table666abcd.com
666abcd.com 时间:2021-04-09 阅读:()
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
RainbowTables&RainbowCrackIntroductionRainbowtablesreducethedifficultyinbruteforcecrackingasinglepasswordbycreatingalargepre-generateddatasetofhashesfromnearlyeverypossiblepassword.
RainbowTablesandRainbowCrackcomefromtheworkandsubsequentpaperbyPhilippeOechslin.
1Themethod,knownastheFasterTime-MemoryTrade-OffTechnique,isbasedonresearchbyMartinHellman&RonaldRivestdoneintheearly1980'sontheperformancetrade-offsbetweenprocessingtimeandthememoryneededforcryptanalysis.
Inhispaperpublishedin2003,Oechslinrefinedthetechniquesandshowedthattheattackcouldreducethetimetoattack99.
9%ofMicrosoft'sLANManagerpasswords(alphacharactersonly)to13.
6secondsfrom101seconds.
Furtheralgorithmrefinementsalsoreducedthenumberoffalsepositivesproducedbythesystem.
ThemainbenefitofRainbowTablesisthatwhiletheactualcreationoftherainbowtablestakesmuchmoretimethancrackingasinglehash,aftertheyaregeneratedyoucanusethetablesoverandoveragain.
Additionally,onceyouhavegeneratedtheRainbowTables,RainbowCrackisfasterthanbruteforceattacksandneedslessmemorythanfulldictionaryattacks.
RainbowTablesarepopularwithaparticularlyweakpasswordalgorithmknownasMicrosoftLMhash.
LMstandsforLANManager,thispasswordalgorithmwasusedinearlierdaysofWindowsandstilllivesononlyforcompatibilityreasons.
BydefaultWindowsXPorevenWindowsServer2003keepstheLMhashofyourpasswordsinadditiontoamoresecurehash(NTLMorNTLMv2).
ThisallowsforthebenefitofbackwardscompatibilitywitholderoperatingsystemsonyournetworkbutunfortunatelymakesthejobofpasswordcrackingeasierifyoucanobtaintheLMhashesinsteadoftheNTLMhashes.
Microsoft'sLANManageralgorithmanditsweaknessesLMisweakforseveralreasons.
First,it'snotcase-sensitive(itcovertseverythingtouppercase),whichsignificantlyreducespasswordsearchspace.
Thismeansthatevenifmypasswordis"PaSsWoRD"LMconvertsittoPASSWORD.
Considerthenumberofpossiblesevencharacterpasswordsmadeexclusivelyfromletters,i.
e.
,nonumbers,symbols,etc.
Foracase-insensitivealgorithm(likeLANManager)thismeansthere'satotalof26possiblevaluesforeachcharacterpositioninthepassword.
Here'showacase-insensitivealgorithm'ssearchspacecomparestooneforacase-sensitivealgorithm:NumberofpossiblecharactersNumberofpossiblesevencharacterpasswords26267(8,031,810,176orabout8.
0319)52527(1,028,071,702,528orabout1.
02812)SoifyouhavethesameCPU,thesamememory,andallotherfactorsbeingequal;thedoublingofpossiblevaluesinthecharacterspacewillresultin,notthedoublingofpasswordstocrack,butanincreaseacoupleordersofmagnitudeinthenumberofpasswordstocrack.
SoifweassumethatLMcanuseeverycharacteronastandardUSkeyboardithasacharactersetof69possiblecharacters.
1http://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
CountClass26allletters(upperandlowercombined)10digits10shiftedsymbolsfromdigitkeys22remainingsymbolsandtheirshiftedcounterparts1space69totalCase-sensitivealgorithms(e.
g.
,thepasswordhashingalgorithmonmostUnixvariants,andMicrosoft'sNTLMandNTLMv2)giveusanadditional26charactersperposition,oracharactersetof95possibilities.
Tocalculatethetotalnumberofpossiblepasswordsforagivenalgorithm,youaddthetotalnumberofpasswordsforeachvalidpasswordlength(oratleasteachvalidpasswordlengthforthepasswordspaceyou'researching).
LM'smaximumeffectivepasswordlengthissevencharactersforatotalsearchspaceof7,555,858,447,479possiblepasswords(about7.
55612).
#charactersinpasswordNumberofpossiblepasswords169(691)24,761(692)3328,509(693)422,667,121(694)51,564,031,349(695)6107,918,163,081(696)77,446,353,252,589(697)7,555,858,447,479totalAcase-sensitivealgorithmwouldgiveusanadditional26characters,foratotalof95.
Withthelargercharacterset(butstickingwiththesevencharacterpasswordlimitforthemoment),thetotalsearchspaceis70,576,641,626,495possibilities(about7.
05813).
#charactersinpasswordNumberofpossiblepasswords195(951)29,025(952)LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
3857,375(953)481,450,625(954)57,737,809,375(955)67,350,918,906,25(956)769,833,729,609,375(957)70,576,641,626,495totalSo,analgorithmthat'scase-sensitivehasapasswordsearchspaceaboutninetimeslargerthanMicrosoftLANManager'sAsecondproblemwithLMisthatit'seffectivelylimitedtoonlysevencharacters.
LMcanacceptpasswordsupto14charactersinlengthandtreatsanyvaluesintheeighththroughfourteenthcharacterpositionasasecond,completelyindependentpassword.
(Charactersbeyondthe14thareignored.
)Forexample,givenapasswordofninecharacters,LMhashespassword'sfirstsevencharactersandstorestheresult,thenhashestheremainingtwocharactersandstoresthemaswell.
WhenattackingLM,anattackercanimmediatelytellwhichaccountshavesevencharactersorlessbecausetheywillallsharethesamevalueforthesecondhalfofthepassword.
Whileit'struethatpasswordsof8-14characterseffectivelyrequireexaminationoftwoseparatehashvalues,thisisarelativelycheapoperationandnotonewhichhasgreatimpactonspeedbecausethepasswordissoshort.
DoesaddinganeighthcharacterreallymakethatmuchofadifferenceTheshortanswer:absolutely!
IfLMcouldactuallyhasheightcharacterpasswords(asopposedtotheeffectivesevencharacterlimitimposedbyitsdesign),itstotalsearchspacewouldbenoticeablylarger,asshownhere:#charactersinpasswordNumberofpossiblepasswords169(691)24,761(692)3328,509(693)422,667,121(694)51,564,031,349(695)6107,918,163,081(696)77,446,353,252,589(697)8513,798,374,428,641(698)521,354,232,876,120total(orabout5.
21414)LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
5.
21414reallyislargerthan7.
55612.
Theadditionalcharacterincreasestotalsearchspacebyaboutafactorofabout69,anotabledifference.
Casesensitivitybecomesevenmoreimportantwhenyouusealgorithmscapableofhandlingpasswordswithmorethansevencharacters.
#charactersinpasswordNumberofpossiblepasswords195(951)29,025(952)3857,375(953)481,450,625(954)57,737,809,375(955)67,350,918,906,25(956)769,833,729,609,375(957)86,634,204,312,890,625(958)6,704,038,042,500,000total(orabout6.
70415)Modernpasswordhashingalgorithms(toincludeNTLMandNTLMv2)canusemorethaneightcharacters,sothesearchspaceinvolvedrapidlybecomes—toputitmildly—VERYLARGE.
ThemaximumlengthforWindowspasswordsdependsontheOSversion.
Windows2000,WindowsXP,andWindowsServer2003supportpasswordsupto128characters,butolderversionsofWindows(98,ME,NT)onlysupportpasswordsupto14charactersOneofthecharacteristicsofstrongauthenticationalgorithmsisthatthey'recomputationallyexpensive;meaningthattryingtoiteratethroughthemalargenumberoftimes(likewhensomeone'sgrindingthroughadictionary)issupposedtotakeawhile.
LM'sthirdweaknessisthatit'scomputationallycheap,atleastcomparedwithotherpasswordhashingalgorithms.
Here'ssomepasswordcalculationratesforseveralalgorithmsasimplementedinJohntheRipper(awellknownpassword"cracker")onalow-endAthlon64anda3.
2GHzXeon.
NotethatthisinstanceofJohnhasbeenpatchedtobeabletohandle"NTMD4"(NTLM):"crypts/sec"HashingalgorithmAthlon642800+3.
2GHzXeonDES,onesalt569,313319,960FreeBSDMD54,0798,950OpenBSDBlowfish292448NTMD4(NTLM)1,101,000991,817NTLMDES(LANMAN)5,180,0004,524,000LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
DES(theoldUnixcrypt()function)isonlyatenthasfastasLM(rememberingthatthisisoneareawherespeedisBAD).
OpenBSD'sBlowfish-basedhashingalgorithmgetsthetortoiseprize;itscomputationalexpensemakesitaveryunappetizingtargetforbrute-forceattacks.
WhatthesenumbersmeansisthatIget4,524,000guessesasecondagainstaLANManagerpasswordandIonlyget319,960guessasecondagainstaDESpassword;ahugedifference.
Finally,LMusesnosalt.
Asaltisessentiallyarandomvaluetossedintothecomputationalmixwhengeneratingapasswordhash.
Theideabehindusingasaltisitrandomlychangestheoutputofthehashfunction,makingitmuchmoredifficulttosimplycomparehashestodetermineifpasswordsareidentical.
Iftwousershappentopickthesamepassword,analgorithmthatusessaltswillmakeitharderforanattackertodetectthatbecausethehasheswouldbedifferent.
Nowthatweknowsomethingaboutalgorithms,theirspeeds,etc.
,wecanfigureoutreal-worldattackspeeds.
We'vealreadydeterminedthetotalnumberofpossiblepasswordswithLMissomethinglike7.
55612.
Wealsoknowthata3.
2GHzXeoncangothroughthesepossibilitiesatarateofaround4.
5246/second.
Aroughestimateputsthetimeneededtochewthroughallthepossibilities(usingthe3.
2GHzXeonbenchmarkedabove)inabout1.
76seconds.
Apossiblymoreaccurateestimateis:(7,555,858,447,479passwords)/(4,524,000passwords/sec)=1670203secondsThat'saround19daystoworkthroughallpossiblepasswordsgivenLM'savailablesearchspace.
However,sincetheoddsarethatanattackerwillguessyourpasswordwithinthefirsthalfofallpossibilities(assumingacompletelyrandomsearch,evendistribution,etc.
),thehalf-life(abouteightdays)isabetternumbertouseforplanningapassword'susablelifetime.
Here'showLMstacksupagainsttheoldUnixcrypt()functionandNTLM,usingthetimingsandpasswordspacesshownabove(andlimitingtheotheralgorithmstoamaximumofeightcharacters,eveniftheymightbeabletousemore):AlgorithmSizeofpasswordspaceHalflifelengthinsecondsLANMAN7.
556121.
4596(~8days)NTLM6.
704153.
0459(~95years)crypt()6.
704155.
8889(~185years)*FreeBSDMD56.
704157.
49111(>11,000years)Mostuserschangetheirpasswordsoftenenoughthatcrypt()eventhoughit'sdefinitelyshowingitsage,stillprovidesquiteabitofprotectionagainstbrute-forceattacks(185yearsforan8characterpassword).
It'salsoprettyclearthatasmallerpasswordsearchspace(8orlesscharacters)playsaBIGroleinsuccessfulattacks(8-9days).
SothesearerealisticnumbersfortoolslikeJohntheRipperandL0phtcrack(LC4/LC5)letsseehowRainbowCrackstacksupagainstbruteforceanddictionaryattacktoolslikeJohntheRipperandL0phtcrack.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
UsingRainbowtablesisn'tpasswordguessing;it'sadatabaselookup.
Likewealreadymentioned,theideaisthatanattackeronlyhastocomputehashesonce(orbuyacopyofthempre-computed),ratherthanattackingpasswordsthroughcomputationalpower.
Forexample:LMconfiguration#0charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ]keyspace8353082582tablesize610MBsuccessprobability0.
9990Hasasuccessprobabilityof99.
90%andonlytakesup610MB.
LMconfiguration#1charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]keyspace80603140212tablesize3GBsuccessprobability0.
9904Hasasuccessprobabilityof99.
04%andtakesup3GB.
LMconfiguration#5charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!
keyspace915358891407(2^39.
7)tablesize24GBsuccessprobability0.
99909Hasasuccessprobabilityof99.
1%andtakesup24GB.
Thisisstartingtogetlargebut1)notTHATlargewithascheapasharddrivespaceisand2)withthecharactersetinvolved.
Don'tforgetthiswillworkonpasswordsupto14charactersaswell.
Whatstartstomakeadifferenceishowlongittakestocomputethesetables.
LMconfiguration#6charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!
keyspace7555858447479(2^42.
8)tablesize64GBsuccessprobability0.
999Hasasuccessprobabilityof99.
9%andtakesup64GB.
Thischaractersetincludesallpossiblecharactersonastandardkeyboard(notincludingalt+xxxcharacters).
Sothistablesetislikelytocrackanywindowspasswordup14charactersinminutes.
Thisisgreatbutononecomputeritwilltakeabout2yearstogeneratethesetables(FasterTime-MemoryTrade-OffTechnique).
