Free Rainbow Tables | Forum

Home of the Distributed Generator and Cracker
It is currently 17 Apr 2014, 08:42

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 181 posts ]  Go to page Previous  1 ... 9, 10, 11, 12, 13  Next

What Algorithm would you like to do next?
MD5 38%  38%  [ 41 ]
NTLM 30%  30%  [ 33 ]
SHA1 10%  10%  [ 11 ]
SHA265 / SHA512 5%  5%  [ 5 ]
MSCACHE 6%  6%  [ 7 ]
MYSQL SHA1 3%  3%  [ 3 ]
OTHER 8%  8%  [ 9 ]
Total votes : 109
Author Message
PostPosted: 08 Nov 2010, 02:18 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
Salazasu wrote:
Soo...the md5_loweralpha#1-10 table is nearly done. Any official word on which algorithm/charset is next?

(Especially considering that generation time is no longer as much of a concern with the CUDA app out...)


No idea. Right now there is only CUDA generation for windows and for md5. Many of us also don't have the upload bandwidth to support 24/7 runs of our GPUs with the WU result size. The code for algorithms besides md5 is done but not yet integrated or tested. I just got the first successful CUDA linux build but the results aren't correct.

We might look at re-generating old sets using the sequential start points so they can be converted to rti2. In any case yesterday I posted to the developers forum noting that we were running out of remaining WUs but no one has responded regarding what we think we should do next.

You can follow the rti2 discussion that hijacked this thread: topic2433-45.html


Top
 Profile  
 
 Post subject:
Posted: 08 Nov 2010, 17:29 


Top
  
 
PostPosted: 08 Nov 2010, 17:29 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
Salazasu wrote:
Soo...the md5_loweralpha#1-10 table is nearly done. Any official word on which algorithm/charset is next?

(Especially considering that generation time is no longer as much of a concern with the CUDA app out...)


From PowerBlade: "First I will queue up some smaller tables like that was previously done randomly, just to test the new validator and assimilator. That's maybe a week worth of work. After that..? I'm open for suggestions.. Maybe some of these would be an idea? http://project-rainbowcrack.com/larger_table.htm
Or maybe we should start with something smaller.. Those tables takes a looooong time to make, espicially as perfect tables!"


Top
 Profile  
 
PostPosted: 08 Nov 2010, 18:28 
Offline
Brute Force

Joined: 22 Feb 2009, 00:26
Posts: 115
Location: Norway
Well, I'm all for more NTLM tables. Either mixalpha_numeric-8 with various national characters (like Norwegian æøå etc), to "close the gap" between US A-Z,a-z,0-9 and the "almost all" LM tables, or length 9-10 with first character uppercase-letter only, then lower/mixcase-numeric.

(Got 873 NTLM hashes I can't recover using all the NTLM tables I've got.... :cry: )


Top
 Profile  
 
PostPosted: 08 Nov 2010, 18:52 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
tittentei wrote:
Well, I'm all for more NTLM tables. Either mixalpha_numeric-8 with various national characters (like Norwegian æøå etc), to "close the gap" between US A-Z,a-z,0-9 and the "almost all" LM tables, or length 9-10 with first character uppercase-letter only, then lower/mixcase-numeric.

(Got 873 NTLM hashes I can't recover using all the NTLM tables I've got.... :cry: )


Heh to do a larger ntlm set we certainly need to have moved to rti2 and get the ntlm cuda code in place.

LM is 2 length 7 halves did you mean to say NTLM for the length 9-10? Hybrid character sets need to be fixed in general before we could make more.

From æøå, æ and å are in the lm-frt-cp437-850 charset, but ø, 0xF8 is not.
lm-frt-cp437-850 covers code points (standard math set notation):
[0x20,0x60]
[0x7b,0x7e]
[0x80]
[0x8e,0x90]
[0x92]
[0x99,0x9f]
[0xa5]
[0xb5,0xb7]
[0xbe]
[0xc7]
[0xcf]
[0xd1,0xd8]
[0xde]
[0xe0,0xeb]
[0xed,0xef]

We can and should compile the character sets people are using, there is some simple windows cli command to get the cp name. For specific characters this might be helpful: http://www.fileformat.info/info/unicode/char/search.htm


Top
 Profile  
 
PostPosted: 08 Nov 2010, 21:37 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
quel wrote:
Hybrid character sets need to be fixed in general before we could make more.

:o I wrote a patch for that a year ago. post12538.html#p12538

:shock: You're still using hand coded assembly in CChainWalkContext::IndexToPlain().

Well I did say this about the patch "note this is untested code but it looks correct (just like how that other code looked correct, hopefully in 1.5 years I'll come back and NOT notice something wrong)." Hey its been a year and I didn't notice anything wrong.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 08 Nov 2010, 21:47 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
Sc00bz wrote:
quel wrote:
Hybrid character sets need to be fixed in general before we could make more.

