Free Rainbow Tables | Forum

Home of the Distributed Generator and Cracker
It is currently 26 Apr 2015, 19:08

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 94 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7  Next
Author Message
PostPosted: 23 Jul 2009, 17:47 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
I did but with that small key_space you get
key_space = 1111000
chain_length = 7
chain_count = 712405
7 x 712405 = 4,986,835
4,986,835 x 5 = 24,934,175(total work)

I think the the chain_length is too small according to PowerBlade. I think maybe this dict(key_space) is too small for RT?


Top
 Profile  
 
 Post subject:
Posted: 23 Jul 2009, 17:51 


Top
  
 
PostPosted: 23 Jul 2009, 17:51 
Offline
Perfect Table

Joined: 02 Apr 2008, 15:10
Posts: 927
Location: Bucharest, Romania
"7 x 712405 = 4,986,835
4,986,835 x 5 = 24,934,175(total work)"
what is this ? i don't get it.

chain_length = 7 is TOOO small. increase the key_space...like adding these options : caseperm,12;numsuffix,4

_________________
a2480f25 blog.


Top
 Profile  
 
PostPosted: 23 Jul 2009, 20:50 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1061
alphnum wrote:
Well I made the chain length 10000. Then created 4 tables:
lm_dictionary(1000.txt#numsuffix,3)_0_10000x1929_test2.rt
lm_dictionary(1000.txt#numsuffix,3)_1_10000x1929_test2.rt
lm_dictionary(1000.txt#numsuffix,3)_2_10000x1929_test2.rt
lm_dictionary(1000.txt#numsuffix,3)_3_10000x1929_test2.rt

It has been cracking for over 3 hours on the first table.

alphnum wrote:
This one I created has been cracking now for over 11 hours on the first table. lm_dictionary(1000.txt#numsuffix,3)_0_10000x1929_test2.rt:
Something wrong right?

Yes something is wrong. How long did it take to create the tables?
It should take about 64.8% that amount of time to generate the end points per hash to look up in a table. You were searching for 14 hashes so it should take about 9 times longer to generate the end points to look up in one table than it took to create the table set. It might be that rtgendict is just really really slow.

10000 * 1929 * 4 = 77,160,000 links/table set
10000 * 9999 / 2 = 49,995,000 links/hash/table
49,995,000 / 77,160,000 = 64.8%

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 23 Jul 2009, 23:18 
Offline
Site Admin

Joined: 11 Oct 2007, 21:17
Posts: 1618
Location: Copenhagen, Denmark
I didn't optimize rtgendict in any way. It's only POC (Proof of Concept) code and i never had time to do anything more about it.


Top
 Profile  
 
PostPosted: 24 Jul 2009, 00:07 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
Sc00bz wrote:
Yes something is wrong. How long did it take to create the tables?

13 seconds per table.

Sc00bz wrote:
10000 * 1929 * 4 = 77,160,000 links/table set
10000 * 9999 / 2 = 49,995,000 links/hash/table
49,995,000 / 77,160,000 = 64.8%

What does the 9999 and 2 represent?


Top
 Profile  
 
PostPosted: 24 Jul 2009, 07:07 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1061
Well that's odd 9 * 4 * 13 seconds is not 11 hours. Dose it ever finish maybe it's stuck in an infinite loop.

To generate the end points to look up in a rainbow table you need to do 1 link then 2 links then 3 links ... chain length links. The formula to calculate the sum of all of those links is:
(chain_length + 1) * chain_length / 2
9999 is the actual chain length so 10000 * 9999 / 2 = 49,995,000 links

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 24 Jul 2009, 08:53 
Offline
Developer

Joined: 30 Mar 2008, 15:37
Posts: 865
i remember having similar problems when i played with it quite some time ago, at the time i didn't bother to try and find the cause :)


Top
 Profile  
 
PostPosted: 24 Jul 2009, 17:55 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
Sc00bz wrote:
Dose it ever finish maybe it's stuck in an infinite loop.

No. It was stuck in a loop.

So i abandoned this:
lm_dictionary(1000.txt#numsuffix,3)_0_10000x1929_test2.rt

I then created a real-world sample. 5 tables lm using InsidePro_mil-dic.dic(211,742 words):
lm_dictionary(pass2.dic#caseperm,12;numsuffix,3)_0_103x11479200_test3.rt...
This one got:
Code:
statistics
------------------------------------------------------
plaintext found:          8 of 14 (57.14%)
total disk access time:   1.24 s
total cryptanalysis time: 214.03 s
total chain walk step:    209609
total false alarm:        6278385
total chain walk step due to false alarm: 227787105

but more the half of the results were buggy having more than it should:
Code:
1e929ffc01395127  <notfound>  hex:<notfound>
6312b0dd0733e473  LACROSSe  hex:4c4143524f535365
d7c72b12f8e545eb  <notfound>  hex:<notfound>
eb52c8fbee0659c0  CALIFORNiA  hex:43414c49464f524e6941
695ba20263385b35  <notfound>  hex:<notfound>
8830f4688e8e5f7f  PORSCHE198  hex:504f5253434845313938
48f4b32c15ff9968  911  hex:393131

Like eb52c8fbee0659c0 is califor but I am getting nia from next hash 695ba20263385b35 added to the first. Thats fine but 8830f4688e8e5f7f is porsche and 48f4b32c15ff9968 is 911. Where is the 198 coming from?

