- with rcrack *.rt -f pass.txt it says ... nothing
- with rcrack *.rt -h 0c51962a0be928aaaad3b435b51404ee it says : lm_loweralpha-numeric#1-7_0_2400x40000000_all.rt: this table contains hashes with length 8 only ...
-with Cain 2.47 it says that it can't find any password
reading lm_alpha-numeric_4_2400x40000000_all.rt ... 131158016 bytes read, disk access time: 3.52 s verifying the file ... searching for 1 hash ...
So it's lanman passwords...
cranky
Mar 12 2004, 01:03 PM
oops, saw the aad3b435b51404ee part and got the format wrong
dump your sam with pwdump2/3/4 and then try it
slimjim100
Mar 12 2004, 01:49 PM
I have also used Rainbow Crack but I use the rainbow tables with Cain & Able. It works great for me and I love the fact that Cain sniffs the network for the passwords then cracks them. I would recommend downloading Cain from www.oxid.it good luck and have fun.
Slimjim100
D3ADLiN3
Mar 12 2004, 03:05 PM
where abouts is the setup for rainbow tables in cain? ive looked and cant find it, I must be blind
Neo_
Mar 12 2004, 05:27 PM
QUOTE (slimjim100 @ Mar 12 2004, 01:49 PM)
I have also used Rainbow Crack but I use the rainbow tables with Cain & Able. It works great for me and I love the fact that Cain sniffs the network for the passwords then cracks them. I would recommend downloading Cain from www.oxid.it good luck and have fun.
Slimjim100
-with Cain 2.47 it says that it can't find any password
I've used it, someone could try the examples i've given here ?
rcrack *.rt -f pwlfile.txt lm_loweralpha-numeric#1-7_0_2400x40000000_all.rt: 395800576 bytes read, disk access time: 14.78 s verifying the file... searching for 1 hash... cryptanalysis time: 3.64 s 244199424 bytes read, disk access time: 10.78 s searching for 1 hash... cryptanalysis time: 0.44 s
lm_loweralpha-numeric#1-7_1_2400x40000000_all.rt: 395800576 bytes read, disk access time: 39.22 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_2_2400x40000000_all.rt: 395800576 bytes read, disk access time: 12.95 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_3_2400x40000000_all.rt: 395800576 bytes read, disk access time: 17.05 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_4_2400x40000000_all.rt: 395800576 bytes read, disk access time: 19.88 s verifying the file... this file is not sorted
statistics ------------------------------------------------------- plaintext found: 0 of 1 (0.00%) total disk access time: 114.66 s total cryptanalysis time: 4.08 s total chain walk step: 2876401 total false alarm: 1368 total chain walk step due to false alarm: 1155703
result ------------------------------------------------------- Neo <notfound> hex:<notfound>
i've tried too
CODE
rcrack *.rt -l random_lm_alpha#1-7.hash
nothing... why ?
daguilar01
Mar 12 2004, 08:21 PM
i have both the alphanumberic and alpha tables in the same place, so that if the password is just letters, it goes thru the alpha tables first and shaves a few seconds off, , but my alpha tables found them
D:\RCrack>rcrack rts\*.rt -f test.txt lm_alpha#1-7_0_2100x8000000_all.rt: 128000000 bytes read, disk access time: 2.30 s verifying the file... searching for 1 hash... plaintext of a80f6e6a87ba6ac2 is AAAAA cryptanalysis time: 3.39 s
statistics ------------------------------------------------------- plaintext found: 1 of 1 (100.00%) total disk access time: 2.30 s total cryptanalysis time: 3.39 s total chain walk step: 1192740 total false alarm: 1119 total chain walk step due to false alarm: 1204202
result ------------------------------------------------------- Neo aaaaa hex:6161616161 D:\RCrack>
EDIT: i see the problem in your tables
QUOTE
rcrack *.rt -f pwlfile.txt lm_loweralpha-numeric#1-7_0_2400x40000000_all.rt: 395800576 bytes read, disk access time: 14.78 s verifying the file... searching for 1 hash... cryptanalysis time: 3.64 s 244199424 bytes read, disk access time: 10.78 s searching for 1 hash... cryptanalysis time: 0.44 s
lm_loweralpha-numeric#1-7_1_2400x40000000_all.rt: 395800576 bytes read, disk access time: 39.22 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_2_2400x40000000_all.rt: 395800576 bytes read, disk access time: 12.95 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_3_2400x40000000_all.rt: 395800576 bytes read, disk access time: 17.05 s verifying the file... this file is not sorted
lm_loweralpha-numeric#1-7_4_2400x40000000_all.rt: 395800576 bytes read, disk access time: 19.88 s verifying the file... this file is not sorted
statistics ------------------------------------------------------- plaintext found: 0 of 1 (0.00%) total disk access time: 114.66 s total cryptanalysis time: 4.08 s total chain walk step: 2876401 total false alarm: 1368 total chain walk step due to false alarm: 1155703
result ------------------------------------------------------- Neo <notfound> hex:<notfound>
Neo_
Mar 12 2004, 09:54 PM
daquilar, if i was a girl, i'll love you it works...
