abferm Posted August 1, 2011 Share Posted August 1, 2011 Ophcrack is possibly one of the best tools out there for cracking Windows password hashes. The problem is that its effectiveness is limited to the tables you have, and most people don't have terabytes of space to dedicate to rainbow tables. Thus, I suggest some nice person sets up a web server with huge amounts of HDD space to build and host a set of tables that are as comprehensive as possible. Then people can map the server as a network drive and point ophcrack(or whatever rainbow table cracker they have) toward it for tables. I would do it myself, but I don't have the money or the public IP to do it. Quote Link to comment Share on other sites More sharing options...
bobtheman Posted August 2, 2011 Share Posted August 2, 2011 one problem i can see, that is affecting everything on the net Data caps Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 6, 2011 Share Posted August 6, 2011 Setting up the website and a web server with massive amounts of storage is not a problem. The problem would be generating the rainbow tables, as we all know it takes lots of processing time to generate them. Quote Link to comment Share on other sites More sharing options...
abferm Posted August 8, 2011 Author Share Posted August 8, 2011 (edited) Setting up the website and a web server with massive amounts of storage is not a problem. The problem would be generating the rainbow tables, as we all know it takes lots of processing time to generate them. I was hoping the server would be able to do it, but maybe someone could set up something like the folding at home project where a bunch of computers do little parts of the work and report back to the server. I'd think this would work great if the whole Hak5 community helped out. I hadn't thought of data caps, would they affect everyone? Edited August 8, 2011 by abferm Quote Link to comment Share on other sites More sharing options...
ParMan Posted August 8, 2011 Share Posted August 8, 2011 Not everyone has data caps i know i dont, but my upload speeds is also only 3Mbp/s which isn't the greatest would that be enough to host something like this. also what kind of processing power are we talking. my next server build planed on having 2 12 core amd processors with at least 24 gb of ram. would something like that be enough? Quote Link to comment Share on other sites More sharing options...
abferm Posted August 9, 2011 Author Share Posted August 9, 2011 I have never created my own tables, but that sounds like it would do the trick. I would think that almost any computer would be able to generate tables, it is just a matter of how long it would take. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 10, 2011 Share Posted August 10, 2011 (edited) Hey guys to give you a rough idea of how big the tables need to be and how much storage is required, I would recommend downloading this rainbow table generator that has some nice benchmarking features. It tells how long it would take to generate a table, how big it will be and lots more of other information. The utility is called Winrtgen and can be downloaded from here, http://www.oxid.it/projects.html Edited August 10, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
abferm Posted August 10, 2011 Author Share Posted August 10, 2011 (edited) Hey guys to give you a rough idea of how big the tables need to be and how much storage is required, I would recommend downloading this rainbow table generator that has some nice benchmarking features. It tells how long it would take to generate a table, how big it will be and lots more of other information. The utility is called Winrtgen and can be downloaded from here, http://www.oxid.it/projects.html It shows me that for a length of 1-20 and all characters it would take only 1.23 days and only take up 610.35MB and a 0% success possibility. Am I doing something wrong? What is the status of the Hak5 community rainbow tables? Is there somewhere we could download those and are they compatible with ophcrack? Would they work for this? Edited August 10, 2011 by abferm Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 11, 2011 Share Posted August 11, 2011 (edited) It shows me that for a length of 1-20 and all characters it would take only 1.23 days and only take up 610.35MB and a 0% success possibility. Am I doing something wrong? No, you are not doing anything wrong! To have a successful possibility you need more than just one table, you need lots of tables. That's one of the downsides of rainbow tables and since it requires lots of tables; I've done the math, it require a huge amount of storage space. I'm talking in the range of if not Terabytes, Petabytes of storage!!!!! I believe rainbow tables are good and effective for short password lengths, once passwords starts to get longer it becomes almost impractical to use rainbow tables. Furthermore, I think the future of password cracking lies in the hands of the CUDA technology. Edited August 11, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Goddard Posted August 12, 2011 Share Posted August 12, 2011 Sounds interesting. How much space would you need? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 13, 2011 Share Posted August 13, 2011 Sounds interesting. How much space would you need? If you can afford, 500 terabytes to 1 petabyte. Quote Link to comment Share on other sites More sharing options...