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
YoucanseedemosofsomeoftheseconfigurationsinactionattheProjectRainbowCrackwebsite2UsingRainbowTables&RainbowCrackExample1:FirstdownloadRainbowCrackforyourplatformfromwww.
antsight.
com/zsl/rainbowcrack/.
WewilluseourLMalpha(configuration0)rainbowtables.
**Youwillneedtoeithercreatethemorunzip3themandtheythewilllooksomethinglike:128,000,000byteslm_alpha#1-7_0_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_1_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_2_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_3_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_4_2100x8000000_all.
rtIfeverythinggoeswell,backupallfiles(recommendedespeciallyifyoujustmadethemanddidn'tdownloadthem)andthengetreadytosortthem.
Tospeedupthesearchofourrainbowtable,weshouldsorttherainbowtablewith"rtsort.
exe"inadvance.
Infact"rcrack.
exe"onlyacceptssortedrainbowtables.
Wesorttherainbowtablesbyusingthefollowingcommand:Usethesecommands:rtsortlm_alpha#1-7_0_2100x8000000_all.
rtrtsortlm_alpha#1-7_1_2100x8000000_all.
rtrtsortlm_alpha#1-7_2_2100x8000000_all.
rtrtsortlm_alpha#1-7_3_2100x8000000_all.
rtrtsortlm_alpha#1-7_4_2100x8000000_all.
rtEachcommandwilltakeseveralminutestocomplete.
The"rtsort.
exe"utilitywillsortthefileandwritebacktotheoriginalfile.
Notice:Iffreememorysizeissmallerthanthefilesize,wecan'tloadthefileintomemoryatatime.
Inwhichcaseextrafreediskspaceaslargeasthefiletobesortedisrequiredtoapplyanexternalsort.
Oncertsorthascompletedyouarereadytousercrackagainstsomehashes.
Toseeavailableoptionsjusttype"rcrack"C:\rainbowcrack-1.
2-win\rainbowcrack-1.
2-win>rcrackRainbowCrack1.
2-MakingaFasterCryptanalyticTime-MemoryTrade-OffbyZhuShuangleihttp://www.
antsight.
com/zsl/rainbowcrack/usage:rcrackrainbow_table_pathname-hhashrcrackrainbow_table_pathname-lhash_list_filercrackrainbow_table_pathname-fpwdump_filerainbow_table_pathname:pathnameoftherainbowtable(s),wildchar(*,)supported2ProjectRainbowCrackwebsitewww.
antsight.
com/zsl/rainbowcrack/3FreeRainbowtablesfordownloadviatorrenthttp://rainbowtables.
shmoo.
com/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
-hhash:userawhashasinput-lhash_list_file:usehashlistfileasinput,eachhashinaline-fpwdump_file:usepwdumpfileasinput,thiswillhandleLANManagerhashonlyexample:rcrack*.
rt-h5d41402abc4b2a76b9719d911017c592rcrack*.
rt-lhash.
txtrcrack*.
rt-fhash.
txtLaunchtheprogrambyissuingthecommand:rcrackc:\rainbowcrack\*.
rt-lhashlist.
txtYoushouldreplace"c:\rainbowcrack\"withwhereyouplacedyoursortedrainbowtables.
Tocracksomehashedwindowspasswords,thesyntaxissimilar:rcrackc:\rainbowcrack\*.
rt-fpwdumpfile.
txtrcrackc:\rainbowcrack\*.
rt-ljusthashlist.
txtrcrackc:\rainbowcrack\*.
rt–h213D466DB5B288F0F82E44EC0938F4F4Wherepwdumpfile.
txtistheresultsofusingahashdumpingutilitylikepwdump2,pwdump3,samdump,etctodumptheLANManagerspasswords.
Ifyourpasswordconsistsofonlylettersonly,rcrackshouldbeabletocrackitwithasuccessrateof99.
9%.
Let'stryitagainstthefollowinghashfileinpwdumpformat(sousethe–foption):testuser1:"":0F20048EFC645D0A179B4D5D6690BDF3:1120ACB74670C7DD46F1D3F5038A5CE8:::remote:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:::joeuser:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:::averageguy:"":299CCF964D9A359BAAD3B435B51404EE:A5C07214487C87B584E8877DE72DCA0B:::harderpass:"":B75838F7A57EE67993E28745B8BF4BA6:EC50F8A8149C93EF45AECB8AF96658E6:::demouser:"":261A6631FE44BA4993E28745B8BF4BA6:371D5760453C1B000BCC016F8E23A83C:::randy:"":98B5AFEB67293D6AAAD3B435B51404EE:A9F34664151F6360757B31644F37E025:::Asmith:"":E165F0192EF85EBBAAD3B435B51404EE:E4EBE0E7EF708DC9FD240135D3D43D89:::Bsmith:"":136A8418CF76C4F7AAD3B435B51404EE:3431E75AD08DCA56EB53AEAAB9926589:::csmith:"":BB26C063532826AA531C3383FDDBFF2A:A2746ED4129985C0251D2B968C4889FE:::Dsmith:"":A8EED815A197BD87AAD3B435B51404EE:F09A31889C35B8C9746B8F31FC3A868F:::Esmith:"":5A9DB9F8BB5DF0CBAAD3B435B51404EE:5FCC20A69EC76AD91214102B4D7DE24E:::Fsmith:"":213D466DB5B288F0F82E44EC0938F4F4:FAF10460760FA3F1ED804C7C724CB3D4:::Gsmith:"":385A83A746BFA8F2AAD3B435B51404EE:1CC1B3958B564125D307BA8D9D60DF69:::Hsmith:"":78BCCAEE08C90E29AAD3B435B51404EE:972E8E7D5568F70AC896B2C76E1395DC:::Jsmith:"":59E2DB85E9D49595B75E0C8D76954A50:147D125645D463C33D72309525E9B0BC:::Ksmith:"":59E2DB85E9D49595B75E0C8D76954A50:147D125645D463C33D72309525E9B0BC:::Lsmith:"":13D855FC4841C7B1AAD3B435B51404EE:3DCEBC92C0ED8F52B1D759DD35CF3F0F:::Msmith:"":D71808BF36F81510ADEE49688244F15A:45E8DA896575E2F5455B037FCC5AA51A:::Nsmith:"":9C92FA4960AC2536AAD3B435B51404EE:C318744C4291EA46BC65082636CC9509:::Osmith:"":1153C3961EE58C3BAAD3B435B51404EE:672532E8C0C490BD47254DAED1CDCB36:::Psmith:"":4A01C0E45FCA767AAAD3B435B51404EE:39981702716E054CBE6840A3CFD60327:::Qsmith:"":6842A19CC4C509E0AAD3B435B51404EE:9FDA95FD6FCEE9C2C998CB8010F61F16:::Rsmith:"":BC472F3BF9A0A5F63832C92FC614B7D1:D2A80A79980CFA21CB58B7CB129E2CAD:::Ssmith:"":09755C01D2789BD8AAD3B435B51404EE:62F740C2EA31E10B54DB64CE12E867A6:::Tsmith:"":13D855FC4841C7B1AAD3B435B51404EE:3DCEBC92C0ED8F52B1D759DD35CF3F0F:::Usmith:"":9E2204E2058AC9E9417EAF50CFAC29C3:476541DEC5CB507A795FC1E989C9D36F:::Vsmith:"":7F9CD2D7C93421D3F9DE51FBDAA2F725:16FAABB24B95B82EFC50B074B7324517:::Wsmith:"":AC814111DF804A7482EFD6B2A69511D6:15B194EB8D8F27761E32F76B001553A0:::Xsmith:"":AAD3B435B51404EEAAD3B435B51404EE:2321504F2FA9437FBBA66EA1623407D3:::LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Ysmith:"":D5662E6B23655BF74EC0DA4207C2DE66:75344B75B5A96614FE179C0188A9634A:::Zsmith:"":9224FC255C58C50E42B35806901777E7:0C105C9F4326C3AC100C2A5B7A04AD38:::TheAnswerssoyoucancheckyourwork.
testuser1testuser1(2)remotepassword(2)joeuserpassword(2)averageguyaverage(1)harderpassrootwars(2)demouserdemopass(2)randyrandy(1)AsmithABCd(1)Bsmithef456(1)csmithABC789!
@#12(2)Dsmith3!
@#(1)Esmith456!
@#(1)FsmithABCdef!
@#(2)GsmithgHgHgH(1)HsmithABC123(1)JsmithABCdef123^(2)KsmithABCdef123(2)LsmithABCdef(1)MsmithFOOTBALL!
@#(2)NsmithSOCCER(1)OsmithCROKET(1)PsmithCOW123(1)QsmithHOWNOW(1)RsmithBROWNCOW(2)SsmithgHaNdI(1)TsmithABCdef(1)UsmithRTdotnet(2)Vsmith!
pa55word!
(2)WsmithEASYoneISNTit(2)XsmithC@NTcR8ckm3CanU(X)noLMYsmithLSOISDABEST(2)ZsmithRAINBOWTABLEZ(2)**32usersand47LMhashes48Totalhashes.
XsmithwillonlybesavedasNTLMbecauseit'sgreaterthan14characters.
Youshouldseesomethingsimilartothefollowing:Figure1.
1:Rcrackatworkwithanlm_alpharainbowtableLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure1.
2:Theresultsofourcrackingattempt.
26ofour41hashesfoundinabout12minutes.
Alsonoticethatthehashforthepassword"password"isthesamebecausethereisnosaltingwiththeLANManagerhashingalgorithm.
statisticsplaintextfound:26of41(63.
41%)totaldiskaccesstime:62.
51stotalcryptanalysistime:742.
77stotalchainwalkstep:203410183totalfalsealarm:195135totalchainwalkstepduetofalsealarm:142852030resulttestuser1TESTUSEhex:54455354555345remotepasswordhex:70617373776f7264joeuserpasswordhex:70617373776f7264averageguyaveragehex:61766572616765harderpassrootwarshex:726f6f7477617273demouserdemopasshex:64656d6f70617373randyrandyhex:72616e6479AsmithABCdhex:41424364Bsmithhex:csmithhex:Dsmithhex:Esmithhex:Fsmithhex:GsmithgHgHgHhex:674867486748Hsmithhex:Jsmithhex:Ksmithhex:LsmithABCdefhex:414243646566MsmithFOOTBALhex:464f4f5442414cNsmithSOCCERhex:534f43434552OsmithCROKEThex:43524f4b4554Psmithhex:LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
QsmithHOWNOWhex:484f574e4f57RsmithBROWNCOWhex:42524f574e434f57SsmithgHaNdIhex:6748614e6449TsmithABCdefhex:414243646566UsmithRTdotnethex:5254646f746e6574Vsmithhex:WsmithEASYoneISNTithex:454153596f6e6549534e546974Xsmithhex:YsmithLSOISDABESThex:4c534f4953444142455354ZsmithRAINBOWTABLEZhex:5241494e424f575441424c455aExample2:WearegoingtobuildourowntablesusingConfiguration#1**Noteifyoubuiltyourconfiguration#0tablesusingrtgenusewinrtgen(seeexercise4)configuration#1hashalgorithmlmcharsetalpha-numeric(ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789)plaintextlengthrange1-7keyspace36^1+36^2+36^3+36^4+36^5+36^6+36^7=80603140212t2400m40000000l5diskusagem*16*l=3200000000B=3GBsuccessrate0.
9904meancryptanalysistime7.
6276smeancryptanalysistimeonalowmemorysystem(freememorysizemuchsmallerthan610MB)13.
3075smaxcryptanalysistime40.
6780sTablepre-computationcommands:rtgenlmalpha-numeric170240040000000allrtgenlmalpha-numeric171240040000000allrtgenlmalpha-numeric172240040000000allrtgenlmalpha-numeric173240040000000allrtgenlmalpha-numeric174240040000000allOna666Mhzmachinethetablepre-computationtimeisabout15days17hours,myP43.
2GHzwith1GBofRAMIcreatedatableaday;soabout5days.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure2.
1:CreatingourLMalpha-numericrainbowtables.
Nowrunthattableagainstthesamehashfile,don'tforgettosortthemfirst.
Youshouldcrackmost,ifnotall,ofthealpha-numericpasswords,asopposedtoalphapasswordsonlyfromconfiguration#0.
Figure2.
2:Theresultsofourattempts.
32of41passwordswerefound.
NotethatIranthisonmy3.
2GHzmachinebecauseIcreatedthetablesonitanddidn'twantcopy3GBofrainbowtablestotheslowcomputer.
statisticsplaintextfound:32of41(78.
05%)totaldiskaccesstime:233.
84stotalcryptanalysistime:233.
