Be Good...
NOTE: If you download the rainbow-tables you need to also download the associated dictionary file and rules file to make it work. For most of the tables the files are basic_rules, and dic-0294. I apologize I should have saved them in the first cfg tgz for each table but I was trying to save space. My bad. Overview: This page is dedicated to our dictionary based rainbow table password cracker, (known as drcrack). The original source code is based off of rcrack written by Zhu Shuanglei. As stated, dcrack allows the creation and use of dictionary based rainbow tables. If you are unfamiliar with rainbow tables a good reference is the original rcrack homepage. Normally rainbow tables are generated based on a brute force type approach. For example, you could create a rainbow table that would attempt to crack all passwords of length one through six, containing alphanumeric characters. A further refinement developed by the people over at http://www.freerainbowtables.com is the mixed rainbow table. An mixed rainbow table allows you to create tables by defining brute force rules such as "the first six characters should be letters, and the last two characters should be numbers". Dictionary based rainbow tables, such as those generated by drcrack, on the other hand allow you to create pre-generated hash tables based on dictionary words and common word mangling rules, such as "P@ssword12". All three methods are very useful. With the inclusion of drcrack, we feel that most password cracking against unsalted hashes can be done using pre-generated tables. Aka, an attacker can use traditional rainbow tables for pure-brute force password audits, indexed tables to expand their brute force attacks, and dictionary based tables to cover their normal dictionary based attacks. Features:
Files: DRCrack -multi threaded version 1.03-Changes: See the change history below, but several new features were added and this should result in a big performance boost drcrack.tar DRCrack -windows version 1.00 <Coming Soon> Dictionary Based Rainbow Tables Version 1.0: All online rainbow tables can be found at the following website: -Please note, for the rainbow tables to work you need to download not only the tables, but the associated config and dictionary files. Supported Systems: Config Generator and Multi-Threaded Version Most flavors of Linux Single Threaded Version (Windows) Windows Patch Notes: Version 1.03: Version 1.01: After over a year and a half, we finally are ready to deploy our release version. Why so long? Well originally we were going to present it at Shmoocon08 but we didn't have the tables done in time. Then we decided to publish a paper on it, other stuff came up (check out our pcfg password generator), optimized the algorithm which invalidated all our old tables, etc. It's done though, and we are pretty proud of it. There's sure to be bugs, so if you have any suggestions or find any mistakes, please let us know. Installation/Configuration (Linux, MacOSX): 1. Download and untar the source files Creating Rule Files: 1. run ./dr_rules
3. Save your settings.
Creating Rainbow Tables usage: drtgen <options> ------------------------------- |Options For All Rainbow Table Types | ------------------------------- -file <file name> (REQUIRED):The rt filename to use, not required if using -bench -hash <hash type> (REQUIRED):The hash type to use hash types supported: lm ntlm md2 md4 md5 doublemd5 sha1 ripemd160 mysql323 mysqlsha1 ciscopix mscache halflmchall lmchall ntlmchall oracle -cLen <chain length> (REQUIRED):The length of each chain, aka the compression used -cCount <# of chains> (REQUIRED):The number of chains, influences how big the table will be -bench (optional):benchmark how long the table will take to generate -index <index value> (optional):The index offset, only matters if you have multiple tables -threads <num threads> (optional):The number of processors to use -salt <salt value> (optional):The salt value to use for the hash. Capitalization matters! If no salt is specified, mscache="administrator", oracle="SYS" ------------------------------ |Options For Dictionary Based Tables | ------------------------------ -d (REQUIRED):Tell drtgen that this is a dictionary based attack -dic <dictionary name> (REQUIRED):The name of the input dictionary to use -rules <rules file name> (REQURIED):The name of the word mangling rule file to use --------------------------------- |Options For Traditional Rainbow Tables | --------------------------------- -charset <charset name> (REQUIRED):The character set to use, a list can be found in charset.txt. Use "byte" to specify all 256 characters as the charset of the plaintext -lmin <minimum size> (REQUIRED):The minimum sized password to try and bruteforce -lmax <maximum size> (REQUIRED):The maximum sized password to try and bruteforce ----------- |Examples | ----------- Basic Dictionary Based Attack ./drtgen -d -dic inputdic.txt -rules manglingrules.txt -hash ntlm -cLen 2600 -cCount 500000 -file basic_ntlm_table Basic Salted Dictionary Based Attack ./drtgen -d -dic inputdic.txt -rules manglingrules.txt -hash mscache -salt administrator -cCount 2600 -cNum 500000 -file basic_ntlm_table Multi-threaded Dictionary Based Attack ./drtgen -d -dic inputdic.txt -rules manglingrules.txt -hash ntlm -p 4 -cLen 2600 -cCount 500000 -file basic_ntlm_table Benchmarking a Dictionary Based Attack -Note: Will generally underestimate time due to the fact it doesn't write to disk ./drtgen -d -dic inputdic.txt -rules manglingrules.txt -hash ntlm -cLen 2600 -cCount 500000 -bench Traditional Rainbow Table Generation ./drtgen -d -charset loweralpha-numeric -lmin 0 -lmax 7 -hash ntlm -cLen 2600 -cCount 500000 -file basic_ntlm_table After the table is created: Run ./rtsort <file name.rt> Example: ./rtsort testtable.rt This sorts the rainbow table and is necessary before you can use it. Cracking Password Hashes: or ./drcrack -d <file name.cfg -h <individual hash> |