RE: Rainbow Tables

From: Tom Brennan (tomb@accessitgroup.com)
Date: Thu Feb 09 2006 - 17:14:19 EST

• Next message: Justin Seitz: "Re: Fwd: Penetration test of 1 IP address"
• Previous message: Ben Nelson: "Re: Qualys"
• Maybe in reply to: stark192@hotmail.com: "Rainbow Tables"
• Next in thread: Simpson, Brett: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://rainbowtables.shmoo.com/


Tom Brennan, CISSP
Technology Risk Practice Manager
AccessIT Group Inc.
115 Route 46 West, Mt. Lakes, NJ 07046
Direct: 973-296-3862
Web: www.accessitgroup.com

-----Original Message-----
From: Tony Stark [mailto:stark192@hotmail.com]
Sent: Thursday, February 09, 2006 1:47 PM
To: Brett.Simpson@hsn.net; pen-test@securityfocus.com
Subject: RE: Rainbow Tables

Hello Brett,

Fortunatly for this project we are only doing LM passwords, all on
Windows machines. Yeah, I'd hate to try this with salt, I could take a
long vacation while that ran..<g>

Thx for the info, I'll jump on the links and check them out.

Tony


>From: "Simpson, Brett" <Brett.Simpson@hsn.net>
>To: "Tony Stark" <stark192@hotmail.com>, <pen-test@securityfocus.com>
>Subject: RE: Rainbow Tables
>Date: Thu, 9 Feb 2006 12:59:53 -0500
>
> > -----Original Message-----
> > From: Tony Stark [mailto:stark192@hotmail.com]
> > Subject: Re: Rainbow Tables
> >
>
>Snip...
>
> > Reason for this...the idea is that if we take the current list of
> > passwords create a pre-computed hash table the next time we audit
> > we'd run LC5 (till I convense them otehrwise) and all but the
> > passwords that changed and new accounts would get knocked out right
> > away.
> >
> > Does anyone have a hint as to how I should do this? Is there a way
> > to take the hashes and the cracked clear text and merge them into a
> > table?
>
>http://www.antsight.com/zsl/rainbowcrack/
>
>For non lan manager hashes this would require a tremendouse amount of
>disk space (tera to peta bytes). Every password can have a large number

>of salts (the exact number depends of the type of hash i.e. md5,
>sha-1,etc).
>
>So let's say you have a UNIX system using the older crypt then you
>would have 4096 salts that are possible per password. So for every
>clear text version of a password you would have to store 4096 different

>salts. I have an English dictionary I use with JtR so 411,563 words..
>Then I use rules mode and that number jumps to 15,773,164 (171MB). Now
>times that by 4096 salts and you get 64,606,879,744 variations (700+
TB).
>
>For Windows if your looking at the lanman hashes (not nt hashes) then
>they only have one salt so it would be possible to generate a table on
>common words and variations for only a couple hundred megabytes.
>
>You should also read the teracrack article.
>
>http://security.sdsc.edu/publications/teracrack.pdf

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------



This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this e-mail in error please notify the originator of the message. This also confirms that this
e-mail message has been scanned for the presence of computer viruses. Any views expressed in this message are those of the
individual sender, except where the sender specifies and with authority, states them to be the views of AccessIT Group.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Justin Seitz: "Re: Fwd: Penetration test of 1 IP address"
• Previous message: Ben Nelson: "Re: Qualys"
• Maybe in reply to: stark192@hotmail.com: "Rainbow Tables"
• Next in thread: Simpson, Brett: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:29 EDT