05stotalchainwalkstep:211003249totalfalsealarm:104620LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
totalchainwalkstepduetofalsealarm:91734872resulttestuser1testuser1hex:746573747573657231remotepasswordhex:70617373776f7264joeuserpasswordhex:70617373776f7264averageguyaveragehex:61766572616765harderpassrootwarshex:726f6f7477617273demouserdemopasshex:64656d6f70617373randyrandyhex:72616e6479AsmithABCdhex:41424364Bsmithef456hex:6566343536csmithhex:Dsmithhex:Esmithhex:Fsmithhex:GsmithgHgHgHhex:674867486748HsmithABC123hex:414243313233JsmithABCdef123hex:414243646566313233KsmithABCdef123hex:414243646566313233LsmithABCdefhex:414243646566MsmithFOOTBALhex:464f4f5442414cNsmithSOCCERhex:534f43434552OsmithCROKEThex:43524f4b4554PsmithCOW123hex:434f57313233QsmithHOWNOWhex:484f574e4f57RsmithBROWNCOWhex:42524f574e434f57SsmithgHaNdIhex:6748614e6449TsmithABCdefhex:414243646566UsmithRTdotnethex:5254646f746e6574Vsmithhex:WsmithEASYoneISNTithex:454153596f6e6549534e546974Xsmithhex:YsmithLSOISDABESThex:4c534f4953444142455354ZsmithRAINBOWTABLEZhex:5241494e424f575441424c455aExample3:ComparetheresultsofthesamehashfilewithCaininBruteforcemode,JohntheRipper,andLC4.
Cain,inbrute-forcemodewithanalpha-numericcharacterset,saysitwilltakeabout10hours.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
1:Caininbrute-forcemode.
Figure3.
2:After9+hoursitcracked27ofthe41hashesLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
JohntheRipper,indefaultmode,wasabletoquickly(about3minutes)crack32ofthe48hashes.
Figure3.
3:JTRatwork.
After24hourswehad45ofthe48hashes.
Figure3.
4:JTRafter24hoursofcrackingLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Theresultsofourefforts!
Allbut3ofthehasheswerecrackedin24hoursbyJohn.
The"Xsmith"accountwith15characterswasnotcracked.
Withenoughtimeweshouldhavebeenabletofindthepasswordsfor"csmith"and"Vsmith"Notethatthisreallywasn'tafairassessmentsincejohnwilltrycharactersnotinourrainbowtables.
Ifyouwantareallyfairassessment,youshouldmodifyjohn'sinifile.
ButIdon'tplanondoingitthat.
Thepointofthetablesisthespeed.
Buthonestly,forthispasswordfile,Johndidreallywell.
Figure3.
5:theresults45passwordscrackedLet'sseehowLC4fairsagainstourpasswordfile,IdidturnoffthedictionaryandhybridmodesonLC4andselectedalphanumericasourcharactersinthesessionoptions,sothisshouldbeaprettyfair"timetocrackthesamehashes"test.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
6:Loadingthepasswordfileof32usersintoLC4.
Figure3.
7:LC4estimatedabout11hourstobruteforcecrackthepasswordsusinganalphanumericcharacterset.
In11hourswewereabletocrack26outofthe32useraccountsbuttheXsmithaccountwasnotcrackedbecausewedidnotattemptanNTLMattack.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
8:So11hoursversus12.
3795minuteswiththerainbowtables.
Example4:UsingCainandAbel'sWinrtgentocreateyourRainbowTables.
WinrtgensupportsRainbowTablesforthefollowinghashing/encryptionalgorithms:LM,FastLM,NTLM,CiscoPIX,MD2,MD4,MD5,SHA-1,SHA-2(256),SHA-2(384),SHA-2(512),MySQL(323),MySQL(SHA1)andRIPEMD160.
Figure4.
1:OpenWinrtgenandselectAddTableLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure4.
2:SelectLM,1to7forMin/MaxLength,ChainLength2400andChainCount40,000,000.
Asyouseewithonetablewegetabout60%successrateanditwilltakeabout2daystocreatethetableonaP31GHzmachine.
FeelfreetomanipulateChainLength(rememberthatitwillincreasesuccessratebutincreasecomputationtime)towhateveryoucanhandlefortablepre-computationtime.
Iwillleaveitat2400fornow.
But60%isn'tthatgreat,fora99.
06%successrateyouwillneedtocreate5tables(3GBofspace)anditwilltakeabout12daystocreatethetables.
Fora99.
63%successrateyouwillneedtocreate6tables(3.
57GBofspace)anditwilltakeabout14daystogeneratethetables.
Iwillgowith5tablesforasuccessrateof99.
06%.
Figure4.
3:Creating5rainbowtableswithasuccessrateof99.
06%usingabout3GBofspace.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Hereisahandyreferencetable:Therearesometypicalconfigurations(forLMhashtype,lengthfrom1to7)youcanuse,forexample:#1#2#3#4Charsetalphaalpha-numericalpha-num-sym14allChainlength2,1002,40012,00020,000Chaincount8,000,00040,000,00040,000,000100,000,000Tables571320Successrate99.
9%99.
9%99.
9%99,6%Totalspace640Mb4,480Mb8,320Mb32,000MbMaxgen.
time18h35m6d5h67d18h369dMaxanalysistime8s16s15m53mExample5:UsingCainandAbeltocrackpasswordsusingRainbowTablesStep1:Download4andinstallCain.
Step2:Clickonthe"Cracker"tab.
Selectwhattypeofpasswordsyouwanttocrack.
InthiscaseLM&NTLMHashes.
Thenrightclickandselect"addtolist.
"Navigatetowhereyouhaveyourtextfileofhashes,selectitandthenselectnext.
Figure5.
1:Loadinghashesfromfile4DownloadCainandAbelfrom:http://www.
oxid.
it/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
2:HashesloadedintoCain,readytobecracked.
Step3:Rightclickandselect"selectall"thenrightclickagainandselectcryptanalysisattackand"LMHashesviaRainbowTables"Figure5.
3:SelectingacryptanalysisattackviaRainbowTables.
Step4:ClickonAddTable.
Thennavigatetowhereyouhaveyourrainbowtables,highlightthemallandselectOpen.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
4:Addingyourrainbowtablestouseforcracking.
Step5:Clickon"Start"andCainwillstarttoworkthroughtherainbowtables.
Figure5.
5:CainworkingthroughtheRainbowTablescrackingpasswords.
Step6:WhenitsalldoneclickExitanditwillshowyouthecrackedpasswords.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
6:CainfinishesrunningthoughtheRainbowTables.
Figure5.
7:OurcrackedpasswordsinCain.
NoticethatCainalsofoundtheNTLMpasswordbasedontheLMpassword.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Iamstillconfusedwhatdoes"X,Y,orZ"meanHerearesomethingsthatmaynotbeimmediatelyclearwhendealingwithrainbowtables:1-Whatdoes"t","m",and"l"meanorstandforToanswerthis,let'sanalyzeanrtgencommand:rtgenlmalpha17021008000000allrtgenobviouslymeanstheprogramtorun.
"lm"meanswewanttogenerateLANManagertables.
"alpha"meanwewanttousethecharacterslistedinourcharset.
txtfileforalpha:alpha=[ABCDEFGHIJKLMNOPQRSTUVWXYZ]"1"and"7"areourplaintextranges.
Sowewantpasswordsfrom"A"to"ZZZZZZZ.
"Ifwehadputplaintextlengthrange"4-6","AAAA"and"ZZZZZZ"wouldbeamongthekeyspace;but"AAA"wouldnotbecauseithasalength3.
Rememberthat,forLANManager,passwordstheyarebrokenupinto7characterchunks,sotherewouldbenoneedtodoaplaintextrangeof1to8.
The"0"isourtablenumberorrainbowtablecount,ifyoulookatthertgencommandstogenerateconfiguration#0wecreatefivetables0to4.
Thisissowecansplituptablesbetweencomputersmakingtherainbowtablesandtoincreaseoursuccessrate.
"2100"isourrainbowchainlength.
Chainlengthincreasesthesuccessratepertablebutdoesnotincreasetablesize.
Itcomputesmorehashesperchainbutalsotakeslongertocreateandsearchthetable.
Acommon"upper"valueforchainlengthis4000-5000.
"8000000"isourrainbowchaincountofeachrainbowtable.
Chaincountissimplyhowmanychainsyouwantpertable.
Increasingthisvalueproduceslargerfileswithhighersuccessrates,buttheoverallcomputationtimeisn'taffected.
Youcanadjustthechaincountsoyourrainbowtablesareconvenientlysized(likeforaCDorDVD).
The"all"isourfiletitlesuffixorwhatwewantappendedtotheendofourtable'sfilename,itcanbeanythingyouwant.
2-WhatdothedifferentchainlengthsandchaincountsmeanChainLengthincreasesthesuccessratepertable.
Itcomputesmorehashesperchainbutalsotakeslongertocreateandsearchthetable.
Acommon"upper"valueforchainlengthis4000-5000butitcanbewhateveryouwant.
Chaincountissimplyhowmanychainsyouwantpertable.
Increasingthisvalueproduceslargerfileswithhighersuccessrates,buttheoverallcomputationtimeisn'taffected.
Youcanadjustthechaincountsoyourrainbowtablesareconvenientlysized(likeforaCDorDVD)ortoincreasethesuccessrate.
3-Whycan'tIcreatejustonerainbowtableYoucan!
Buttogetahighenoughsuccessratethattablewillbetoolargetosearchinareasonableamountoftime.
Thatiswhywenormallycreateseveral.
Nowwecould,byadjustingchainlengthandchaincount,createagiantrainbowtablebutwewillhavetosortit,whichwilltakealongtimeandthensearchit,whichwilltakeanevenlongertime;thusreducingthewholepointofrainbowtables.
Itwouldbeamoreefficientuseofspacetocreatemanyrainbowtablessoyoucansortandsearchthemfaster.
4-Iamstillconfused!
Then1)goreadthepaper:http://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03and2)checkoutthenextsectionforsomeexampleswithWinrtgenwhichallowsyoutosee(graphically)howchangingvalueschangessuccessrates,tablesize,andtablegenerationtime.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
UsingWinrtgentoseehowchainlength,chaincountandnumberoftableseffectssuccessrateandcomputationtimeWecanseeinthisexamplethatwegeta97.
80%successratewithoneLMALPHArainbowtablewithaChainLengthof2400andaChainCountof40,000,000.
Itwilltake2.
23daystogeneratethetableonthecomputer(aP31.
0Ghzwith512MBofRAM).
IncreasingtheChainLengthto4000increasesoursuccessrateto99.
11%butitnowtakes3.
67daystogeneratethetable.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
LMConfiguration#0Configurationwith1table.
75%successratebutonlytakes9hourstogeneratethetable.
LMConfiguration#0with5tables(therecommendedconfiguration).
NoticethatforroughlythesameamountoftimeandspaceasourfirstexamplewithaChainLengthof2400andaChainCountof40,000,000andasuccessrateof97.
80%wecanget99.
90%withthisRainbowTableconfiguration.
Anotherthingtonotethatwedon'tseeissorttimeandhowmuchlongerittakestosortonebigtableversusseveralsmallertables.
Let'sseehowlongittakestocreatetablestofind"all"possiblepasswordcombinations—minus"ALT-XXXcommands.
"Fora1GBtableitwilltake23dayswitha12.
25%successrate.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Anditwilltake4.
6years(onaP31GHzmachine)togenerateenoughtablestoreach99.
98%!
!
!
ProtectingyourselfagainstRainbowCrackattacksandotherpasswordattacks-Limitingphysicalaccess-Continuetoforcetheuseofspecialcharacters-KeepupwithupdatesLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
-Passphrases-UseNTLMorNTLMv2WhatifmyWindowspasswordislongerthan14charactersortheLANManagerhashisnotstoredIfyoursystemsdonotrequiretheLANManager(LM)hash(forexampleifyouarerunninganActiveDirectory(AD)domain),orifyourpasswordis>14characterslong,theLMhashwillbestoredastheblankLMhash,eventhoughthecleartextpassworditselfisnotblank.
BasicallynoneofthecrackingtoolswillseeaLMhash.
Ifthisisthecase,youwillneedtoaudityourpasswordhashesagainsttheNTLMcharacterset.
LimitingphysicalaccessIt'sawellknownfactthatifsomeonehasphysicalaccesstoamachinethenit'snotsecure.
Theycanwalkoffwithit,taketheharddrive,turnitoff,etc.
OnecommonattackifyouhavephysicalaccesstoamachineistouseabootableLinuxdistrotosimplybootintoLinuxandgrabtheSAMfileoffthewindowspartition.
Youcanthencrackitatyourleisure.
IronGeekwroteagoodtutorialonthismethodandevenhasavideoyoucanwatch.
Youcangetithere:http://www.
irongeek.
com/i.
phppage=security/localsamcrack2ContinuetoforcetheuseofspecialcharactersEventhoughrainbowtablescanripthruaLMpasswordwithanytypeofspecialcharacteritstilltakesalargeamountoftime(1-2years)togeneratethem,thiswilldetermostpeopleorforcethemtouseanonlinehashcrackingservice5.
Italsogreatlyincreasesthetimeforbruteforceattempts.
InLC4wegofrom9-11hourstobruteforcealpha-numericpasswordto91daystobruteforcepasswordswiththepossibilityofallspecialcharacters(minusALT-XXXpasswords).
Brute-forcecrackingtimeisgreatlyincreasedbyusingspecialcharactersinyourpasswords.
From9hourswithjustalpha-numericto91dayswithallcharacters.
5http://www.
rainbowcrack-online.
com/orhttp://www.
plain-text.
info/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
KeepupwithupdatesKeepupwithyoursecuritypatches.
