|
Introduction
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting table set is the lm configuration #6 tables, with which we can break any windows password up to 14 characters in a few minutes.
Download
The latest version of RainbowCrack is 1.2
| download |
platform |
supported charset |
supported algorithm |
rainbowcrack-1.2-win.zip(547K)
rainbowcrack-1.2-src.zip(44K)
|
windows binary
source for windows and linux |
customizable |
lm, md5, sha1, customizable |
rainbowcrack-1.1-win.zip(403K)
rainbowcrack-1.1-win-src.zip(59K)
|
windows binary
windows source |
customizable |
lm |
rainbowcrack-1.01-win.zip(400K)
rainbowcrack-1.01-win-src.zip(56K)
|
windows binary
windows source |
alpha and alpha-numeric |
lm |
rainbowcrack-1.0-win.zip(400K)
rainbowcrack-1.0-win-src.zip(56K)
|
not recommended |
lm: The LanManager hash algorithm. "lm" table can be used to break windows password.
customizable charset: Charset of rainbow table can be customized as described in documentation.
customizable algorithm: Support of new algorithm can be done with ease, as described in FAQ. A ready to work algorithm patch supporting NTLM, MD2, MD4 and RIPEMD160 is here Algorithm patch for RainbowCrack 1.2(3K).
Documentation
Frequently Asked Questions
RainbowCrack tutorial introduces basic steps to make rainbowcrack tool working.
Large charset configurations for RainbowCrack outlines a lot of tips when generating large rainbow tables, also two new configurations introduced.
If you are going to generate your rainbow tables with custom algorithm and/or custom charset, the major problem will be how to find out the proper table parameters(chain length, chain count of each table and table count). However, this is not a very easy topic, here are some material that can be useful:
- Philippe Oechslin's paper is your best reference for the time-memory trade-off algorithm.
- Parameter optimization of time-memory trade-off cryptanalysis in RainbowCrack. This article includes steps of how configurations in rainbowcrack documents are generated.
- matlab script for rainbowcrack and the patch can be used to calculate storage requirement, cracking time performance, success probability and all other parameters of a certain table set. You need MATLAB to run these scripts.
- Important: those very large tables are not feasible for personal. If you are going to generate a set of tables, make sure to calculate the key space before you start. For example, tables with keyspace 7555858447479 (69^1 + 69^2 + 69^3 + 69^4 + 69^5 + 69^6 + 69^7) needs several years to generate on single PC. For larger tables, you are likely need more time to generate. By the way, the largest key space supported by rainbowcrack is 2^64 - 1 (18446744073709551615). This limitation is not important because we will not arrive this.
Rainbow Table for LanManager Algorithm
We demonstrate some typical lanmanager(lm) rainbow tables here, all tables can be used to break windows password of the corresponding charset up to 14 characters in very short time.
Though no table includes lowercase letters as part of the charset, all lm tables with uppercase letters can also break windows password with lowercase letters. The rcrack.exe program in rainbowcrack can do the work of case correction with the help of ntlm hash if we are processing the hash file in pwdump format.
lm configuration #0
| charset |
[ABCDEFGHIJKLMNOPQRSTUVWXYZ] |
| keyspace |
8353082582 |
| table size |
610 MB |
success probability |
0.9990 |
| Demo: crack 5 alpha only windows password in a few seconds |
lm configuration #1
| charset |
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] |
| keyspace |
80603140212 |
| table size |
3 GB |
| success probability |
0.9904 |
| Demo: crack 5 alpha-numeric windows password in a few seconds |
lm configuration #5
| charset |
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ] |
| keyspace |
915358891407 (2^39.7) |
| table size |
24 GB |
| success probability |
0.99909 |
This table set is capable of cracking windows password(up to 14 characters) of charset "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+= " in a few minutes, with the success rate 99.91%.
Demo: crack of following windows password:
N73k_a7()TUBoK
PrFa$=ptRcb^__
z %G)r*EW&2nk#
cjST$=W0U*-5CH
(zw= ijV$i*vEX
the screen output, the windows media 9 video.
Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).
|
lm configuration #6
| charset |
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] |
| keyspace |
7555858447479 (2^42.8) |
| table size |
64 GB |
| success probability |
0.999 |
This table set is capable of cracking windows password(up to 14 characters) of charset "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ " in a few minutes, with the success rate 99.9%.
This charset includes all possbile characters on a standard keyboard (not including those alt+xxx characters). So this table set is likely to crack any windows password up 14 characters in minutes.
It will take several years if we compute these tables on single computer. However, the actual time is reduced to a few months with a lot of computers to work parallelly.
Demo: crack of following windows password:
}m-6BRz*Cj=J}G
D2@,:H?+e5#: $
Ot\KZ?/a/qr4d^
yc~<{1!Oe}l_j|
5~|3&-K^4S#c3q
the screen output, the windows media 9 video.
Demo: crack of 100 windows password:
the screen output
Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).
|
Rainbow Table for MD5 Algorithm
md5 configuration loweralpha-numeric,1-8
| charset |
[abcdefghijklmnopqrstuvwxyz0123456789] |
| keyspace |
2901713047668 |
| table size |
36 GB |
success probability |
0.99904 |
Demo: crack 10 md5 hash in 35 minutes
Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).
|
Rainbow Table for Microsoft Office
Rainbow table for instant Microsoft Office password cracking is here, features:
- 40-bit encrypted files decrypted in 5 minutes on average
- One table for MS Word and one table for MS Excel
- Table size is 40 GB
- 99.9% accuracy MS Office
Demonstration is availabe here: Word Document Crack Excel Document Crack
We are selling this software for USD 1000, reseller is also welcome for discounted price. contact me for more information.
|