What are Rainbow Tables?• Passwords stored in computers are changed from

their plain text form to an encrypted value.• These values are called hashes, and there is a unique

plain text value for every hash.

A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function

Approach invented by Martin Hellman

What Are Rainbow Tables?

• The concept behind rainbow tables is simple• Make one-way hash functions two way by making a list of outputs for

all possible inputs up to a character limit• Rainbow Tables are built once, and used many times• Fast• Password lookups become a table search problem• The brute force work is pre-computed

• Perfect for cracking weak hashes• Windows LM hashes of 14 characters or less can be cracked with trivial effort• Any non salting password hash can be cracked easily

Rainbow table Cracking

• It includes three tools:• rtgen program to generate rainbow tables.• rtsort program to sort rainbow tables generated by rtgen.• rcrack program to lookup rainbow tables sorted by rtsort.

• It also has a .txt file with name "charset.txt“ and it contains all the available set of chars used to generate the tables.

Download one of the latest version and then extract it(we use windows version)– http://project-rainbowcrack.com

Generate a Rainbow TableDefault Syntax of the command: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_indexCommand: $rtgen md5 loweralpha-numeric 1 5 0 10000 9682 0

Description:

• hash_algorithm can be: LM, NTLM, MD5

• charset can be: alpha-numeric, loweralpha-numeric, etc.

• plaintext_len_min describes the minimum length of hash code.

• plaintext_len_max describes the maximum length of hash code.

• table_index describes the order of the tables.

• chain_len describes the length of each "rainbow chain".

• chain_num describes the number of rainbow chains in the rainbow table.

• part_index determines how the "start point" in each rainbow chain is generated 

Continue those commands to generate more tables-$rtgen md5 loweralpha-numeric 1 5 1 10000 9682 0$rtgen md5 loweralpha-numeric 1 5 2 10000 9682 0$rtgen md5 loweralpha-numeric 1 5 3 10000 9682 0$rtgen md5 loweralpha-numeric 1 5 4 10000 9682 0

Sort Rainbow Tables

• rtsort program is used to sort the "end point" of all rainbow chains in a rainbow table to make table lookup easier.The syntax of the command line is:

$rtsort md5_ loweralpha-numeric#1-5_0_10000x9682_0.rt$rtsort md5_ loweralpha-numeric#1-5_1_10000x9682_0.rt$rtsort md5_ loweralpha-numeric#1-5_2_10000x9682_0.rt$rtsort md5_ loweralpha-numeric#1-5_3_10000x9682_0.rt$rtsort md5_ loweralpha-numeric#1-5_4_10000x9682_0.rt

Crack Hashes

• Use rcrack tool to lookup the rainbow tables for the suitable - required Hash code. • The default syntax of the command is: crack /the/directory/of/*.rt -option hash_codeHere option can be:

-h: use_hash_directly_here-f : pwdump_file-l : hash_list_file

Command: $rcrack *.rt -h D9DA8170E8BC9F27B2D32A6C9A6C697D

The plain text password of the given hash with reasonable time and memory will be shown

Edit Charset.txt List

• We can also change the character set from the character.txt file- $set_cahr_name =[my,chars,-,symbols]

For more details:http://www.liatsisfotis.com/2013/01/crack-hashes-using-rainbow-tables.html

Password Manager(LastPass)

LastPass

• LastPass is easy, secure password and data management.• Passwords in LastPass are protected by a master password, encrypted

locally, and synchronized to any other browser. • All sensitive data is encrypted and decrypted locally before syncing

with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

LastPass

• https://www.youtube.com/watch?v=RM0fzHxMASQ

LastPass

• All sensitive data is encrypted locally• Government-level encryption.• Only you know the key to decrypt your data• You control your security settings• You can generate unique, strong passwords