Whileyoucan'tprotectagainstzerodayexploitsyoucanprotectagainstexploitsthathavepatches!
Allofthepassworddumpingtoolsmusthaveadministrativelevelprivilegestodumpthehashes.
Youcankeepthemajorityofthebadguysoutbypatchingyourmachinespromptlyagainstpublicexploits.
Thiswillhelpkeepyouprotectedfromthatsystem/administrativelevelexploitthatwasjustreleasedtothepublic.
PassphrasesUsingpassphrasesistheeasiestandsimplestwaytoprotectyounetworkfrompasswordcracking.
Ifyourpasswordpolicymakesuseofpassphrasesthataregreaterthan14charactersANDusespecialcharactersyoucanprotectyourselffromallbutthedeterminedattackers.
IfyournetworkisWindows2000andaboveyouhaveamaximumlengthof127charactersonyourpassword/passphrase;sosky'sthelimit.
Apassphraselike"ThisismyStupidPassPhrase!
"islongenoughtobestoredasNTLMorNTLMv2(becauseitislongerthan14characters),hasUppercase,Lowercase,Spaces,andSpecialCharacters,andiseasytoremember.
Thisisamuchmoresecurepasswordthaneven"@w3cjd$Beu=mDr".
Ifyoucangetyouruserstodosomecharactersubstitutionontheirpassphrasesevenbetter!
Theuseofstrongpasswordswithinanenvironmentneedstobemandatedforusers.
UsingthestrongerNTLMv2hashingschemewon'tpreventasuccessfuldictionaryattack.
TheuseofstrongpasswordscanbeenforcedonWindowsNTthroughtheuseofthepassfilt.
dll.
ThisisdescribedinMicrosoftKnowledgebaseArticle1619906.
TheuseofstrongpasswordsinWindows2000,XPand2003canbeenforcedbysettingsintheGroupPolicy,whichisdescribedinMicrosoftKnowledgebaseArticle2252307.
UseNTLMorNTLMv2Insteadofstoringyouruseraccountpasswordinclear-text,Windowsgeneratesandstoresuseraccountpasswordsbyusingtwodifferentpasswordrepresentations,generallyknownas"hashes.
"Whenyousetorchangethepasswordforauseraccounttoapasswordthatcontainsfewerthan15characters,WindowsgeneratesbothaLANManagerhash(LMhash)andaWindowsNThash(NThash)ofthepassword.
ThesehashesarestoredinthelocalSecurityAccountsManager(SAM)databaseorinActiveDirectory.
TheLMhashisrelativelyweakcomparedtotheNThash,anditisthereforepronetofastbruteforceattack.
Therefore,youmaywanttopreventWindowsfromstoringanLMhashofyourpasswordWindows2000-basedserversandWindowsServer2003-basedserverscanauthenticateuserswhoconnectfromcomputersthatarerunningallearlierversionsofWindows.
However,versionsofWindowsearlierthanWindows2000donotuseKerberosforauthentication.
Forbackwardcompatibility,Windows2000andWindowsServer2003supportLANManager(LM)authentication,WindowsNT(NTLM)authentication,andNTLMversion2(NTLMv2)authentications.
TheNTLM,NTLMv2,andKerberosallusetheNThash,alsoknownastheUnicodehash.
TheLMauthenticationprotocolusestheLMhash.
TheuseofLANManagerhashesonthenetworkcanbedisabledonWindowsNT,2000,2003&XPthroughregistryeditsorthroughtheLocalSecurityPolicy.
TheinstructionstodosocanbefoundatinMicrosoftKnowledgebaseArticle1477068.
ThestorageofLANManagerhashesalsoneedstobedisabled;thiscanbedoneforWindows2000,XPand2003againviaregistryeditsortheLocalSecurityPolicy.
TheinstructionstodosocanbefoundatinMicrosoftKnowledgebaseArticle2996569.
Method1:ImplementtheNoLMHashPolicybyUsingGroupPolicy6http://support.
microsoft.
com/default.
aspxscid=kb;en-us;1619907http://support.
microsoft.
com/default.
aspxscid=kb;en-us;2252308http://support.
microsoft.
com/default.
aspxscid=kb;en-us;1477069http://support.
microsoft.
com/default.
aspxscid=KB;EN-US;q299656&LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
TodisablethestorageofLMhashesofauser'spasswordsinthelocalcomputer'sSAMdatabasebyusingLocalGroupPolicy(WindowsXPorWindowsServer2003)orinaWindowsServer2003ActiveDirectoryenvironmentbyusingGroupPolicyinActiveDirectory(WindowsServer2003),followthesesteps:1.
InGroupPolicy,expandComputerConfiguration,expandWindowsSettings,expandSecuritySettings,expandLocalPolicies,andthenclickSecurityOptions.
2.
Inthelistofavailablepolicies,double-clickNetworksecurity:DonotstoreLANManagerhashvalueonnextpasswordchange.
3.
ClickEnabled,andthenclickOK.
Method2:ImplementtheNoLMHashPolicybyEditingtheRegistryWindows2000SP2andLaterToaddthiskeybyusingRegistryEditor,followthesesteps:1.
StartRegistryEditor(Regedt32.
exe).
2.
Locateandthenclickthefollowingkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa3.
OntheEditmenu,clickAddKey,typeNoLMHash,andthenpressENTER.
4.
QuitRegistryEditor.
5.
Restartthecomputer,andthenchangeyourpasswordtomakethesettingactive.
NotesThisregistrykeychangemustbemadeonallWindows2000domaincontrollerstodisablethestorageofLMhashesofusers'passwordsinaWindows2000ActiveDirectoryenvironment.
ThisregistrykeypreventsnewLMhashesfrombeingcreatedonWindows2000-basedcomputers,butitdoesnotclearthehistoryofpreviousLMhashesthatarestored.
ExistingLMhashesthatarestoredwillberemovedasyouchangepasswords.
WindowsXPandWindowsServer20031.
ClickStart,clickRun,typeregedit,andthenclickOK.
2.
Locateandthenclickthefollowingkeyintheregistry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa3.
OntheEditmenu,pointtoNew,andthenclickDWORDValue.
4.
TypeNoLMHash,andthenpressENTER.
5.
OntheEditmenu,clickModify.
6.
Type1,andthenclickOK.
7.
Restartyourcomputer,andthenchangeyourpassword.
NotesThisregistrychangemustbemadeonallWindowsServer2003domaincontrollerstodisablethestorageofLMhashesofusers'passwordsinaWindows2003ActiveDirectoryenvironment.
Ifyouareadomainadministrator,youcanuseActiveDirectoryUsersandComputersMicrosoftManagementConsole(MMC)todeploythispolicytoalldomaincontrollersorallcomputersonthedomainasdescribedinMethod1(ImplementtheNoLMHashPolicybyUsingGroupPolicy).
ThisDWORDvaluepreventsnewLMhashesfrombeingcreatedonWindowsXP-basedcomputersandWindowsServer2003-basedcomputers.
ThehistoryofallpreviousLMhashesisclearedwhenyoucompletethesesteps.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
WindowsNTControlofNTLMsecurityisthroughthefollowingregistrykey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSAName:LMCompatibilityLevelType:REG_DWORDValue:5:DCrefusesLMandNTLMresponses(acceptsonlyNTLMv2)Value:4:DCrefusesLMresponsesValue:3:SendNTLMv2responseonlyValue:2:SendNTLMresponseonlyValue:1:UseNTLMv2sessionsecurityifnegotiatedValue:0:default-SendLMresponseandNTLMresponse;neveruseNTLMv2sessionsecurityMoreinformationonthevalues:Level0-SendLMandNTLMresponse;neveruseNTLM2sessionsecurity.
ClientsuseLMandNTLMauthentication,andneveruseNTLM2sessionsecurity;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level1-UseNTLM2sessionsecurityifnegotiated.
ClientsuseLMandNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level2-SendNTLMresponseonly.
ClientsuseonlyNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level3-SendNTLM2responseonly.
ClientsuseNTLM2authentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level4-DomaincontrollersrefuseLMresponses.
ClientsuseNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersrefuseLMauthentication(thatis,theyacceptNTLMandNTLM2).
Level5-DomaincontrollersrefuseLMandNTLMresponses(acceptonlyNTLM2).
ClientsuseNTLM2authentication,useNTLM2sessionsecurityiftheserversupportsit;domaincontrollersrefuseNTLMandLMauthentication(theyacceptonlyNTLM2).
Method3:UseaPasswordThatIsatLeast15CharactersLongThesimplestwaytopreventWindowsfromstoringanLMhashofyourpasswordistouseapasswordthatisatleast15characterslong.
Inthiscase,WindowsstoresanLMhashvaluethatcannotbeusedtoauthenticatetheuser.
TogetanideaofthepowerofusingNTLMforyourhashalgorithmletsseehowlongitwilltaketogenerateaNTLMmixed-alphanumericrainbowtablewithWinrtgen:LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Foramixed-alphanumericNTLMtableitwilltake2.
5daystogenerateonetablewitha4.
32%successrate.
Itwilltakeover100rainbowtables,60GBofspace,and252daystocreatethetablestocrackthesamepasswords(witha98.
80%successrate)wehavebeenattackingthroughoutthispaperiftheywerestoredasNTLMinsteadofLM!
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
ConclusionAsyoucanseeRainbowTablesandRainbowCrackarepowerfulpasswordauditingtools.
ThebestcourseofactiontoprotectyourselfistonotallowthestorageanduseofLANManager(LM)passwordsonyournetworkifyoudon'tabsolutelyneedtoandcreateandenforceastrongpasswordpolicythatwillforcethestorageanduseofpasswordsasNTLMandnotLM.
Additionally,thetimetocomputeandspacerequirementsofcomplexRainbowTablesshouldlimittheuseofthemtoonlydeterminedattackersorauditors.
Astrongpasswordpolicy,strongdomainsecuritypolicy,andkeepingupwithyourpatchesandupdatesisyourbestsafeguardagainstpasswordattacks.
ReferencesPasswordAttackDiscussion&BenchmarksbyAlanAmesbury**WhereIgotthebenchmarkingnumbers(slightlymodified)http://www1.
umn.
edu/oit/security/passwordattackdiscussion.
htmlRainbowCrack--NotaNewStreetDrughttp://redmondmag.
com/columns/article.
aspEditorialsID=736RainbowTables:Nature,Use,andGenerationhttp://security.
the-engine.
org/documents/48/rainbow-tables-nature-use-and-generation"FasterCryptanalytictime–memorytradeoff'paperbyPhilippeOechslinhttp://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03ProjectRainbowCrackhttp://www.
antsight.
com/zsl/rainbowcrack/GetFreeRainbowTablesviatorrentfileshttp://rainbowtables.
shmoo.
com/TheTacticalUseofRainbowCracktoExploitWindowsAuthenticationinaHybridPhysical-ElectronicAttackbyMikeMahurinhttp://www.
giac.
org/practicals/GCIH/Mike_Mahurin_GCIH.
pdfPasswordCracking:RainbowTablesExplainedhttps://www.
isc2.
org/cgi-bin/content.
cgipage=738HowtopreventWindowsfromstoringaLANmanagerhashofyourpasswordinActiveDirectoryandlocalSAMdatabaseshttp://support.
microsoft.
com/default.
aspxscid=KB;EN-US;q299656&HowtodisableLMauthenticationonWindowsNThttp://support.
microsoft.
com/default.
aspxscid=kb;EN-US;q147706HowtoenableNTLM2authenticationhttp://support.
microsoft.
com/default.
aspxscid=kb;EN-US;q239869LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
AbouttheAuthorChrisGates,CISSPservesastheoperationsmanagerandcoursementorforLearnSecurityOnline.
com.
Feelfreetoemailcommentsandsuggestionsonthetutorialtochris[at]learnsecurityonline[dot]com.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
RainbowTables&RainbowCrackIntroductionRainbowtablesreducethedifficultyinbruteforcecrackingasinglepasswordbycreatingalargepre-generateddatasetofhashesfromnearlyeverypossiblepassword.
RainbowTablesandRainbowCrackcomefromtheworkandsubsequentpaperbyPhilippeOechslin.
1Themethod,knownastheFasterTime-MemoryTrade-OffTechnique,isbasedonresearchbyMartinHellman&RonaldRivestdoneintheearly1980'sontheperformancetrade-offsbetweenprocessingtimeandthememoryneededforcryptanalysis.
Inhispaperpublishedin2003,Oechslinrefinedthetechniquesandshowedthattheattackcouldreducethetimetoattack99.
9%ofMicrosoft'sLANManagerpasswords(alphacharactersonly)to13.
6secondsfrom101seconds.
Furtheralgorithmrefinementsalsoreducedthenumberoffalsepositivesproducedbythesystem.
ThemainbenefitofRainbowTablesisthatwhiletheactualcreationoftherainbowtablestakesmuchmoretimethancrackingasinglehash,aftertheyaregeneratedyoucanusethetablesoverandoveragain.
Additionally,onceyouhavegeneratedtheRainbowTables,RainbowCrackisfasterthanbruteforceattacksandneedslessmemorythanfulldictionaryattacks.
RainbowTablesarepopularwithaparticularlyweakpasswordalgorithmknownasMicrosoftLMhash.