But i'm not a girl... i think
slimjim100
Mar 12 2004, 10:35 PM
So do all of yall ahve it now? If your useing Cain make sure to add the tables and Charsets to the scan section. so far I have made the Alpha and Alpha-Numeric tables so i will make the Alpha-Numeric-sm.
Slimjim100
daguilar01
Mar 13 2004, 05:09 AM
QUOTE (Neo_ @ Mar 12 2004, 02:54 PM)
daquilar, if i was a girl, i'll love you it works...
rcrack *.rt -f pwlfile.txt lm_loweralpha-numeric#1-7_0_2400x40000000_all.rt: 234541056 bytes read, disk access time: 8.91 s verifying the file... searching for 1 hash... cryptanalysis time: 3.52 s 234541056 bytes read, disk access time: 10.73 s searching for 1 hash... cryptanalysis time: 0.42 s 170917888 bytes read, disk access time: 5.48 s searching for 1 hash... cryptanalysis time: 0.33 s
lm_loweralpha-numeric#1-7_1_2400x40000000_all.rt: 234541056 bytes read, disk access time: 12.88 s verifying the file... searching for 1 hash... cryptanalysis time: 3.45 s 234541056 bytes read, disk access time: 11.16 s searching for 1 hash... cryptanalysis time: 0.45 s 170917888 bytes read, disk access time: 5.59 s searching for 1 hash... cryptanalysis time: 0.33 s
lm_loweralpha-numeric#1-7_2_2400x40000000_all.rt: 234541056 bytes read, disk access time: 6.83 s verifying the file... searching for 1 hash... cryptanalysis time: 3.50 s 234541056 bytes read, disk access time: 9.83 s searching for 1 hash... cryptanalysis time: 0.38 s 170917888 bytes read, disk access time: 4.63 s searching for 1 hash... cryptanalysis time: 0.28 s
lm_loweralpha-numeric#1-7_3_2400x40000000_all.rt: 234541056 bytes read, disk access time: 8.36 s verifying the file... searching for 1 hash... cryptanalysis time: 3.44 s 234541056 bytes read, disk access time: 6.81 s searching for 1 hash... cryptanalysis time: 0.41 s 170917888 bytes read, disk access time: 6.61 s searching for 1 hash... cryptanalysis time: 0.30 s
lm_loweralpha-numeric#1-7_4_2400x40000000_all.rt: 234541056 bytes read, disk access time: 8.95 s verifying the file... searching for 1 hash... cryptanalysis time: 3.20 s 234541056 bytes read, disk access time: 6.78 s searching for 1 hash... cryptanalysis time: 0.38 s 170917888 bytes read, disk access time: 3.89 s searching for 1 hash... cryptanalysis time: 0.34 s
statistics ------------------------------------------------------- plaintext found: 0 of 1 (0.00%) total disk access time: 117.44 s total cryptanalysis time: 20.72 s total chain walk step: 14382005 total false alarm: 6959 total chain walk step due to false alarm: 5611181
result ------------------------------------------------------- Neo <notfound> hex:<notfound>
It's aaaaa
daguilar01
Mar 13 2004, 03:59 PM
seems that my alpha numeric tables found it, not sure why yours didnt
CODE
lm_alpha-numeric#1-7_0_2400x40000000_all.rt: 301236224 bytes read, disk access time: 6.99 s verifying the file... searching for 1 hash... cryptanalysis time: 4.69 s 301236224 bytes read, disk access time: 6.53 s searching for 1 hash... cryptanalysis time: 0.61 s 37527552 bytes read, disk access time: 0.74 s searching for 1 hash... cryptanalysis time: 0.09 s
lm_alpha-numeric#1-7_1_2400x40000000_all.rt: 301236224 bytes read, disk access time: 5.88 s verifying the file... searching for 1 hash... cryptanalysis time: 4.17 s 301236224 bytes read, disk access time: 5.88 s searching for 1 hash... plaintext of a80f6e6a87ba6ac2 is AAAAA cryptanalysis time: 0.20 s
statistics ------------------------------------------------------- plaintext found: 1 of 1 (100.00%) total disk access time: 26.00 s total cryptanalysis time: 9.77 s total chain walk step: 5752802 total false alarm: 2173 total chain walk step due to false alarm: 1822767
result ------------------------------------------------------- Neo aaaaa hex:6161616161
slimjim100
Mar 16 2004, 04:22 AM
I found it too. you may need to resort or remake your tables. you may have a corupt talbe. Sorry for the bad news.
