line
-lm pwdump_file:   load lm hashes from pwdump file
-ntlm pwdump_file: load ntlm hashes from pwdump file

implemented hash algorithms:
lm HashLen=8 PlaintextLen=0-7
ntlm HashLen=16 PlaintextLen=0-15
md5 HashLen=16 PlaintextLen=0-15
sha1 HashLen=20 PlaintextLen=0-20
sha256 HashLen=32 PlaintextLen=0-20

examples:
./rcrack . -h 5d41402abc4b2a76b9719d911017c592
./rcrack . -l hash.txt  

rt2rtc – Convert rainbow tables from .rt to .rtc

[email protected]:~# rt2rtc
RainbowCrack 1.7
Copyright 2017 RainbowCrack Project. All rights reserved.
http://project-rainbowcrack.com/

usage: rt2rtc path [-s start_point_bits] [-e end_point_bits] [-c chunk_size_in_mb] [-p] 

 1 <= start_point_bits <= 64
1 <= end_point_bits   <= 64
1 <= chunk_size_in_mb 

rtc2rt – Convert rainbow tables from .rtc to .rt

[email protected]:~# rtc2rt
RainbowCrack 1.7
Copyright 2017 RainbowCrack Project. All rights reserved.
http://project-rainbowcrack.com/

 usage: ./rtc2rt path 

rtgen – Generate rainbow tables

[email protected]:~# rtgen RainbowCrack 1.7 
Copyright 2017 RainbowCrack Project. All rights reserved. 
http://project-rainbowcrack.com/ 

usage: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_indexrtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index -bench

hash algorithms implemented:
lm HashLen=8 PlaintextLen=0-7
ntlm HashLen=16 PlaintextLen=0-15
md5 HashLen=16 PlaintextLen=0-15
sha1 HashLen=20 PlaintextLen=0-20
sha256 HashLen=32 PlaintextLen=0-20
 
examples:
rtgen md5 loweralpha 1 7 0 1000 1000 0
rtgen md5 loweralpha 1 7 0 -bench 

rtsort – Sort rainbow tables

[email protected]:~# rtsortRainbowCrack 1.7
Copyright 2017 RainbowCrack Project. All rights reserved.
http://project-rainbowcrack.com/

 usage: ./rtsort path 

rcrack Usage Example

[email protected]:~# coming soon

rt2rtc Usage Example

[email protected]:~# coming soon

rtc2rt Usage Example

[email protected]:~# coming soon

rtgen Usage Example

[email protected]:~# coming soon

rtsort Usage Example

[email protected]:~# coming soon

Download Rainbow Tables | Let’s Join our Hacking Team

Hope this article helpful for you. Thank You

Indian Cyber Army | Make IT Secure

Enjoy…Stay Happy…Stay Secure…

Leave a Comment

Your email address will not be published. Required fields are marked *