Tools u should have
These are the tools u should have inorder to utilize this tutorial.
- Rainbow table generator - 'Winrtgen' comes with cain and abel
- cain and abel - get it from www.oxid.it
- Of course u must have some md5 hashes to crack.
Creating rainbow tables
Rainbow tables can be created for various kind of hashes. e.g lm,fastlm,nt,md5 etc.
Here we are going to stick with md5 hashes alone.
MD5 hashes
MD5 hashes will be seen in sql databases. If u crack a site with SQL injection you will be shown with the username and md5 hashed password, for e.g 'admin:bc8f87a21501ae15a48d77a91513c3a7'.
So one has to crack or decrpyt the md5 hashes to enter into that site.
Creating rainbow tables
I have a set of hashes whose passwords are 4-6 in length. All are numeric passwords.
So i will explain how to create rainbow tables for this type of passwords.
- open the Winrtgen tool.
- click add table
- A dialog box will appear showing the settings.
Explanation of the settings
hash : type of the hash u wish to crack (in our case its md5)
MinLen: minimum length of the password (4)
Max Len: Maximum lenght of the password (6)
Index : Keep it as zero always.
ChainLen: It will tel u the success probability. And it plays a major role in the amount of time needed to create the table. For passwords with greater length the chain length should be a little larger. In our case chain length of 2 is enough. We will get 100% success probability with that.
Chaincount: 40000000
No of tables: 1
Keep the above two in its default values.
Click ok in the table generator to create the table. Wait for it to complete. It will take a little extra time than it is showing in the benchmark. The time is for arranging the tables. It will do some kind of internal processing.
Cryptanalysis Attack
After creating the tables we are going to start the cryptanalysis attack of an md5 hash using the tables.
- open cain and abel.
- Load the hashes in the md5 screen under the cracker tab. These are some of the example hashes, which I will be using in this tutoria
315ff5049c0634d7d8195d2a1d1cf0df - 021465 b139e104214a08ae3f2ebcce149cdf6e - 1924 2467d3744600858cc9026d5ac6005305 - 232323 286c9c72ce04c511e8b4ed91e1fa9a24 - 071678 1aa4396d4fd1f977d93a8a579d6a4167 - 71032 3941c4358616274ac2436eacf67fae05 - 8319
3.For adding the hashes click the button with ‘+’ symbol or goto file menu and select ‘Add to list’ or use Insert
key. All the loaded hashes are within 4-6 in length.
4.For cracking it, either select the hashes one by one or you can even select all.
5.Right click the hash and select ‘Cryptanalysis Attack via Rainbow Tables’
6.In the dialog box appearing Click Add table and select the table which we created in the previous step.
7.Click ‘start’ to perform the attack.
Results
In the picture(1), See the ‘Max cryptanalysis time’ . The cracking will take a little longer than that. It also depends on how speed your computer is.
After few seconds, the result is shown like this,
Code:
Hash:286c9c72ce04c511e8b4ed91e1fa9a24 Plain:071678 (Hex:303731363738) Hash:1aa4396d4fd1f977d93a8a579d6a4167 Plain:71032 (Hex:3731303332) Hash:3941c4358616274ac2436eacf67fae05 Plain:8319 (Hex:38333139) Hash:79cef9cc5c842ee39e164009c7554da2 Plain:98304 (Hex:3938333034) Hash:315ff5049c0634d7d8195d2a1d1cf0df Plain:021465 (Hex:303231343635) Hash:b139e104214a08ae3f2ebcce149cdf6e Plain:1924 (Hex:31393234) Hash:2467d3744600858cc9026d5ac6005305 Plain:232323 (Hex:32333233323)
Since these hashes are very small in length, even a brute force attack will reveal the plain texts. rainbow tables were used for the purpose of simplicity and portability. U can create your own tables with the character set you need. Custom character set is also possible. For example you are watching a person who is typing his password, you are having an eye on his keyboard moves. If you are sure that he uses only numeric and symbols for his password. You can start cracking the hashes (if u get it by some means) by creating the tables with symbols and numbers alone.
No comments:
Post a Comment