Jump to content

Good Rainbowtables?


hanshot1st

Recommended Posts

What are you looking to crack?

I've moved away from rainbow tables and do most of my cracking using HashCat now. If you have a good dictionary and good GPUs you can crack a lot of stuff in not much time.

Last week I did 28k of NTLM in a couple of minutes.

Link to comment
Share on other sites

I don't use google due to privacy concerns, and as I stated above, I wanted to get suggestions from people who already knew good places to go. This keeps me from sifting thru BS sites that offer crap or have sub-par lists. I do appreciate the link just the same. ;)

p.s. I do some of my posts thru friends' smartphones, so i don't always have the option/time to google/search things right away.

Edited by hanshot1st
Link to comment
Share on other sites

I wouldn't say Rainbow tables are dead, but I have to agree with Digininja on this one.

Rainbows are pretty much ineffective once you go over a certain password length and the only true way to crack it, would be brute forcing it.

Hashcat is certainly a tool that you should check out, including the Cuda multiforcer. If you have an Nvidia Cuda graphics card, give these tools a try.

Link to comment
Share on other sites

Thank you for the info. The reason for asking people like yourselves for information and suggestions is because when I want to get my car fixed I ask who my friends recommend instead of just opening the phonebook, and hoping the place I choose does a good job. I do use search engines, but it seems more logical to ask someone more knowledgeable for assistance first.

Link to comment
Share on other sites

It is OK asking for people recommendations but you do need to put some effort in yourself. Someone recommended the Church of Wifi tables and you asked for links, searching gets you the links without needing to ask. Similarly, asking what is the function of Hashcat, google that and you'll easily find their homepage and loads of information on what it is and how it works.

Link to comment
Share on other sites

It is OK asking for people recommendations but you do need to put some effort in yourself. Someone recommended the Church of Wifi tables and you asked for links, searching gets you the links without needing to ask. Similarly, asking what is the function of Hashcat, google that and you'll easily find their homepage and loads of information on what it is and how it works.

That's fair, i guess me asking is a symptom of lack of time to sift thru things on my own. I can't speak for everyone, but myself, i work 70 hours a week. So sometimes finding time to research things gets a bit hairy. =( I do appreciate everyone's input though. You're all very helpful. =)

Link to comment
Share on other sites

Not that I am trying to stick up for rainbow tables or anything but at a certain password length even brute forcing becomes ineffective. I know I know, you would get it eventually with brute force, but by the time the computer got it, you'd probably be dead as it would take a lifetime using machines like ours. Given if you had some mega computer, you might live to see the day but it's still ridiculous how long it takes.

Of course, using a standard desktop computer would take you years. But if you could put a cluster of GPUs together, than you won't have to wait for years.

On the other hand, we could always wait for the first quantum computer to be available.

Link to comment
Share on other sites

This is off topic but interesting enough since you mentioned quantum computing...

http://www.msnbc.msn.com/id/46581073/ns/technology_and_science-innovation/

It seems that "they" are developing encryption based on quantum entanglement by sending light particles as keys. Quite a bit above my head when it comes to physics but interesting just the same.

Very interesting article. Thanks for posting it.

On the other hand, you should read this article on IBM quantum chip breakthrough.

http://www.computerworld.com/s/article/9224670/IBM_touts_quantum_computing_breakthrough

Link to comment
Share on other sites

It all depends on budget, ATI cards are currently the best buys but when I bought my kit it was NVidia but both will work fine.

The best guide for getting it all working in Linux is on the Hashcat site and Hashcat is the best tool to use so just follow their instructions and you will have a good start.

Link to comment
Share on other sites

I really want to play with gpu clusters and brute forcing! I keep hearing good things. Anyone want to share there hardware and software setups? :D

For the hardware side of things, you can buy any of the GTX series graphics card from Nvidia.

For the software side of things, you cold use the Cuda multiforcer, the hashcat and or the elcomsoft.

On a side note, my preferred cracker would be the Cuda multiforcer it has support for multi-host so it can do parallel cracking, very handy if you have more than one system at home with Cuda graphics card enabled.

Link to comment
Share on other sites

Cheers lads, I will be reading up on hashcat when I get in from work. I hae a few machines lying around which I can stick some cards in and start playing with. I'm assuming the cards will be doing all the work so I'm assuming CPU and ram requirements won't too high, right?

Link to comment
Share on other sites

Hashcat it is very light on CPU and memory. Makes it quite weird, you can run an app in a text console and it is perfectly responsive but if you then try to change to a different desktop the process can take many seconds.

Link to comment
Share on other sites

  • 9 months later...

Took a look at this article... Once quantum computing occurs, if it hasn't already in some deep corner of government, what do you think will happen to encryption and cracking? So you think it's just going to get exponentially larger to cope with the faster power? Or a new form of encryption all together?

I am certain that once quantum computing has becomes a reality, the current encryption standard will become too weak to be relied upon, that a new form of encryption will need to be engineered.

Link to comment
Share on other sites

I have also gone away from rainbow tables.

I used to use them for sha1 encrypted passwords in database tables, but managing 100GB+ is a pain in the butt.

Most sysadmins will agree with how lazy users and admins become, so my dictionary files are about 10MB and using hashcats rules, I my reasonably successful but then you only need one...

With WPA/WPA2 unless its a default SSID (and then most time the password will be default) rainbow tables are useless.

Link to comment
Share on other sites

I like the multiforcer, as it allows a per-position charset file, which means I can target the most common combinations first.

I will be testing shortly and might make this my next step after hashcat has failed with my dictionary files.

The client-server setup also has given me a woody, this is something I could never get pyrite to do successfully.

But I could just hope for another application with a MySQL backend, with a blank root password and users passwords stored in clear text, and knowing users are lazy and use a similar password on other systems...

Ah that was a good week.

I'm still not convinced about the rainbow tables, as the time required to generate and space to store, my current cracking machine is a mini-ITX with an i5, 8GB, 60GB SSD and a high end ATI card in Lian-li TU200 case with handle is very portable, and cost effective.

Edited by oxley
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...