Slimjim100
bonarez
Mar 19 2004, 05:31 PM
hello people, 1st post here for me
I've been reading around about the rainbowcrack and I decided to go ahead and create the tables myself, hdd-space is not a problem, and I'm sure some of my friends will be interested also, so we can get multiple pc's to gen the tables.
I'm going to try to get at least 99% probability, and go for following charset 'readable = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ ]
I made the charset myself, took all the readable chars from the 'byte' charset, since nobody I know is going to put alt+chars in their password. also I'm going to try 1-5 chars first, and then make additional tables for each following length. I guess this is the best way to go. If someone has a better strategy, please please tell me now, before I start, since starting something like this in the wrong way is a waste of my computertime
Also a nice tip: I just found out you can pause the calculation in a cmd-prompt by clicking around in the prompt and selecting stuff. when something is selected the calculation is paused untill you press enter!! don't know if there is (already was) a better/easier way, if there is, my mistake
bonarez
DaClueless
Mar 19 2004, 09:40 PM
QUOTE (bonarez @ Mar 19 2004, 05:31 PM)
I'm going to try to get at least 99% probability, and go for following charset 'readable = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ ]
If you want to make a table for more then just the english OS, you should think about WCHAR. Example is the chinese char, but other lang have a few.
bonarez
Mar 19 2004, 11:57 PM
QUOTE
If you want to make a table for more then just the english OS, you should think about WCHAR
that's actualy a very good point...
can the wchar be used within the rtgen command? as in: rtgen md5 wchar 1 6 0 9600 2000000 all I'll try it out as soon as the command above finishes
though I don't think chinese chars are really necesary, there are some special chars in german/spanish/french etc that could be worth including, at it's least it would be really interesting to see how many chars there are and how it would affects computing time
bonarez
daguilar01
Mar 20 2004, 02:51 AM
QUOTE (Neo_ @ Mar 19 2004, 03:06 PM)
Well, i've tried to make new tables... I've found my password aaaaa then
But i'm not able to find my friend password : jpeterman:500:B4B1A63E2F580A72AAD3B435B51404EE:CDA0F05200CBE59FD58865B347509BD4: ::
I've tried Bruteforce too.
Someone can try it for me ?
my tables didnt find it either so at least you know yours are working, lol
bonarez
Mar 21 2004, 12:45 AM
I've created some tables (1-5 chars) custom charset, sorted them and the rcrack gets me the password in less then a minute, no problem
but now, when I try to import the charset.txt and the *.rt 's into cain, I get an error:
charset ..path\path\lm not found in in configuration file (yes 2x in)
I'm sure I didn't mess up the tables, rcrack works, even with the files copied to another location..
eh..., help?
edit: changed byte to custom charset in first line, my mistake
caleb
Mar 21 2004, 05:33 AM
QUOTE
Well, i've tried to make new tables... I've found my password aaaaa then
But i'm not able to find my friend password : jpeterman:500:B4B1A63E2F580A72AAD3B435B51404EE:CDA0F05200CBE59FD58865B347509BD4: ::
I've tried Bruteforce too.
Someone can try it for me ?
Found it, it has these 7 chars in it: t 0 s A l ! d
although, not in that order ... =)
oblivion2004
Mar 21 2004, 02:49 PM
HelpAssistant appears to be different on each computer, is this cd key specific or something?