LMstandsforLANManager,thispasswordalgorithmwasusedinearlierdaysofWindowsandstilllivesononlyforcompatibilityreasons.
BydefaultWindowsXPorevenWindowsServer2003keepstheLMhashofyourpasswordsinadditiontoamoresecurehash(NTLMorNTLMv2).
ThisallowsforthebenefitofbackwardscompatibilitywitholderoperatingsystemsonyournetworkbutunfortunatelymakesthejobofpasswordcrackingeasierifyoucanobtaintheLMhashesinsteadoftheNTLMhashes.
Microsoft'sLANManageralgorithmanditsweaknessesLMisweakforseveralreasons.
First,it'snotcase-sensitive(itcovertseverythingtouppercase),whichsignificantlyreducespasswordsearchspace.
Thismeansthatevenifmypasswordis"PaSsWoRD"LMconvertsittoPASSWORD.
Considerthenumberofpossiblesevencharacterpasswordsmadeexclusivelyfromletters,i.
e.
,nonumbers,symbols,etc.
Foracase-insensitivealgorithm(likeLANManager)thismeansthere'satotalof26possiblevaluesforeachcharacterpositioninthepassword.
Here'showacase-insensitivealgorithm'ssearchspacecomparestooneforacase-sensitivealgorithm:NumberofpossiblecharactersNumberofpossiblesevencharacterpasswords26267(8,031,810,176orabout8.
0319)52527(1,028,071,702,528orabout1.
02812)SoifyouhavethesameCPU,thesamememory,andallotherfactorsbeingequal;thedoublingofpossiblevaluesinthecharacterspacewillresultin,notthedoublingofpasswordstocrack,butanincreaseacoupleordersofmagnitudeinthenumberofpasswordstocrack.
SoifweassumethatLMcanuseeverycharacteronastandardUSkeyboardithasacharactersetof69possiblecharacters.
1http://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
CountClass26allletters(upperandlowercombined)10digits10shiftedsymbolsfromdigitkeys22remainingsymbolsandtheirshiftedcounterparts1space69totalCase-sensitivealgorithms(e.
g.
,thepasswordhashingalgorithmonmostUnixvariants,andMicrosoft'sNTLMandNTLMv2)giveusanadditional26charactersperposition,oracharactersetof95possibilities.
Tocalculatethetotalnumberofpossiblepasswordsforagivenalgorithm,youaddthetotalnumberofpasswordsforeachvalidpasswordlength(oratleasteachvalidpasswordlengthforthepasswordspaceyou'researching).
LM'smaximumeffectivepasswordlengthissevencharactersforatotalsearchspaceof7,555,858,447,479possiblepasswords(about7.
55612).
#charactersinpasswordNumberofpossiblepasswords169(691)24,761(692)3328,509(693)422,667,121(694)51,564,031,349(695)6107,918,163,081(696)77,446,353,252,589(697)7,555,858,447,479totalAcase-sensitivealgorithmwouldgiveusanadditional26characters,foratotalof95.
Withthelargercharacterset(butstickingwiththesevencharacterpasswordlimitforthemoment),thetotalsearchspaceis70,576,641,626,495possibilities(about7.
05813).
#charactersinpasswordNumberofpossiblepasswords195(951)29,025(952)LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
3857,375(953)481,450,625(954)57,737,809,375(955)67,350,918,906,25(956)769,833,729,609,375(957)70,576,641,626,495totalSo,analgorithmthat'scase-sensitivehasapasswordsearchspaceaboutninetimeslargerthanMicrosoftLANManager'sAsecondproblemwithLMisthatit'seffectivelylimitedtoonlysevencharacters.
LMcanacceptpasswordsupto14charactersinlengthandtreatsanyvaluesintheeighththroughfourteenthcharacterpositionasasecond,completelyindependentpassword.
(Charactersbeyondthe14thareignored.
)Forexample,givenapasswordofninecharacters,LMhashespassword'sfirstsevencharactersandstorestheresult,thenhashestheremainingtwocharactersandstoresthemaswell.
WhenattackingLM,anattackercanimmediatelytellwhichaccountshavesevencharactersorlessbecausetheywillallsharethesamevalueforthesecondhalfofthepassword.
Whileit'struethatpasswordsof8-14characterseffectivelyrequireexaminationoftwoseparatehashvalues,thisisarelativelycheapoperationandnotonewhichhasgreatimpactonspeedbecausethepasswordissoshort.
DoesaddinganeighthcharacterreallymakethatmuchofadifferenceTheshortanswer:absolutely!
IfLMcouldactuallyhasheightcharacterpasswords(asopposedtotheeffectivesevencharacterlimitimposedbyitsdesign),itstotalsearchspacewouldbenoticeablylarger,asshownhere:#charactersinpasswordNumberofpossiblepasswords169(691)24,761(692)3328,509(693)422,667,121(694)51,564,031,349(695)6107,918,163,081(696)77,446,353,252,589(697)8513,798,374,428,641(698)521,354,232,876,120total(orabout5.
21414)LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
5.
21414reallyislargerthan7.
55612.
Theadditionalcharacterincreasestotalsearchspacebyaboutafactorofabout69,anotabledifference.
Casesensitivitybecomesevenmoreimportantwhenyouusealgorithmscapableofhandlingpasswordswithmorethansevencharacters.
#charactersinpasswordNumberofpossiblepasswords195(951)29,025(952)3857,375(953)481,450,625(954)57,737,809,375(955)67,350,918,906,25(956)769,833,729,609,375(957)86,634,204,312,890,625(958)6,704,038,042,500,000total(orabout6.
70415)Modernpasswordhashingalgorithms(toincludeNTLMandNTLMv2)canusemorethaneightcharacters,sothesearchspaceinvolvedrapidlybecomes—toputitmildly—VERYLARGE.
ThemaximumlengthforWindowspasswordsdependsontheOSversion.
Windows2000,WindowsXP,andWindowsServer2003supportpasswordsupto128characters,butolderversionsofWindows(98,ME,NT)onlysupportpasswordsupto14charactersOneofthecharacteristicsofstrongauthenticationalgorithmsisthatthey'recomputationallyexpensive;meaningthattryingtoiteratethroughthemalargenumberoftimes(likewhensomeone'sgrindingthroughadictionary)issupposedtotakeawhile.
LM'sthirdweaknessisthatit'scomputationallycheap,atleastcomparedwithotherpasswordhashingalgorithms.
Here'ssomepasswordcalculationratesforseveralalgorithmsasimplementedinJohntheRipper(awellknownpassword"cracker")onalow-endAthlon64anda3.
2GHzXeon.
NotethatthisinstanceofJohnhasbeenpatchedtobeabletohandle"NTMD4"(NTLM):"crypts/sec"HashingalgorithmAthlon642800+3.
2GHzXeonDES,onesalt569,313319,960FreeBSDMD54,0798,950OpenBSDBlowfish292448NTMD4(NTLM)1,101,000991,817NTLMDES(LANMAN)5,180,0004,524,000LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
DES(theoldUnixcrypt()function)isonlyatenthasfastasLM(rememberingthatthisisoneareawherespeedisBAD).
OpenBSD'sBlowfish-basedhashingalgorithmgetsthetortoiseprize;itscomputationalexpensemakesitaveryunappetizingtargetforbrute-forceattacks.
WhatthesenumbersmeansisthatIget4,524,000guessesasecondagainstaLANManagerpasswordandIonlyget319,960guessasecondagainstaDESpassword;ahugedifference.
Finally,LMusesnosalt.
Asaltisessentiallyarandomvaluetossedintothecomputationalmixwhengeneratingapasswordhash.
Theideabehindusingasaltisitrandomlychangestheoutputofthehashfunction,makingitmuchmoredifficulttosimplycomparehashestodetermineifpasswordsareidentical.
Iftwousershappentopickthesamepassword,analgorithmthatusessaltswillmakeitharderforanattackertodetectthatbecausethehasheswouldbedifferent.
Nowthatweknowsomethingaboutalgorithms,theirspeeds,etc.
,wecanfigureoutreal-worldattackspeeds.
We'vealreadydeterminedthetotalnumberofpossiblepasswordswithLMissomethinglike7.
55612.
Wealsoknowthata3.
2GHzXeoncangothroughthesepossibilitiesatarateofaround4.
5246/second.
Aroughestimateputsthetimeneededtochewthroughallthepossibilities(usingthe3.
2GHzXeonbenchmarkedabove)inabout1.
76seconds.
Apossiblymoreaccurateestimateis:(7,555,858,447,479passwords)/(4,524,000passwords/sec)=1670203secondsThat'saround19daystoworkthroughallpossiblepasswordsgivenLM'savailablesearchspace.
However,sincetheoddsarethatanattackerwillguessyourpasswordwithinthefirsthalfofallpossibilities(assumingacompletelyrandomsearch,evendistribution,etc.
),thehalf-life(abouteightdays)isabetternumbertouseforplanningapassword'susablelifetime.
Here'showLMstacksupagainsttheoldUnixcrypt()functionandNTLM,usingthetimingsandpasswordspacesshownabove(andlimitingtheotheralgorithmstoamaximumofeightcharacters,eveniftheymightbeabletousemore):AlgorithmSizeofpasswordspaceHalflifelengthinsecondsLANMAN7.
556121.
4596(~8days)NTLM6.
704153.
0459(~95years)crypt()6.
704155.
8889(~185years)*FreeBSDMD56.
704157.
49111(>11,000years)Mostuserschangetheirpasswordsoftenenoughthatcrypt()eventhoughit'sdefinitelyshowingitsage,stillprovidesquiteabitofprotectionagainstbrute-forceattacks(185yearsforan8characterpassword).
It'salsoprettyclearthatasmallerpasswordsearchspace(8orlesscharacters)playsaBIGroleinsuccessfulattacks(8-9days).
SothesearerealisticnumbersfortoolslikeJohntheRipperandL0phtcrack(LC4/LC5)letsseehowRainbowCrackstacksupagainstbruteforceanddictionaryattacktoolslikeJohntheRipperandL0phtcrack.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
UsingRainbowtablesisn'tpasswordguessing;it'sadatabaselookup.
Likewealreadymentioned,theideaisthatanattackeronlyhastocomputehashesonce(orbuyacopyofthempre-computed),ratherthanattackingpasswordsthroughcomputationalpower.
Forexample:LMconfiguration#0charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ]keyspace8353082582tablesize610MBsuccessprobability0.
9990Hasasuccessprobabilityof99.
90%andonlytakesup610MB.
LMconfiguration#1charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]keyspace80603140212tablesize3GBsuccessprobability0.
9904Hasasuccessprobabilityof99.
04%andtakesup3GB.
LMconfiguration#5charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!
keyspace915358891407(2^39.
7)tablesize24GBsuccessprobability0.
99909Hasasuccessprobabilityof99.
1%andtakesup24GB.
Thisisstartingtogetlargebut1)notTHATlargewithascheapasharddrivespaceisand2)withthecharactersetinvolved.
Don'tforgetthiswillworkonpasswordsupto14charactersaswell.
Whatstartstomakeadifferenceishowlongittakestocomputethesetables.
LMconfiguration#6charset[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!
keyspace7555858447479(2^42.
8)tablesize64GBsuccessprobability0.
999Hasasuccessprobabilityof99.
9%andtakesup64GB.
Thischaractersetincludesallpossiblecharactersonastandardkeyboard(notincludingalt+xxxcharacters).
Sothistablesetislikelytocrackanywindowspasswordup14charactersinminutes.
Thisisgreatbutononecomputeritwilltakeabout2yearstogeneratethesetables(FasterTime-MemoryTrade-OffTechnique).
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
YoucanseedemosofsomeoftheseconfigurationsinactionattheProjectRainbowCrackwebsite2UsingRainbowTables&RainbowCrackExample1:FirstdownloadRainbowCrackforyourplatformfromwww.
antsight.
com/zsl/rainbowcrack/.
WewilluseourLMalpha(configuration0)rainbowtables.
**Youwillneedtoeithercreatethemorunzip3themandtheythewilllooksomethinglike:128,000,000byteslm_alpha#1-7_0_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_1_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_2_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_3_2100x8000000_all.
rt128,000,000byteslm_alpha#1-7_4_2100x8000000_all.
rtIfeverythinggoeswell,backupallfiles(recommendedespeciallyifyoujustmadethemanddidn'tdownloadthem)andthengetreadytosortthem.
Tospeedupthesearchofourrainbowtable,weshouldsorttherainbowtablewith"rtsort.
exe"inadvance.
Infact"rcrack.
exe"onlyacceptssortedrainbowtables.
Wesorttherainbowtablesbyusingthefollowingcommand:Usethesecommands:rtsortlm_alpha#1-7_0_2100x8000000_all.
rtrtsortlm_alpha#1-7_1_2100x8000000_all.
rtrtsortlm_alpha#1-7_2_2100x8000000_all.
rtrtsortlm_alpha#1-7_3_2100x8000000_all.
rtrtsortlm_alpha#1-7_4_2100x8000000_all.
rtEachcommandwilltakeseveralminutestocomplete.
The"rtsort.
exe"utilitywillsortthefileandwritebacktotheoriginalfile.