abferm Posted August 19, 2011 Author Share Posted August 19, 2011 If you can afford, 500 terabytes to 1 petabyte. We could host different tables on different servers. Or not make as extensive tables, weren't the community tables only like 350GB? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 19, 2011 Share Posted August 19, 2011 (edited) Hey guys, I have re-calculated out storage needs, and in order to generate the following tables, we need around 50 to 60 terabytes, instead of what I stated above. By the way, these tables will have a success rate of 100%. numeric - ntlm 1 12 0 99999 999999999 14 loweralpha - ntlm 1 11 0 99999 999999999 4203 alpha - ntlm 1 11 0 99999 999999999 3783 loweralpha-numeric - ntml 1 10 0 90000 999999999 3727 Now we only need all the computer horse power we can get to generate these tables. Edited August 20, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
User Error Posted September 6, 2011 Share Posted September 6, 2011 wouldnt it take a long time to access and receive the data on something that large? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 6, 2011 Share Posted September 6, 2011 (edited) wouldnt it take a long time to access and receive the data on something that large? If the rainbow tables are all stored on a single site location, than its only a matter of submitting your hash and waiting for the cracking process to finish, since it's all happening locally. But if the rainbow tables are stored individually on different geographical locations than, I would assume it would take a long time depending on the connection speed and hardware utilization and specs. Edited September 6, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Trip Posted September 7, 2011 Share Posted September 7, 2011 what infiltrator said about short password .... only problem is wpa and wep are a minimum of 8 Quote Link to comment Share on other sites More sharing options...
v0x Posted September 21, 2011 Share Posted September 21, 2011 (edited) what infiltrator said about short password .... only problem is wpa and wep are a minimum of 8 WPA hashes are salted with the SSID, so a Rainbow Table wouldn't be effective anyway. Edited September 27, 2011 by v0x Quote Link to comment Share on other sites More sharing options...
int0x80 Posted September 24, 2011 Share Posted September 24, 2011 Don't bother generating tables if you're not using graphics cards. Services exist online to submit a hash; you don't have to hold the tables. There used to be tons of torrents for tables. Go find them and seed. Trade tables using external drives at 2600/dc meetings or cons; digininja brought a drive to Shmoo one year, iirc. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 26, 2011 Share Posted September 26, 2011 (edited) Don't bother generating tables if you're not using graphics cards. Services exist online to submit a hash; you don't have to hold the tables. There used to be tons of torrents for tables. Go find them and seed. Trade tables using external drives at 2600/dc meetings or cons; digininja brought a drive to Shmoo one year, iirc. 1) I have to agree that it is pointless generating massive amounts of rainbow tables, for cracking password that are greater than 8 characters long. On the other hand, if you have a rig that has 4 or 6 GPUs you will be able to crack passwords a lot more efficiently. 2) Those websites can be quite ineffective sometimes, but one has to bear in mind that they are performing dictionary attacks against your hash, which isn't always going to have your clear-text password. Edited September 26, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
abferm Posted October 4, 2011 Author Share Posted October 4, 2011 how about a network of servers that you upload your hash to. Each server could have a small portion of the extensive tables. The one that finds the correct password reports its success to the others as well as sending the password back to the client. If we could split the tables up enough it wouldn't take long to find the password. There could also be a client side software like OPHcrack that collects the hash and sends it to the service over the internet. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted October 4, 2011 Share Posted October 4, 2011 You don't necessarily need terabytes of tables to get the job done. The XP small tables have a 99% success rate for XP pw's using capitalized, lower case, and the numbers one through nine in English up to 14 char and their compressed size is less than 400 MB. The XP special set can crack all characters from the standard American keyboard and has a 96% success rate of up to 14 char and is 7.5 GB. I have less than 10GB of raindow tables and I've never encountered an XP pw I couldn't crack. Quote Link to comment Share on other sites More sharing options...
varius Posted November 2, 2011 Share Posted November 2, 2011 There is already a project like this it uses the BOINC software which is also used in other project like SETI@home ... here is a link http://boinc.freerainbowtables.com/distrrtgen/ you can download thair tables here http://www.freerainbowtables.com/de/tables2/ Quote Link to comment Share on other sites More sharing options...
varius Posted November 2, 2011 Share Posted November 2, 2011 here is a site to calculate times and sizes of rainbowtables http://www.tobtu.com/rtcalc.php couldn't find the edit Button ( I searched hard !!) Quote Link to comment Share on other sites More sharing options...
SoulSaber1 Posted April 1, 2012 Share Posted April 1, 2012 From my experience with tables, on a decent comp using GPU, it only takes about a week to make a decent table. And to make it more opensource, we could have everyone donate a section of a table, or a full table. And you guys are right, space isnt an issue. A decent hard drive can hold a lot of tables. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.