I don't know about the support_xxxxxxxxx accounts but the HelpAssistant i've seen on most xp machines....
Um.. I've noticed many xp machines with an account of SUPPORT_388945a0 and with no LM password at all, and a LM hash that equals a blank password.... Also a 50% of the machines i've seen have had a blank Administrator password (user-owned computers).... Nice
But if the rainbow tables take 7.5 DAYS to generate thats not even worth it ....???
oblivion2004
Mar 21 2004, 02:51 PM
Note, according to MY rtgen it takes 13 m and 10 s per 100,000 out of 40,000,000 so thats about 86.666 hours....3.6 days. Is it out of the question to run multiple rtgen's at once with a quick computer that has 1.5 gigs of pc2700?
Killaloop
Mar 21 2004, 06:33 PM
QUOTE (oblivion2004 @ Mar 21 2004, 02:51 PM)
Note, according to MY rtgen it takes 13 m and 10 s per 100,000 out of 40,000,000 so thats about 86.666 hours....3.6 days. Is it out of the question to run multiple rtgen's at once with a quick computer that has 1.5 gigs of pc2700?
generating the tables uses 100% cpu unless you got more than one cpu and your system is something not windows like (system where you could switch between cpus) starting more than one rtgen would only cause your system to screw up
Also those Support and HelpAssistent accounts are as standard disabled on every system I work on and have to be enabled
Killaloop
Mar 21 2004, 06:58 PM
Also I was wondering If my putter shutsdown while generating the tables is there a way to resume the process or is all the work and time for nothing?
/edit just tried it myself it automatically resumed the table nice stuff
subcorner
Apr 7 2004, 10:49 AM
i've generatd 5table 1-7alpha num on a week... well, it was not so long with 2 computer (1,64ghz + 933mhz).
néo i didn't find the pass of your friend to: statistics ------------------------------------------------------- plaintext found: 1 of 2 (50.00%) total disk access time: 175.19 s total cryptanalysis time: 36.79 s total chain walk step: 20134807 total false alarm: 9216 total chain walk step due to false alarm: 7432182
result ------------------------------------------------------- Neo aaaaa hex:6161616161 jpeterman <notfound> hex:<notfound>
you mentioned for the above charset. in rainbow crack website, they mentioned a charset containing "!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ " will take 11.8 days for each file, 200 files total which is approximately 6.5 years. and yours is even longer then configuration 4. so how long do you think you will take to generate that tables?
nuorder
Apr 7 2004, 01:07 PM
i bet many ppl already know this but u should just add an ALT+ character, eg: Õ to a windows password (somewhere in the middle is safer)
Killaloop
Apr 7 2004, 01:23 PM
QUOTE (nuorder @ Apr 7 2004, 01:07 PM)
i bet many ppl already know this but u should just add an ALT+ character, eg: Õ to a windows password (somewhere in the middle is safer) even with a password length of 6 the keyspace is already way larger than any of these rainbow tables plus it seems so many ppl are creating these tables so with ALT chars u easily avoid them, not meaning to spoil ur fun jus thought id point that out
since most only crack the lanmanhashes its also a good idea to use a password of 15 or more chars. by using such a long password no lanmanhash will be created.
Someone who can crack this one with rainbow tables has seriously to much hd space Just try it, my pws are always hacker proof
awwww...come on. dont give us an account which is not good. give us the account with the SID of 500
rush
Apr 8 2004, 09:15 AM
Its a test haha, i just want to know if someone is able to crack my uncrackable pasword (i think)!
Daume
Apr 8 2004, 09:33 PM
hey
here is your friend's password
statistics ------------------------------------------ plaintext found: 1 of 1 (100.00%) total disk access time: 33.75 s total cryptanalysis time: 25.75 s total chain walk step: 16236451 total false alarm: 533 total false alarm step: 1040346
Lol Daume, you didnt try mine yet? Wanna see if with 17gb my pw will be cracked
Daume
Apr 9 2004, 11:06 PM
lets have it
post it here and will see if this shit works
greetz
Neo_
Apr 10 2004, 06:43 AM
Just try "?" as password, it's not in your charset Maybe bruteforce ^^
Neo_
Apr 10 2004, 06:45 AM
QUOTE (Daume @ Apr 8 2004, 09:33 PM)
hey
here is your friend's password
statistics ------------------------------------------ plaintext found: 1 of 1 (100.00%) total disk access time: 33.75 s total cryptanalysis time: 25.75 s total chain walk step: 16236451 total false alarm: 533 total false alarm step: 1040346
it says that if i do "rtgen lm loweralpha-numeric 1 7 0 4800 400000000 all"
i could have 99.9926 % success probability
do you know if this the best thing ?