Notice:Iffreememorysizeissmallerthanthefilesize,wecan'tloadthefileintomemoryatatime.
Inwhichcaseextrafreediskspaceaslargeasthefiletobesortedisrequiredtoapplyanexternalsort.
Oncertsorthascompletedyouarereadytousercrackagainstsomehashes.
Toseeavailableoptionsjusttype"rcrack"C:\rainbowcrack-1.
2-win\rainbowcrack-1.
2-win>rcrackRainbowCrack1.
2-MakingaFasterCryptanalyticTime-MemoryTrade-OffbyZhuShuangleihttp://www.
antsight.
com/zsl/rainbowcrack/usage:rcrackrainbow_table_pathname-hhashrcrackrainbow_table_pathname-lhash_list_filercrackrainbow_table_pathname-fpwdump_filerainbow_table_pathname:pathnameoftherainbowtable(s),wildchar(*,)supported2ProjectRainbowCrackwebsitewww.
antsight.
com/zsl/rainbowcrack/3FreeRainbowtablesfordownloadviatorrenthttp://rainbowtables.
shmoo.
com/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
-hhash:userawhashasinput-lhash_list_file:usehashlistfileasinput,eachhashinaline-fpwdump_file:usepwdumpfileasinput,thiswillhandleLANManagerhashonlyexample:rcrack*.
rt-h5d41402abc4b2a76b9719d911017c592rcrack*.
rt-lhash.
txtrcrack*.
rt-fhash.
txtLaunchtheprogrambyissuingthecommand:rcrackc:\rainbowcrack\*.
rt-lhashlist.
txtYoushouldreplace"c:\rainbowcrack\"withwhereyouplacedyoursortedrainbowtables.
Tocracksomehashedwindowspasswords,thesyntaxissimilar:rcrackc:\rainbowcrack\*.
rt-fpwdumpfile.
txtrcrackc:\rainbowcrack\*.
rt-ljusthashlist.
txtrcrackc:\rainbowcrack\*.
rt–h213D466DB5B288F0F82E44EC0938F4F4Wherepwdumpfile.
txtistheresultsofusingahashdumpingutilitylikepwdump2,pwdump3,samdump,etctodumptheLANManagerspasswords.
Ifyourpasswordconsistsofonlylettersonly,rcrackshouldbeabletocrackitwithasuccessrateof99.
9%.
Let'stryitagainstthefollowinghashfileinpwdumpformat(sousethe–foption):testuser1:"":0F20048EFC645D0A179B4D5D6690BDF3:1120ACB74670C7DD46F1D3F5038A5CE8:::remote:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:::joeuser:"":E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:::averageguy:"":299CCF964D9A359BAAD3B435B51404EE:A5C07214487C87B584E8877DE72DCA0B:::harderpass:"":B75838F7A57EE67993E28745B8BF4BA6:EC50F8A8149C93EF45AECB8AF96658E6:::demouser:"":261A6631FE44BA4993E28745B8BF4BA6:371D5760453C1B000BCC016F8E23A83C:::randy:"":98B5AFEB67293D6AAAD3B435B51404EE:A9F34664151F6360757B31644F37E025:::Asmith:"":E165F0192EF85EBBAAD3B435B51404EE:E4EBE0E7EF708DC9FD240135D3D43D89:::Bsmith:"":136A8418CF76C4F7AAD3B435B51404EE:3431E75AD08DCA56EB53AEAAB9926589:::csmith:"":BB26C063532826AA531C3383FDDBFF2A:A2746ED4129985C0251D2B968C4889FE:::Dsmith:"":A8EED815A197BD87AAD3B435B51404EE:F09A31889C35B8C9746B8F31FC3A868F:::Esmith:"":5A9DB9F8BB5DF0CBAAD3B435B51404EE:5FCC20A69EC76AD91214102B4D7DE24E:::Fsmith:"":213D466DB5B288F0F82E44EC0938F4F4:FAF10460760FA3F1ED804C7C724CB3D4:::Gsmith:"":385A83A746BFA8F2AAD3B435B51404EE:1CC1B3958B564125D307BA8D9D60DF69:::Hsmith:"":78BCCAEE08C90E29AAD3B435B51404EE:972E8E7D5568F70AC896B2C76E1395DC:::Jsmith:"":59E2DB85E9D49595B75E0C8D76954A50:147D125645D463C33D72309525E9B0BC:::Ksmith:"":59E2DB85E9D49595B75E0C8D76954A50:147D125645D463C33D72309525E9B0BC:::Lsmith:"":13D855FC4841C7B1AAD3B435B51404EE:3DCEBC92C0ED8F52B1D759DD35CF3F0F:::Msmith:"":D71808BF36F81510ADEE49688244F15A:45E8DA896575E2F5455B037FCC5AA51A:::Nsmith:"":9C92FA4960AC2536AAD3B435B51404EE:C318744C4291EA46BC65082636CC9509:::Osmith:"":1153C3961EE58C3BAAD3B435B51404EE:672532E8C0C490BD47254DAED1CDCB36:::Psmith:"":4A01C0E45FCA767AAAD3B435B51404EE:39981702716E054CBE6840A3CFD60327:::Qsmith:"":6842A19CC4C509E0AAD3B435B51404EE:9FDA95FD6FCEE9C2C998CB8010F61F16:::Rsmith:"":BC472F3BF9A0A5F63832C92FC614B7D1:D2A80A79980CFA21CB58B7CB129E2CAD:::Ssmith:"":09755C01D2789BD8AAD3B435B51404EE:62F740C2EA31E10B54DB64CE12E867A6:::Tsmith:"":13D855FC4841C7B1AAD3B435B51404EE:3DCEBC92C0ED8F52B1D759DD35CF3F0F:::Usmith:"":9E2204E2058AC9E9417EAF50CFAC29C3:476541DEC5CB507A795FC1E989C9D36F:::Vsmith:"":7F9CD2D7C93421D3F9DE51FBDAA2F725:16FAABB24B95B82EFC50B074B7324517:::Wsmith:"":AC814111DF804A7482EFD6B2A69511D6:15B194EB8D8F27761E32F76B001553A0:::Xsmith:"":AAD3B435B51404EEAAD3B435B51404EE:2321504F2FA9437FBBA66EA1623407D3:::LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Ysmith:"":D5662E6B23655BF74EC0DA4207C2DE66:75344B75B5A96614FE179C0188A9634A:::Zsmith:"":9224FC255C58C50E42B35806901777E7:0C105C9F4326C3AC100C2A5B7A04AD38:::TheAnswerssoyoucancheckyourwork.
testuser1testuser1(2)remotepassword(2)joeuserpassword(2)averageguyaverage(1)harderpassrootwars(2)demouserdemopass(2)randyrandy(1)AsmithABCd(1)Bsmithef456(1)csmithABC789!
@#12(2)Dsmith3!
@#(1)Esmith456!
@#(1)FsmithABCdef!
@#(2)GsmithgHgHgH(1)HsmithABC123(1)JsmithABCdef123^(2)KsmithABCdef123(2)LsmithABCdef(1)MsmithFOOTBALL!
@#(2)NsmithSOCCER(1)OsmithCROKET(1)PsmithCOW123(1)QsmithHOWNOW(1)RsmithBROWNCOW(2)SsmithgHaNdI(1)TsmithABCdef(1)UsmithRTdotnet(2)Vsmith!
pa55word!
(2)WsmithEASYoneISNTit(2)XsmithC@NTcR8ckm3CanU(X)noLMYsmithLSOISDABEST(2)ZsmithRAINBOWTABLEZ(2)**32usersand47LMhashes48Totalhashes.
XsmithwillonlybesavedasNTLMbecauseit'sgreaterthan14characters.
Youshouldseesomethingsimilartothefollowing:Figure1.
1:Rcrackatworkwithanlm_alpharainbowtableLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure1.
2:Theresultsofourcrackingattempt.
26ofour41hashesfoundinabout12minutes.
Alsonoticethatthehashforthepassword"password"isthesamebecausethereisnosaltingwiththeLANManagerhashingalgorithm.
statisticsplaintextfound:26of41(63.
41%)totaldiskaccesstime:62.
51stotalcryptanalysistime:742.
77stotalchainwalkstep:203410183totalfalsealarm:195135totalchainwalkstepduetofalsealarm:142852030resulttestuser1TESTUSEhex:54455354555345remotepasswordhex:70617373776f7264joeuserpasswordhex:70617373776f7264averageguyaveragehex:61766572616765harderpassrootwarshex:726f6f7477617273demouserdemopasshex:64656d6f70617373randyrandyhex:72616e6479AsmithABCdhex:41424364Bsmithhex:csmithhex:Dsmithhex:Esmithhex:Fsmithhex:GsmithgHgHgHhex:674867486748Hsmithhex:Jsmithhex:Ksmithhex:LsmithABCdefhex:414243646566MsmithFOOTBALhex:464f4f5442414cNsmithSOCCERhex:534f43434552OsmithCROKEThex:43524f4b4554Psmithhex:LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
QsmithHOWNOWhex:484f574e4f57RsmithBROWNCOWhex:42524f574e434f57SsmithgHaNdIhex:6748614e6449TsmithABCdefhex:414243646566UsmithRTdotnethex:5254646f746e6574Vsmithhex:WsmithEASYoneISNTithex:454153596f6e6549534e546974Xsmithhex:YsmithLSOISDABESThex:4c534f4953444142455354ZsmithRAINBOWTABLEZhex:5241494e424f575441424c455aExample2:WearegoingtobuildourowntablesusingConfiguration#1**Noteifyoubuiltyourconfiguration#0tablesusingrtgenusewinrtgen(seeexercise4)configuration#1hashalgorithmlmcharsetalpha-numeric(ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789)plaintextlengthrange1-7keyspace36^1+36^2+36^3+36^4+36^5+36^6+36^7=80603140212t2400m40000000l5diskusagem*16*l=3200000000B=3GBsuccessrate0.
9904meancryptanalysistime7.
6276smeancryptanalysistimeonalowmemorysystem(freememorysizemuchsmallerthan610MB)13.
3075smaxcryptanalysistime40.
6780sTablepre-computationcommands:rtgenlmalpha-numeric170240040000000allrtgenlmalpha-numeric171240040000000allrtgenlmalpha-numeric172240040000000allrtgenlmalpha-numeric173240040000000allrtgenlmalpha-numeric174240040000000allOna666Mhzmachinethetablepre-computationtimeisabout15days17hours,myP43.
2GHzwith1GBofRAMIcreatedatableaday;soabout5days.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure2.
1:CreatingourLMalpha-numericrainbowtables.
Nowrunthattableagainstthesamehashfile,don'tforgettosortthemfirst.
Youshouldcrackmost,ifnotall,ofthealpha-numericpasswords,asopposedtoalphapasswordsonlyfromconfiguration#0.
Figure2.
2:Theresultsofourattempts.
32of41passwordswerefound.
NotethatIranthisonmy3.
2GHzmachinebecauseIcreatedthetablesonitanddidn'twantcopy3GBofrainbowtablestotheslowcomputer.
statisticsplaintextfound:32of41(78.
05%)totaldiskaccesstime:233.
84stotalcryptanalysistime:233.
05stotalchainwalkstep:211003249totalfalsealarm:104620LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
totalchainwalkstepduetofalsealarm:91734872resulttestuser1testuser1hex:746573747573657231remotepasswordhex:70617373776f7264joeuserpasswordhex:70617373776f7264averageguyaveragehex:61766572616765harderpassrootwarshex:726f6f7477617273demouserdemopasshex:64656d6f70617373randyrandyhex:72616e6479AsmithABCdhex:41424364Bsmithef456hex:6566343536csmithhex:Dsmithhex:Esmithhex:Fsmithhex:GsmithgHgHgHhex:674867486748HsmithABC123hex:414243313233JsmithABCdef123hex:414243646566313233KsmithABCdef123hex:414243646566313233LsmithABCdefhex:414243646566MsmithFOOTBALhex:464f4f5442414cNsmithSOCCERhex:534f43434552OsmithCROKEThex:43524f4b4554PsmithCOW123hex:434f57313233QsmithHOWNOWhex:484f574e4f57RsmithBROWNCOWhex:42524f574e434f57SsmithgHaNdIhex:6748614e6449TsmithABCdefhex:414243646566UsmithRTdotnethex:5254646f746e6574Vsmithhex:WsmithEASYoneISNTithex:454153596f6e6549534e546974Xsmithhex:YsmithLSOISDABESThex:4c534f4953444142455354ZsmithRAINBOWTABLEZhex:5241494e424f575441424c455aExample3:ComparetheresultsofthesamehashfilewithCaininBruteforcemode,JohntheRipper,andLC4.
Cain,inbrute-forcemodewithanalpha-numericcharacterset,saysitwilltakeabout10hours.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
1:Caininbrute-forcemode.
Figure3.
2:After9+hoursitcracked27ofthe41hashesLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
JohntheRipper,indefaultmode,wasabletoquickly(about3minutes)crack32ofthe48hashes.
Figure3.
3:JTRatwork.
After24hourswehad45ofthe48hashes.
Figure3.
4:JTRafter24hoursofcrackingLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Theresultsofourefforts!
