If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: checking out GDB with Dtrace support for OS X... (1.9.2). Should be interesting.
- wishinet: RT @bfoo: Worth reading: http://merbist.com/2010/08/22/discussion-with-a-java-switcher/
- wishinet: nächstes Jahr Taikai in Nürnberg (http://www.taikai.de/) - und nu aus Nürnberg total groggy in die Falle! ;)
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
So fast - so weekly: everything is so hybrid today
Fri, 02/13/2009 - 12:34 | wishi
txtHybrid Rainbow Tables
First of all I never saw a reason to pay for rainbow tables. There're projects, which will remain nameless (ophcrack *cough* ophcrack, sorry...) selling this stuff. But these are far less advanced than our free alternative here.
The first thing you have to get:
hash_{kinds of symbols}_{PW_lengths}_ID_chainlenth_chaincount_filename
That's it: Here they are: NTLM, MD5, LM. Latter is getting less important every day. So my personal mirror will just contain NTLM and MD5. I'm missing SHA1.
Maybe I can extend my NTLM collection from somewhere else, too. But if someone finds good SHA1 tables... let me know.
There's something smart I found. Obviously, if you enforce a password policy, people tend to search for the easiest and most obvious password (for them) to remember. If you enforce a numeric space, people will most often use the "1", not all numbers.
Therefore, to exploit this weakness, there're optimized rainbow tables now. These are called Hybrid Rainbow Tables. I also guess you need rcracki for these. Not Abel or some lesser sophisticated GUI crackers. I'll try it out. In any case you can convert the tables into a general Cain/Ophcrack/rcrack compatible format. That'll slow the process down a little, but I guess with a CUDA-enabled bt4-beta... a fast success is very likely. Makes sense from a crypto-logic standpoint to optimize even rainbow tables to exploit the human side of security. This happened with password-lists for online cracking purposes, now it happened with rainbow-tables for offline cracking.
You can contribute to the freerainbowtables project. I'll do that. Helps to get a deeper understanding... and my server isn't doing a lot with its CPU, normally. Even if there's some kind of DDoS. (Here a note to these kids: 4 seconds. Is that all?)
Have fun,
wishi
update: found SHA1 tables, too. Mirrored them. rti2rto needs Windows or a 64 Bit System.
Post new comment