So I had a gut feeling and did not give up. I went to NTLM. Kept everything else the same:
ntlm_dictionary(pass2.dic#caseperm,12;numsuffix,3)_0_103x11479200_test4.rt

SUCCESS! :D
Code:
statistics
-------------------------------------------------------
plaintext found:          10 of 10 (100.00%)
total disk access time:   0.25 s
total cryptanalysis time: 0.03 s
total chain walk step:    5301
total false alarm:        220
total chain walk step due to false alarm: 16696

I also tried another 20 individually and they all worked.

One thing I noticed is that if you try a hash with caseperm and numsuffix like porSChe123 it will not find it. Wish you could mix them.

So if your going to try this go with NTLM.


Top
 Profile  
 
PostPosted: 24 Jul 2009, 20:57 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1061
Caseperm and well passwords longer than 7 characters for LM are pointless. Caseperm actually hurts your chances of finding a password. "PORSCHE" is 7 characters long it found it as "PORSCHE198" truncated to 7 characters so "PORSCHE" also "LACROSSe" is actually "LACROSS"
alphnum wrote:
Like eb52c8fbee0659c0 is califor but I am getting nia from next hash 695ba20263385b35 added to the first.

No that's not true, it's getting "CALIFOR" from eb52c8fbee0659c0 the next hash could have been anything it wouldn't matter.

Also is your word list in all caps because that would explain why you only got passwords that were numbers only from awhile ago.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 25 Jul 2009, 00:05 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
Sc00bz wrote:
Caseperm and well passwords longer than 7 characters for LM are pointless. Caseperm actually hurts your chances of finding a password.

I know. I was using it to get higher keyspace.

Sc00bz wrote:
No that's not true, it's getting "CALIFOR" from eb52c8fbee0659c0 the next hash could have been anything it wouldn't matter.

Yes but the next hash was 695ba20263385b35(nia) and in the results it says <not found>.

Sc00bz wrote:
Also is your word list in all caps because that would explain why you only got passwords that were numbers only from awhile ago.

No. All lowercase.


Top
 Profile  
 
PostPosted: 25 Jul 2009, 01:04 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1061
alphnum wrote:
Sc00bz wrote:
No that's not true, it's getting "CALIFOR" from eb52c8fbee0659c0 the next hash could have been anything it wouldn't matter.

Yes but the next hash was 695ba20263385b35(nia) and in the results it says <not found>.

But 695ba20263385b35 is "NIA22"

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 25 Jul 2009, 03:32 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
You are right 695ba20263385b35 is "NIA22". Still it did not find "NIA22" just "NIA" and added it to the wrong pass. No big deal. It was dumb of me to even test with lm. Considering we have lm-all. Using ntlm from now on.

One thing I did notice running some tests using caseperm was that it works one way, lowercase to uppercase. If you have a word in the wordlist in caps like"HITEST" it will not find pass "HitEST".


Top
 Profile  
 
PostPosted: 25 Jul 2009, 17:25 
Offline
Guesser

Joined: 12 Nov 2007, 03:36
Posts: 38
_haxxor_ wrote:

first you get the key_space, then you calculate the chain_length, then the chain_count.
so...you want 99.9% success probability. and 5 perfect tables.
key_space = 1111000
work/table = 4.4886
bruteforce_point = key_space / (chain_length * (chain_length + 1) / 2 * number_of_tables)
=>chain_length.
chain_count = work_factor * key_space / chain_length
=>chain_count.

In this formula you posted a few times to get the the chain_length and chain_count. You are also stating to use 5 "perfect" tables. I don't think you can use rtperfecter.exe with these tables to perfect or at least not with rcrackdict.exe after. Right?

If yes, then can you change "work/table = 4.34" and use 4 for "number_of_tables" to get chain_length and chain_count to create 4 non-perfect tables at 99.9%?


Top
 Profile  
 
PostPosted: 27 Jul 2009, 01:17 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1061
alphnum wrote:
In this formula you posted a few times to get the the chain_length and chain_count. You are also stating to use 5 "perfect" tables. I don't think you can use rtperfecter.exe with these tables to perfect or at least not with rcrackdict.exe after. Right?

You can use rtperfecter.exe on any rainbow table that rcrack can read and it will also still work in rcrack after it is made perfect.
alphnum wrote:
If yes, then can you change "work/table = 4.34" and use 4 for "number_of_tables" to get chain_length and chain_count to create 4 non-perfect tables at 99.9%?

viewtopic.php?f=2&t=811#p10969

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 05 Aug 2009, 18:41 
Offline
Shoulder Surfer

Joined: 05 Aug 2009, 18:38
Posts: 1
PowerBlade wrote:
neinbrucke wrote:
i think both GPU based rainbow tables and dictionary rainbow tables could be very valuable... when i see how many passwords get cracking when i go from lowercase 1-9 to lowercase 1-10, that's still very much worth the effort.

But indeed, combinations/permutations with words are very powerful as well.


What kind of words are you cracking with lowercase 1-10? Isn't it just words that could be cracked with a dictionary?


Well im still finding where i can download this one


________________
Define


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 94 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7  Next

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group