Allbut3ofthehasheswerecrackedin24hoursbyJohn.
The"Xsmith"accountwith15characterswasnotcracked.
Withenoughtimeweshouldhavebeenabletofindthepasswordsfor"csmith"and"Vsmith"Notethatthisreallywasn'tafairassessmentsincejohnwilltrycharactersnotinourrainbowtables.
Ifyouwantareallyfairassessment,youshouldmodifyjohn'sinifile.
ButIdon'tplanondoingitthat.
Thepointofthetablesisthespeed.
Buthonestly,forthispasswordfile,Johndidreallywell.
Figure3.
5:theresults45passwordscrackedLet'sseehowLC4fairsagainstourpasswordfile,IdidturnoffthedictionaryandhybridmodesonLC4andselectedalphanumericasourcharactersinthesessionoptions,sothisshouldbeaprettyfair"timetocrackthesamehashes"test.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
6:Loadingthepasswordfileof32usersintoLC4.
Figure3.
7:LC4estimatedabout11hourstobruteforcecrackthepasswordsusinganalphanumericcharacterset.
In11hourswewereabletocrack26outofthe32useraccountsbuttheXsmithaccountwasnotcrackedbecausewedidnotattemptanNTLMattack.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure3.
8:So11hoursversus12.
3795minuteswiththerainbowtables.
Example4:UsingCainandAbel'sWinrtgentocreateyourRainbowTables.
WinrtgensupportsRainbowTablesforthefollowinghashing/encryptionalgorithms:LM,FastLM,NTLM,CiscoPIX,MD2,MD4,MD5,SHA-1,SHA-2(256),SHA-2(384),SHA-2(512),MySQL(323),MySQL(SHA1)andRIPEMD160.
Figure4.
1:OpenWinrtgenandselectAddTableLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure4.
2:SelectLM,1to7forMin/MaxLength,ChainLength2400andChainCount40,000,000.
Asyouseewithonetablewegetabout60%successrateanditwilltakeabout2daystocreatethetableonaP31GHzmachine.
FeelfreetomanipulateChainLength(rememberthatitwillincreasesuccessratebutincreasecomputationtime)towhateveryoucanhandlefortablepre-computationtime.
Iwillleaveitat2400fornow.
But60%isn'tthatgreat,fora99.
06%successrateyouwillneedtocreate5tables(3GBofspace)anditwilltakeabout12daystocreatethetables.
Fora99.
63%successrateyouwillneedtocreate6tables(3.
57GBofspace)anditwilltakeabout14daystogeneratethetables.
Iwillgowith5tablesforasuccessrateof99.
06%.
Figure4.
3:Creating5rainbowtableswithasuccessrateof99.
06%usingabout3GBofspace.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Hereisahandyreferencetable:Therearesometypicalconfigurations(forLMhashtype,lengthfrom1to7)youcanuse,forexample:#1#2#3#4Charsetalphaalpha-numericalpha-num-sym14allChainlength2,1002,40012,00020,000Chaincount8,000,00040,000,00040,000,000100,000,000Tables571320Successrate99.
9%99.
9%99.
9%99,6%Totalspace640Mb4,480Mb8,320Mb32,000MbMaxgen.
time18h35m6d5h67d18h369dMaxanalysistime8s16s15m53mExample5:UsingCainandAbeltocrackpasswordsusingRainbowTablesStep1:Download4andinstallCain.
Step2:Clickonthe"Cracker"tab.
Selectwhattypeofpasswordsyouwanttocrack.
InthiscaseLM&NTLMHashes.
Thenrightclickandselect"addtolist.
"Navigatetowhereyouhaveyourtextfileofhashes,selectitandthenselectnext.
Figure5.
1:Loadinghashesfromfile4DownloadCainandAbelfrom:http://www.
oxid.
it/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
2:HashesloadedintoCain,readytobecracked.
Step3:Rightclickandselect"selectall"thenrightclickagainandselectcryptanalysisattackand"LMHashesviaRainbowTables"Figure5.
3:SelectingacryptanalysisattackviaRainbowTables.
Step4:ClickonAddTable.
Thennavigatetowhereyouhaveyourrainbowtables,highlightthemallandselectOpen.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
4:Addingyourrainbowtablestouseforcracking.
Step5:Clickon"Start"andCainwillstarttoworkthroughtherainbowtables.
Figure5.
5:CainworkingthroughtheRainbowTablescrackingpasswords.
Step6:WhenitsalldoneclickExitanditwillshowyouthecrackedpasswords.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Figure5.
6:CainfinishesrunningthoughtheRainbowTables.
Figure5.
7:OurcrackedpasswordsinCain.
NoticethatCainalsofoundtheNTLMpasswordbasedontheLMpassword.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Iamstillconfusedwhatdoes"X,Y,orZ"meanHerearesomethingsthatmaynotbeimmediatelyclearwhendealingwithrainbowtables:1-Whatdoes"t","m",and"l"meanorstandforToanswerthis,let'sanalyzeanrtgencommand:rtgenlmalpha17021008000000allrtgenobviouslymeanstheprogramtorun.
"lm"meanswewanttogenerateLANManagertables.
"alpha"meanwewanttousethecharacterslistedinourcharset.
txtfileforalpha:alpha=[ABCDEFGHIJKLMNOPQRSTUVWXYZ]"1"and"7"areourplaintextranges.
Sowewantpasswordsfrom"A"to"ZZZZZZZ.
"Ifwehadputplaintextlengthrange"4-6","AAAA"and"ZZZZZZ"wouldbeamongthekeyspace;but"AAA"wouldnotbecauseithasalength3.
Rememberthat,forLANManager,passwordstheyarebrokenupinto7characterchunks,sotherewouldbenoneedtodoaplaintextrangeof1to8.
The"0"isourtablenumberorrainbowtablecount,ifyoulookatthertgencommandstogenerateconfiguration#0wecreatefivetables0to4.
Thisissowecansplituptablesbetweencomputersmakingtherainbowtablesandtoincreaseoursuccessrate.
"2100"isourrainbowchainlength.
Chainlengthincreasesthesuccessratepertablebutdoesnotincreasetablesize.
Itcomputesmorehashesperchainbutalsotakeslongertocreateandsearchthetable.
Acommon"upper"valueforchainlengthis4000-5000.
"8000000"isourrainbowchaincountofeachrainbowtable.
Chaincountissimplyhowmanychainsyouwantpertable.
Increasingthisvalueproduceslargerfileswithhighersuccessrates,buttheoverallcomputationtimeisn'taffected.
Youcanadjustthechaincountsoyourrainbowtablesareconvenientlysized(likeforaCDorDVD).
The"all"isourfiletitlesuffixorwhatwewantappendedtotheendofourtable'sfilename,itcanbeanythingyouwant.
2-WhatdothedifferentchainlengthsandchaincountsmeanChainLengthincreasesthesuccessratepertable.
Itcomputesmorehashesperchainbutalsotakeslongertocreateandsearchthetable.
Acommon"upper"valueforchainlengthis4000-5000butitcanbewhateveryouwant.
Chaincountissimplyhowmanychainsyouwantpertable.
Increasingthisvalueproduceslargerfileswithhighersuccessrates,buttheoverallcomputationtimeisn'taffected.
Youcanadjustthechaincountsoyourrainbowtablesareconvenientlysized(likeforaCDorDVD)ortoincreasethesuccessrate.
3-Whycan'tIcreatejustonerainbowtableYoucan!
Buttogetahighenoughsuccessratethattablewillbetoolargetosearchinareasonableamountoftime.
Thatiswhywenormallycreateseveral.
Nowwecould,byadjustingchainlengthandchaincount,createagiantrainbowtablebutwewillhavetosortit,whichwilltakealongtimeandthensearchit,whichwilltakeanevenlongertime;thusreducingthewholepointofrainbowtables.
Itwouldbeamoreefficientuseofspacetocreatemanyrainbowtablessoyoucansortandsearchthemfaster.
4-Iamstillconfused!
Then1)goreadthepaper:http://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03and2)checkoutthenextsectionforsomeexampleswithWinrtgenwhichallowsyoutosee(graphically)howchangingvalueschangessuccessrates,tablesize,andtablegenerationtime.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
UsingWinrtgentoseehowchainlength,chaincountandnumberoftableseffectssuccessrateandcomputationtimeWecanseeinthisexamplethatwegeta97.
80%successratewithoneLMALPHArainbowtablewithaChainLengthof2400andaChainCountof40,000,000.
Itwilltake2.
23daystogeneratethetableonthecomputer(aP31.
0Ghzwith512MBofRAM).
IncreasingtheChainLengthto4000increasesoursuccessrateto99.
11%butitnowtakes3.
67daystogeneratethetable.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
LMConfiguration#0Configurationwith1table.
75%successratebutonlytakes9hourstogeneratethetable.
LMConfiguration#0with5tables(therecommendedconfiguration).
NoticethatforroughlythesameamountoftimeandspaceasourfirstexamplewithaChainLengthof2400andaChainCountof40,000,000andasuccessrateof97.
80%wecanget99.
90%withthisRainbowTableconfiguration.
Anotherthingtonotethatwedon'tseeissorttimeandhowmuchlongerittakestosortonebigtableversusseveralsmallertables.
Let'sseehowlongittakestocreatetablestofind"all"possiblepasswordcombinations—minus"ALT-XXXcommands.
"Fora1GBtableitwilltake23dayswitha12.
25%successrate.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Anditwilltake4.
6years(onaP31GHzmachine)togenerateenoughtablestoreach99.
98%!
!
!
ProtectingyourselfagainstRainbowCrackattacksandotherpasswordattacks-Limitingphysicalaccess-Continuetoforcetheuseofspecialcharacters-KeepupwithupdatesLearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
-Passphrases-UseNTLMorNTLMv2WhatifmyWindowspasswordislongerthan14charactersortheLANManagerhashisnotstoredIfyoursystemsdonotrequiretheLANManager(LM)hash(forexampleifyouarerunninganActiveDirectory(AD)domain),orifyourpasswordis>14characterslong,theLMhashwillbestoredastheblankLMhash,eventhoughthecleartextpassworditselfisnotblank.
BasicallynoneofthecrackingtoolswillseeaLMhash.
Ifthisisthecase,youwillneedtoaudityourpasswordhashesagainsttheNTLMcharacterset.
LimitingphysicalaccessIt'sawellknownfactthatifsomeonehasphysicalaccesstoamachinethenit'snotsecure.
Theycanwalkoffwithit,taketheharddrive,turnitoff,etc.
OnecommonattackifyouhavephysicalaccesstoamachineistouseabootableLinuxdistrotosimplybootintoLinuxandgrabtheSAMfileoffthewindowspartition.
Youcanthencrackitatyourleisure.
IronGeekwroteagoodtutorialonthismethodandevenhasavideoyoucanwatch.
Youcangetithere:http://www.
irongeek.
com/i.
phppage=security/localsamcrack2ContinuetoforcetheuseofspecialcharactersEventhoughrainbowtablescanripthruaLMpasswordwithanytypeofspecialcharacteritstilltakesalargeamountoftime(1-2years)togeneratethem,thiswilldetermostpeopleorforcethemtouseanonlinehashcrackingservice5.
Italsogreatlyincreasesthetimeforbruteforceattempts.
InLC4wegofrom9-11hourstobruteforcealpha-numericpasswordto91daystobruteforcepasswordswiththepossibilityofallspecialcharacters(minusALT-XXXpasswords).
Brute-forcecrackingtimeisgreatlyincreasedbyusingspecialcharactersinyourpasswords.
From9hourswithjustalpha-numericto91dayswithallcharacters.
5http://www.
rainbowcrack-online.
com/orhttp://www.
plain-text.
info/LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
KeepupwithupdatesKeepupwithyoursecuritypatches.
Whileyoucan'tprotectagainstzerodayexploitsyoucanprotectagainstexploitsthathavepatches!
Allofthepassworddumpingtoolsmusthaveadministrativelevelprivilegestodumpthehashes.
Youcankeepthemajorityofthebadguysoutbypatchingyourmachinespromptlyagainstpublicexploits.
Thiswillhelpkeepyouprotectedfromthatsystem/administrativelevelexploitthatwasjustreleasedtothepublic.
PassphrasesUsingpassphrasesistheeasiestandsimplestwaytoprotectyounetworkfrompasswordcracking.
Ifyourpasswordpolicymakesuseofpassphrasesthataregreaterthan14charactersANDusespecialcharactersyoucanprotectyourselffromallbutthedeterminedattackers.
IfyournetworkisWindows2000andaboveyouhaveamaximumlengthof127charactersonyourpassword/passphrase;sosky'sthelimit.
Apassphraselike"ThisismyStupidPassPhrase!
"islongenoughtobestoredasNTLMorNTLMv2(becauseitislongerthan14characters),hasUppercase,Lowercase,Spaces,andSpecialCharacters,andiseasytoremember.
Thisisamuchmoresecurepasswordthaneven"@w3cjd$Beu=mDr".
Ifyoucangetyouruserstodosomecharactersubstitutionontheirpassphrasesevenbetter!
Theuseofstrongpasswordswithinanenvironmentneedstobemandatedforusers.
