Password cracking or Rainbow table attacks work by taking a password hash and converting it to its plaintext original. In this case, the attacker needs tools such as extractors for hash guessing, rainbow tables for looking up plaintext passwords, and password sniffers to extract authentication information. The concept of rainbow tables is that the attacker computes possible passwords and their hashes in a given system and puts the results into a lookup table called a “rainbow table.” This allows an attacker to just get a hash from the victim system and then just search for that hash in the rainbow table to get the plaintext password. To mitigate rainbow table attacks, you can disable LM hashes and use long and complex passwords.
In order to simulate a Rainbow Table Attack you'll need three applications:
1) Rainbow Table Generator (Winrtgen)
2) Windows Password Dump (pwdump7)
3) Rainbow Table Cracker (RainbowCrack)
Under Hash > choose nltm.
In order to save time generating the Rainbow Table, change Min Len and Max Len to 3 > select Charset (loweralpha in this case) > change Chain Count to 40000.
Click Benchmark.
Notice the Rainbow table file size is 625 KB and the total precomputation time (for all possible combination of Charset) is around 34 seconds.
Click OK to start generating the Rainbow Table.
I created a new user account (john) in Windows 7 under Control Panel > User Accounts and Family Safety > Add or remove user accounts.
Click Create a new account.
Type the new account name > select Administrator > Create Account
Click the new user account (john) > Create a password.
Type and re-type password to confirm password > Change password.
I simply used the password of xyz in this case.
Open a command prompt and type pwdump7.exe and it will automatically dump or display the Windows user account and hashed passwords.
You can also redirect the output to a file, use pwdump7.exe > FILENAME.pwdump
Add the dump hashed password and pre-computed hashed Rainbow Table in RainbowCrack.
To open the pwdump file, click File > Load NTLM Hashes from PWDUMP file
Next is to load the Rainbow Table, go to Rainbow Table > Search Rainbow Tables.
So it's best practice to enforce a complex password policy of at least 8 characters long using a mix of lower and uppercase alphabets, numbers and special characters.
In order to simulate a Rainbow Table Attack you'll need three applications:
1) Rainbow Table Generator (Winrtgen)
2) Windows Password Dump (pwdump7)
3) Rainbow Table Cracker (RainbowCrack)
The Winrtgen comes with the Cain & Abel installation. Open Winrtgen > Add Table.
Under Hash > choose nltm.
In order to save time generating the Rainbow Table, change Min Len and Max Len to 3 > select Charset (loweralpha in this case) > change Chain Count to 40000.
Click Benchmark.
Notice the Rainbow table file size is 625 KB and the total precomputation time (for all possible combination of Charset) is around 34 seconds.
Click OK to start generating the Rainbow Table.
I created a new user account (john) in Windows 7 under Control Panel > User Accounts and Family Safety > Add or remove user accounts.
Click Create a new account.
Type the new account name > select Administrator > Create Account
Click the new user account (john) > Create a password.
Type and re-type password to confirm password > Change password.
I simply used the password of xyz in this case.
Open a command prompt and type pwdump7.exe and it will automatically dump or display the Windows user account and hashed passwords.
You can also redirect the output to a file, use pwdump7.exe > FILENAME.pwdump
Add the dump hashed password and pre-computed hashed Rainbow Table in RainbowCrack.
To open the pwdump file, click File > Load NTLM Hashes from PWDUMP file
Next is to load the Rainbow Table, go to Rainbow Table > Search Rainbow Tables.
Once the
Rainbow table is loaded, RainbowCrack will start cracking (brute force) the hashed passwords.
Notice it
displayed in plaintext the password of xyz for the username john
So it's best practice to enforce a complex password policy of at least 8 characters long using a mix of lower and uppercase alphabets, numbers and special characters.