nuorder
Apr 15 2004, 03:58 PM
you are using it wrong you have to define the number of characters as 36 as you want alphanumeric also you should change loweralpha to just alpha
please re-read the tutorial and understand what all the values actually mean rainbowcalc is designed for those who understand a little about what they are entering but if u still dont understand feel free to ask
if in doubt just use standard rainbowcrack configurations they are fairly well set up
ILX
Apr 15 2004, 04:45 PM
hi i'm generating the rainbow tables at my work. i have 3/4 P4 2.6 working on them my question is, does anyone have any suggestion on how to get other network computers working on the tables in the same "server". like having 1 pc storing the tables, the charset and dll and the others processing the tables and dumping to the file in the server? i can do it by mapping a remote network drive and running it from there but having the users seeing my tables on it is BAD
also the charset i'm currently using is lowercase + uppercase + numeric + simbols, should i keep it up or remove the uppercase ???
thnks in advance
oblivion2004
Apr 15 2004, 09:42 PM
The one password i need to crack is longer than 14 char by one or two....
Can someone crack the NTLM hash for me? I'll dedicate my CPU to crack as many <15 passwords u need but i would just kill for the cracked pass of this one....
hi i'm generating the rainbow tables at my work. i have 3/4 P4 2.6 working on them my question is, does anyone have any suggestion on how to get other network computers working on the tables in the same "server". like having 1 pc storing the tables, the charset and dll and the others processing the tables and dumping to the file in the server? i can do it by mapping a remote network drive and running it from there but having the users seeing my tables on it is BAD
also the charset i'm currently using is lowercase + uppercase + numeric + simbols, should i keep it up or remove the uppercase ???
thnks in advance
if you go for lm hashing you don't need the lowercase ones and if you include symbols it will take month.
ILX
Apr 16 2004, 02:19 PM
removing the lowercase will short things down, thnks to killaloop but if i could just get my other network boxes processing the tables on 1 single server i could have all the lm hashes in no time.
CMD does not support UNC paths as current directories.
I HATE THIS DAMN WINDOWS SHI%%Y command shell wannabe
if anyone could tell me a way around it i would VERY greatfull
D:\rainbow>rcrack d:\rainbow\*.rt -f 1.txt lm_alpha#1-7_0_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.33 s verifying the file... searching for 2 hashes... plaintext of hash is RIPICE cryptanalysis time: 7.78 s
lm_alpha#1-7_1_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.70 s verifying the file... searching for 1 hash... cryptanalysis time: 3.88 s
lm_alpha#1-7_2_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.58 s verifying the file... searching for 1 hash... cryptanalysis time: 3.92 s
lm_alpha#1-7_3_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.70 s verifying the file... searching for 1 hash... cryptanalysis time: 3.91 s
lm_alpha#1-7_4_2100x8000000_all.rt: 128000000 bytes read, disk access time: 3.81 s verifying the file... searching for 1 hash... cryptanalysis time: 3.73 s
lm_alpha-numeric#1-7_0_2400x40000000_all.rt: 376606720 bytes read, disk access time: 8.86 s verifying the file... searching for 1 hash... cryptanalysis time: 3.84 s 263393280 bytes read, disk access time: 5.56 s searching for 1 hash... cryptanalysis time: 0.50 s
statistics ------------------------------------------------------- plaintext found: 1 of 2 (50.00%) total disk access time: 32.55 s total cryptanalysis time: 27.56 s total chain walk step: 16045737 total false alarm: 14047 total chain walk step due to false alarm: 10136736
result ------------------------------------------------------- Administrator <notfound> hex:<notfound> Default ripice hex:726970696365 Guest hex:
D:\rainbow>
What am I doing wrong?? This is the 2nd time I genereted that table...
File length mismatch.. Somebody can help me out?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
, but my alpha tables found them
