Jump to content

Project Suggestion


abferm

Recommended Posts

Ophcrack is possibly one of the best tools out there for cracking Windows password hashes. The problem is that its effectiveness is limited to the tables you have, and most people don't have terabytes of space to dedicate to rainbow tables.

Thus, I suggest some nice person sets up a web server with huge amounts of HDD space to build and host a set of tables that are as comprehensive as possible. Then people can map the server as a network drive and point ophcrack(or whatever rainbow table cracker they have) toward it for tables.

I would do it myself, but I don't have the money or the public IP to do it.

Link to comment
Share on other sites

Setting up the website and a web server with massive amounts of storage is not a problem. The problem would be generating the rainbow tables, as we all know it takes lots of processing time to generate them.

Link to comment
Share on other sites

Setting up the website and a web server with massive amounts of storage is not a problem. The problem would be generating the rainbow tables, as we all know it takes lots of processing time to generate them.

I was hoping the server would be able to do it, but maybe someone could set up something like the folding at home project where a bunch of computers do little parts of the work and report back to the server. I'd think this would work great if the whole Hak5 community helped out.

I hadn't thought of data caps, would they affect everyone?

Edited by abferm
Link to comment
Share on other sites

Not everyone has data caps i know i dont, but my upload speeds is also only 3Mbp/s which isn't the greatest would that be enough to host something like this. also what kind of processing power are we talking. my next server build planed on having 2 12 core amd processors with at least 24 gb of ram. would something like that be enough?

Link to comment
Share on other sites

Hey guys to give you a rough idea of how big the tables need to be and how much storage is required, I would recommend downloading this rainbow table generator that has some nice benchmarking features. It tells how long it would take to generate a table, how big it will be and lots more of other information.

The utility is called Winrtgen and can be downloaded from here, http://www.oxid.it/projects.html

Edited by Infiltrator
Link to comment
Share on other sites

Hey guys to give you a rough idea of how big the tables need to be and how much storage is required, I would recommend downloading this rainbow table generator that has some nice benchmarking features. It tells how long it would take to generate a table, how big it will be and lots more of other information.

The utility is called Winrtgen and can be downloaded from here, http://www.oxid.it/projects.html

It shows me that for a length of 1-20 and all characters it would take only 1.23 days and only take up 610.35MB and a 0% success possibility. Am I doing something wrong?

What is the status of the Hak5 community rainbow tables? Is there somewhere we could download those and are they compatible with ophcrack? Would they work for this?

Edited by abferm
Link to comment
Share on other sites

It shows me that for a length of 1-20 and all characters it would take only 1.23 days and only take up 610.35MB and a 0% success possibility. Am I doing something wrong?

No, you are not doing anything wrong! To have a successful possibility you need more than just one table, you need lots of tables. That's one of the downsides of rainbow tables and since it requires lots of tables; I've done the math, it require a huge amount of storage space. I'm talking in the range of if not Terabytes, Petabytes of storage!!!!!

I believe rainbow tables are good and effective for short password lengths, once passwords starts to get longer it becomes almost impractical to use rainbow tables. Furthermore, I think the future of password cracking lies in the hands of the CUDA technology.

Edited by Infiltrator
Link to comment
Share on other sites

Sounds interesting. How much space would you need?

If you can afford, 500 terabytes to 1 petabyte.

Link to comment
Share on other sites

Hey guys, I have re-calculated out storage needs, and in order to generate the following tables, we need around 50 to 60 terabytes, instead of what I stated above. By the way, these tables will have a success rate of 100%.


numeric               - ntlm 1 12 0 99999 999999999 14      

loweralpha            - ntlm 1 11 0 99999 999999999 4203

alpha                 - ntlm 1 11 0 99999 999999999 3783

loweralpha-numeric    - ntml 1 10 0 90000 999999999 3727

Now we only need all the computer horse power we can get to generate these tables.

Edited by Infiltrator
Link to comment
Share on other sites

  • 3 weeks later...

wouldnt it take a long time to access and receive the data on something that large?

If the rainbow tables are all stored on a single site location, than its only a matter of submitting your hash and waiting for the cracking process to finish, since it's all happening locally.

But if the rainbow tables are stored individually on different geographical locations than, I would assume it would take a long time depending on the connection speed and hardware utilization and specs.

Edited by Infiltrator
Link to comment
Share on other sites

  • 2 weeks later...

what infiltrator said about short password .... only problem is wpa and wep are a minimum of 8

WPA hashes are salted with the SSID, so a Rainbow Table wouldn't be effective anyway.

Edited by v0x
Link to comment
Share on other sites

  1. Don't bother generating tables if you're not using graphics cards.
  2. Services exist online to submit a hash; you don't have to hold the tables.
  3. There used to be tons of torrents for tables. Go find them and seed.
  4. Trade tables using external drives at 2600/dc meetings or cons; digininja brought a drive to Shmoo one year, iirc.

Link to comment
Share on other sites

  1. Don't bother generating tables if you're not using graphics cards.
  2. Services exist online to submit a hash; you don't have to hold the tables.
  3. There used to be tons of torrents for tables. Go find them and seed.
  4. Trade tables using external drives at 2600/dc meetings or cons; digininja brought a drive to Shmoo one year, iirc.

1) I have to agree that it is pointless generating massive amounts of rainbow tables, for cracking password that are greater than 8 characters long.

On the other hand, if you have a rig that has 4 or 6 GPUs you will be able to crack passwords a lot more efficiently.

2) Those websites can be quite ineffective sometimes, but one has to bear in mind that they are performing dictionary attacks against your hash, which isn't always going to have your clear-text password.

Edited by Infiltrator
Link to comment
Share on other sites

  • 2 weeks later...

how about a network of servers that you upload your hash to. Each server could have a small portion of the extensive tables. The one that finds the correct password reports its success to the others as well as sending the password back to the client. If we could split the tables up enough it wouldn't take long to find the password. There could also be a client side software like OPHcrack that collects the hash and sends it to the service over the internet.

Link to comment
Share on other sites

You don't necessarily need terabytes of tables to get the job done. The XP small tables have a 99% success rate for XP pw's using capitalized, lower case, and the numbers one through nine in English up to 14 char and their compressed size is less than 400 MB. The XP special set can crack all characters from the standard American keyboard and has a 96% success rate of up to 14 char and is 7.5 GB. I have less than 10GB of raindow tables and I've never encountered an XP pw I couldn't crack.

Link to comment
Share on other sites

  • 4 weeks later...
  • 4 months later...

From my experience with tables, on a decent comp using GPU, it only takes about a week to make a decent table. And to make it more opensource, we could have everyone donate a section of a table, or a full table. And you guys are right, space isnt an issue. A decent hard drive can hold a lot of tables.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...