UsingthestrongerNTLMv2hashingschemewon'tpreventasuccessfuldictionaryattack.
TheuseofstrongpasswordscanbeenforcedonWindowsNTthroughtheuseofthepassfilt.
dll.
ThisisdescribedinMicrosoftKnowledgebaseArticle1619906.
TheuseofstrongpasswordsinWindows2000,XPand2003canbeenforcedbysettingsintheGroupPolicy,whichisdescribedinMicrosoftKnowledgebaseArticle2252307.
UseNTLMorNTLMv2Insteadofstoringyouruseraccountpasswordinclear-text,Windowsgeneratesandstoresuseraccountpasswordsbyusingtwodifferentpasswordrepresentations,generallyknownas"hashes.
"Whenyousetorchangethepasswordforauseraccounttoapasswordthatcontainsfewerthan15characters,WindowsgeneratesbothaLANManagerhash(LMhash)andaWindowsNThash(NThash)ofthepassword.
ThesehashesarestoredinthelocalSecurityAccountsManager(SAM)databaseorinActiveDirectory.
TheLMhashisrelativelyweakcomparedtotheNThash,anditisthereforepronetofastbruteforceattack.
Therefore,youmaywanttopreventWindowsfromstoringanLMhashofyourpasswordWindows2000-basedserversandWindowsServer2003-basedserverscanauthenticateuserswhoconnectfromcomputersthatarerunningallearlierversionsofWindows.
However,versionsofWindowsearlierthanWindows2000donotuseKerberosforauthentication.
Forbackwardcompatibility,Windows2000andWindowsServer2003supportLANManager(LM)authentication,WindowsNT(NTLM)authentication,andNTLMversion2(NTLMv2)authentications.
TheNTLM,NTLMv2,andKerberosallusetheNThash,alsoknownastheUnicodehash.
TheLMauthenticationprotocolusestheLMhash.
TheuseofLANManagerhashesonthenetworkcanbedisabledonWindowsNT,2000,2003&XPthroughregistryeditsorthroughtheLocalSecurityPolicy.
TheinstructionstodosocanbefoundatinMicrosoftKnowledgebaseArticle1477068.
ThestorageofLANManagerhashesalsoneedstobedisabled;thiscanbedoneforWindows2000,XPand2003againviaregistryeditsortheLocalSecurityPolicy.
TheinstructionstodosocanbefoundatinMicrosoftKnowledgebaseArticle2996569.
Method1:ImplementtheNoLMHashPolicybyUsingGroupPolicy6http://support.
microsoft.
com/default.
aspxscid=kb;en-us;1619907http://support.
microsoft.
com/default.
aspxscid=kb;en-us;2252308http://support.
microsoft.
com/default.
aspxscid=kb;en-us;1477069http://support.
microsoft.
com/default.
aspxscid=KB;EN-US;q299656&LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
TodisablethestorageofLMhashesofauser'spasswordsinthelocalcomputer'sSAMdatabasebyusingLocalGroupPolicy(WindowsXPorWindowsServer2003)orinaWindowsServer2003ActiveDirectoryenvironmentbyusingGroupPolicyinActiveDirectory(WindowsServer2003),followthesesteps:1.
InGroupPolicy,expandComputerConfiguration,expandWindowsSettings,expandSecuritySettings,expandLocalPolicies,andthenclickSecurityOptions.
2.
Inthelistofavailablepolicies,double-clickNetworksecurity:DonotstoreLANManagerhashvalueonnextpasswordchange.
3.
ClickEnabled,andthenclickOK.
Method2:ImplementtheNoLMHashPolicybyEditingtheRegistryWindows2000SP2andLaterToaddthiskeybyusingRegistryEditor,followthesesteps:1.
StartRegistryEditor(Regedt32.
exe).
2.
Locateandthenclickthefollowingkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa3.
OntheEditmenu,clickAddKey,typeNoLMHash,andthenpressENTER.
4.
QuitRegistryEditor.
5.
Restartthecomputer,andthenchangeyourpasswordtomakethesettingactive.
NotesThisregistrykeychangemustbemadeonallWindows2000domaincontrollerstodisablethestorageofLMhashesofusers'passwordsinaWindows2000ActiveDirectoryenvironment.
ThisregistrykeypreventsnewLMhashesfrombeingcreatedonWindows2000-basedcomputers,butitdoesnotclearthehistoryofpreviousLMhashesthatarestored.
ExistingLMhashesthatarestoredwillberemovedasyouchangepasswords.
WindowsXPandWindowsServer20031.
ClickStart,clickRun,typeregedit,andthenclickOK.
2.
Locateandthenclickthefollowingkeyintheregistry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa3.
OntheEditmenu,pointtoNew,andthenclickDWORDValue.
4.
TypeNoLMHash,andthenpressENTER.
5.
OntheEditmenu,clickModify.
6.
Type1,andthenclickOK.
7.
Restartyourcomputer,andthenchangeyourpassword.
NotesThisregistrychangemustbemadeonallWindowsServer2003domaincontrollerstodisablethestorageofLMhashesofusers'passwordsinaWindows2003ActiveDirectoryenvironment.
Ifyouareadomainadministrator,youcanuseActiveDirectoryUsersandComputersMicrosoftManagementConsole(MMC)todeploythispolicytoalldomaincontrollersorallcomputersonthedomainasdescribedinMethod1(ImplementtheNoLMHashPolicybyUsingGroupPolicy).
ThisDWORDvaluepreventsnewLMhashesfrombeingcreatedonWindowsXP-basedcomputersandWindowsServer2003-basedcomputers.
ThehistoryofallpreviousLMhashesisclearedwhenyoucompletethesesteps.
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
WindowsNTControlofNTLMsecurityisthroughthefollowingregistrykey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSAName:LMCompatibilityLevelType:REG_DWORDValue:5:DCrefusesLMandNTLMresponses(acceptsonlyNTLMv2)Value:4:DCrefusesLMresponsesValue:3:SendNTLMv2responseonlyValue:2:SendNTLMresponseonlyValue:1:UseNTLMv2sessionsecurityifnegotiatedValue:0:default-SendLMresponseandNTLMresponse;neveruseNTLMv2sessionsecurityMoreinformationonthevalues:Level0-SendLMandNTLMresponse;neveruseNTLM2sessionsecurity.
ClientsuseLMandNTLMauthentication,andneveruseNTLM2sessionsecurity;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level1-UseNTLM2sessionsecurityifnegotiated.
ClientsuseLMandNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level2-SendNTLMresponseonly.
ClientsuseonlyNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level3-SendNTLM2responseonly.
ClientsuseNTLM2authentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersacceptLM,NTLM,andNTLM2authentication.
Level4-DomaincontrollersrefuseLMresponses.
ClientsuseNTLMauthentication,anduseNTLM2sessionsecurityiftheserversupportsit;domaincontrollersrefuseLMauthentication(thatis,theyacceptNTLMandNTLM2).
Level5-DomaincontrollersrefuseLMandNTLMresponses(acceptonlyNTLM2).
ClientsuseNTLM2authentication,useNTLM2sessionsecurityiftheserversupportsit;domaincontrollersrefuseNTLMandLMauthentication(theyacceptonlyNTLM2).
Method3:UseaPasswordThatIsatLeast15CharactersLongThesimplestwaytopreventWindowsfromstoringanLMhashofyourpasswordistouseapasswordthatisatleast15characterslong.
Inthiscase,WindowsstoresanLMhashvaluethatcannotbeusedtoauthenticatetheuser.
TogetanideaofthepowerofusingNTLMforyourhashalgorithmletsseehowlongitwilltaketogenerateaNTLMmixed-alphanumericrainbowtablewithWinrtgen:LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
Foramixed-alphanumericNTLMtableitwilltake2.
5daystogenerateonetablewitha4.
32%successrate.
Itwilltakeover100rainbowtables,60GBofspace,and252daystocreatethetablestocrackthesamepasswords(witha98.
80%successrate)wehavebeenattackingthroughoutthispaperiftheywerestoredasNTLMinsteadofLM!
LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
ConclusionAsyoucanseeRainbowTablesandRainbowCrackarepowerfulpasswordauditingtools.
ThebestcourseofactiontoprotectyourselfistonotallowthestorageanduseofLANManager(LM)passwordsonyournetworkifyoudon'tabsolutelyneedtoandcreateandenforceastrongpasswordpolicythatwillforcethestorageanduseofpasswordsasNTLMandnotLM.
Additionally,thetimetocomputeandspacerequirementsofcomplexRainbowTablesshouldlimittheuseofthemtoonlydeterminedattackersorauditors.
Astrongpasswordpolicy,strongdomainsecuritypolicy,andkeepingupwithyourpatchesandupdatesisyourbestsafeguardagainstpasswordattacks.
ReferencesPasswordAttackDiscussion&BenchmarksbyAlanAmesbury**WhereIgotthebenchmarkingnumbers(slightlymodified)http://www1.
umn.
edu/oit/security/passwordattackdiscussion.
htmlRainbowCrack--NotaNewStreetDrughttp://redmondmag.
com/columns/article.
aspEditorialsID=736RainbowTables:Nature,Use,andGenerationhttp://security.
the-engine.
org/documents/48/rainbow-tables-nature-use-and-generation"FasterCryptanalytictime–memorytradeoff'paperbyPhilippeOechslinhttp://lasecwww.
epfl.
ch/php_code/publications/search.
phpref=Oech03ProjectRainbowCrackhttp://www.
antsight.
com/zsl/rainbowcrack/GetFreeRainbowTablesviatorrentfileshttp://rainbowtables.
shmoo.
com/TheTacticalUseofRainbowCracktoExploitWindowsAuthenticationinaHybridPhysical-ElectronicAttackbyMikeMahurinhttp://www.
giac.
org/practicals/GCIH/Mike_Mahurin_GCIH.
pdfPasswordCracking:RainbowTablesExplainedhttps://www.
isc2.
org/cgi-bin/content.
cgipage=738HowtopreventWindowsfromstoringaLANmanagerhashofyourpasswordinActiveDirectoryandlocalSAMdatabaseshttp://support.
microsoft.
com/default.
aspxscid=KB;EN-US;q299656&HowtodisableLMauthenticationonWindowsNThttp://support.
microsoft.
com/default.
aspxscid=kb;EN-US;q147706HowtoenableNTLM2authenticationhttp://support.
microsoft.
com/default.
aspxscid=kb;EN-US;q239869LearnSecurityOnline,Inc.
https://www.
learnsecurityonline.
com/https://www.
learnsecurityonline.
com/LearnSecurityOnline,Inc.
AbouttheAuthorChrisGates,CISSPservesastheoperationsmanagerandcoursementorforLearnSecurityOnline.
com.
Feelfreetoemailcommentsandsuggestionsonthetutorialtochris[at]learnsecurityonline[dot]com.
- table666abcd.com相关文档
- phospholipids666abcd.com
- 万元666abcd.com
- 中小学666abcd.com
- standard666abcd.com
- 2.666abcd.com
- grid666abcd.com
趣米云月付460元,香港CN2云服务器VPS月付低至18元
趣米云早期为做技术起家,为3家IDC提供技术服务2年多,目前商家在售的服务有香港vps、香港独立服务器、香港站群服务器等,线路方面都是目前最优质的CN2,直连大陆,延时非常低,适合做站,目前商家正在做七月优惠活动,VPS低至18元,价格算是比较便宜的了。趣米云vps优惠套餐:KVM虚拟架构,香港沙田机房,线路采用三网(电信,联通,移动)回程电信cn2、cn2 gia优质网络,延迟低,速度快。自行封...
香港云服务器 1核 256M 19.9元/月 Mineserver Ltd
Mineserver(ASN142586|UK CompanyNumber 1351696),已经成立一年半。主营香港日本机房的VPS、物理服务器业务。Telegram群组: @mineserver1 | Discord群组: https://discord.gg/MTB8ww9GEA7折循环优惠:JP30(JPCN2宣布产品可以使用)8折循环优惠:CMI20(仅1024M以上套餐可以使用)9折循...
hosteons:10Gbps带宽,免费Windows授权,自定义上传ISO,VPS低至$21/年,可选洛杉矶达拉斯纽约
hosteons当前对美国洛杉矶、达拉斯、纽约数据中心的VPS进行特别的促销活动:(1)免费从1Gbps升级到10Gbps带宽,(2)Free Blesta License授权,(3)Windows server 2019授权,要求从2G内存起,而且是年付。 官方网站:https://www.hosteons.com 使用优惠码:zhujicepingEDDB10G,可以获得: 免费升级10...
666abcd.com为你推荐
-
存储备份存储备份软件哪个好?求推荐futureshop在加拿大买电脑的注意事项是什么?云计算什么是云计算?广东GDP破10万亿在已披露的2017年GDP经济数据中,以下哪个省份GDP总量排名第一?嘉兴商标注册嘉兴那里有设计商标的22zizi.com河南福利彩票22选52010175开奖结果冯媛甑冯媛甄 康熙来了百花百游“百花竟放贺阳春 万物从今尽转新 末数莫言穷运至 不知否极泰来临”是什么意思啊?同ip域名两个网站同一个IP怎么绑定两个域名百度关键词分析百度关键字分析是什么意思?