We help IT Professionals succeed at work.

How do i create a rainbow table

firstnetsupport
on
Im trying to create a big rainbow table with all combinations upto 15 characters with uppercase lowercase and special characters, i dont really know how to create it or with what program to do it with i have Cain and abel installed i know theres a rainbow table generator in it but im not sure how to use it and by default i dont think it matches my criteria..?
Comment
Watch Question

Try freerainbowtables.com. Unfortunately it is quite infeasible to create a rainbow table that big, the 7 character full character set table is already several gigabytes and the size grows exponentially when the number of characters increases. There's an ongoing effort since a few years ago to create larger tables using distributed computing, unless you have a supercomputer or a large network of computers available for this task with unlimited centralized storage, I would just download the largest tables available from the above website. Which hash algorithm are you looking to have the tables for?
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
Rainbow Tables are good for short hashes like LanMan, but once you get past 10 characters, it becomes much less fruitful. LM (lanman) hashes are case insensitive(all uppercase) and limited to 7 characters in length. It takes roughly 64Gb to get a 99.95% success rate. Now if you add in case sensitivity, your adding 26 additional combinations, I don't know the math for it, but you can bet that to get the same sort of success rate your going to need over 10x's 64Gb's of tables. Now increase that by one more length character and you add at least 2Gb per letter.
Rainbow tables are also actually quite slow to find hashes once you've started looking for 20 or more at once. Looking for one or two is very fast, but if your doing an audit of your users passwords and you have over 2 dozen or more, rainbow tables will only slow you down.
I'd suggest you use JohnTheRipper over rainbow tables, you can do all of LM in less than 2 days, where using winrtgen from cain will take a month or more using multiple machines to generate the LM tables. JTR uses memory instead of disk, so this is why it's much faster, it doesn't have to write disk and doesn't have to go through the various checks/chains that a rainbow table does. Word lists and intelligent password guessing (Jtr uses TriGraohs rather than "dumbforce" aka aaa, aab, aac, aad...) makes JtR much better than RT in most cases, especially where your dealing with a large number of hashes to find. Please have a look at some of the recent "Crackmeifyoucan" contest results, you'll notice rainbow tables are hardly used at all by "professionals" (like me :)
http://contest.korelogic.com/ (this year, no RT at all)
http://contest-2010.korelogic.com/
-rich
Of course the whole point of rainbow tables is the time memory tradeoff, where you've done the computing beforehand to create the table and then just use that every time you need a hash checked. If you just want to do a one-off password audit there's absolutely no point in creating the required tables from scratch, you should definitely either use a more conventional password cracker like JtR as rich suggests, or download a premade table if one exists for your needs. My point is, I can't figure out a practical scenario where it'd make sense to start creating your own tables if one doesn't yet exist.
CERTIFIED EXPERT
Top Expert 2014

Commented:
@firstnetsupport

What is the problem context of your question?
I'm not objecting, but you could make the exact same case against discussing any penetration testing tools, or debug tools for that matter. The only difference between a security auditor and a hacker is intent.
CERTIFIED EXPERT
Top Expert 2014

Commented:
@CoccoBill

How does a security auditor use a rainbow table?
For a password audit, ie. to find out whether weak or empty passwords are being used.
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
I use tables for legitimate reasons all the time, password auditing is a regular part of my job, perhaps the author's as well. Rainbowtables are also part of understanding how hackers work, they are often mentioned and taught by various security and computer science classes.
-rich
Yes, for windows machines that are domain members. Passwords also exist in other operating systems, applications, databases, websites etc. where password strength cannot necessarily be enforced. Also, even when enforcing a typical password policy such as min. 8 characters with complexity, weak passwords such as "Password1" and "Abcd1234" are still allowed and can be found with a password audit.
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
I agree we need the Asker's input. But ditto to CoccoBill's comments, I audit way more than domain/OS passwords, application and service passwords, new product's were thinking of buying... more times than not, no "password complexity" requirements exist in these products.
-rich
CERTIFIED EXPERT
Top Expert 2014
Commented:
But a dictionary originated hash table would be the way to go for a weak password audit.  This all possible combinations of 15 characters scheme is inefficient and, as you guys have already stated, a very large data set -- something that only crackers/hackers would attempt.

Author

Commented:
Hi, the reason im asking this is because im in the middle of taking a CEH course and i want to get to grips with all the tools etc... I agree with Coccobill "The only difference between a security auditor and a hacker is intent.", im looking to put myself in the hackers shoes and todo that I need to learn what they already know..

please advise as how i am best to proceed with this question?
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
(for most hashes)The ultimate take away is that any character set that has 90+ possible combinations (a-z, A-Z, 0-9 etc) and is 8 or more characters in length are unfeasible for disk space. You can't use a rainbow table to make "likely" passwords, you can only do "dumb-force" aaaa, aaab, aaac, aaad etc...
You can limit your RT's character set (all lower and just numbers) to make "longer" RT's. RT's are only effective, in my opinion, for 10 or less characters, and for certain hashes. If I weren't alone in that, other teams would of used them in the last two "crackmeifyoucan" defcon contests.
-rich
CERTIFIED EXPERT
Top Expert 2014

Commented:
@firstnetsupport

>>looking to put myself in the hackers shoes
You have thought about rainbow tables.  You have expert opinions about rainbow tables.  

You have gained knowledge.  That is all the 'help' you should expect from EE on this topic.  

Explore More ContentExplore courses, solutions, and other research materials related to this topic.