:o I wrote a patch for that a year ago. post12538.html#p12538


Yes I'm aware of the hybrid patch but have not gotten to it.

Sc00bz wrote:
:shock: You're still using hand coded assembly in CChainWalkContext::IndexToPlain().


Yes, short of running a g++ build based on profiler feedback or running g++ 4.5.1 (most *nix users are on g++ 4.3.x) the hand coded asm is faster on x86 and x86_64 for *nix *and* for win32. That asm is also far from optimized but every oprofile run I did has me go back to it minus the profiler feedback modes that I don't consider usable for distribution. (Oh btw first build with this option and run a test set and then rebuild with the other option to use the profile feedback or it'll be slow as @#F@.) Though, approaching g++ 4.5.1 the built in optimizations are improving to a point where we may end up wanting the c equivalent for certain compiler versions. Though, really transforming it into something sse2 based is really going to be better tho something similar to the distrrtgen_cuda code with multiplies/adds/subs instead of an actual divide. Feel free to write a replacement - all the code is in the gitorious repository.


Top
 Profile  
 
PostPosted: 27 Nov 2010, 02:38 
Offline
Shoulder Surfer

Joined: 26 Nov 2010, 15:42
Posts: 3
I would like the one used in linux, crypt(3) (I know it is very complex) but it would be awesome


Top
 Profile  
 
PostPosted: 27 Nov 2010, 19:54 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
You can't create a useful rainbow table for crypt(3) because it's salted.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 21 Dec 2010, 09:16 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
tittentei wrote:
To expand your charset just a little bit, there's actually quite a few users using non-US (non-English) characters in their passwords, effectively disabling the use of most existing rainbow tables available today, with the exception of those commercially available from the creators of ophcrack. Their support for German characters (äöüÄÖÜß) certainly expands the total keyspace, and if we add Norwegian (æøåÆØÅ) as well, at least i can tell you it takes a loooong time for me using traditional crackers.


I'm actually quite interested in someone putting together a table containing special characters from various languages. In many cases as long as the character has an 8 byte ASCII equivalent then we can actually cover quite a few letters across multiple languages with only small increases to charset and keyspace. If anyone knows of such a table or would like to produce one go for it! The majority of the user base is European and as an American I'm completely useless for such a task :P


Top
 Profile  
 
PostPosted: 28 Mar 2012, 09:45 
Offline
Shoulder Surfer

Joined: 28 Mar 2012, 09:18
Posts: 3
I would be glad if you would generate

  • WPA2-AES_numeric-16

but i don't know how big something like this would be.

We would have the possibility to crack the most Fritz.Box within hours because only a few users
changed their password.

And so we can get a big piece closer to our goal to prove the insecurity of using simple hash routines.

*Edit:
I forgot to mention that i know that the hashes are salted with the SSID.
But there are only max. 30 SSID's because there are only a few Fritz.box series so it would be possible.


Top
 Profile  
 
PostPosted: 28 Mar 2012, 16:39 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
Sorry but you can't create a useful rainbow table for WPA2. What you can do is generate a list of network keys from a list of SSIDs and passwords each takes up 32 bytes. So for numeric-16 that's 320 PB per SSID. Note that given the capture file and the list of network keys it will still take years.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 28 Mar 2012, 21:54 
Offline
Brute Force

Joined: 02 Mar 2012, 01:11
Posts: 105
Quote:
Sorry but you can't create a useful rainbow table for WPA2. What you can do is generate a list of network keys from a list of SSIDs and passwords each takes up 32 bytes. So for numeric-16 that's 320 PB per SSID. Note that given the capture file and the list of network keys it will still take years.


This is quite true. I've only come across one (imperfect) rainbow table that used the top 100 most common eSSIDs to generate hashes. It's a lot of work that really shouldn't be done, considering that, even then, an effective character set must be chosen. Until a method arises where a salt can be "undone," this isn't a possibility.

I'm all for a new ntlm table. Then again, I'm a bit biased, since I know a lot more about Windows hashes than many other algorithms.

EDIT: also, a multilingual table would be a good idea. German and French characters have been used in some, before. Might be a good start. :)


Top
 Profile  
 
PostPosted: 28 Mar 2012, 22:45 
Offline
Shoulder Surfer

Joined: 28 Mar 2012, 09:18
Posts: 3
Quote:
Quote:
Sorry but you can't create a useful rainbow table for WPA2. What you can do is generate a list of network keys from a list of SSIDs and passwords each takes up 32 bytes. So for numeric-16 that's 320 PB per SSID. Note that given the capture file and the list of network keys it will still take years.



This is quite true. I've only come across one (imperfect) rainbow table that used the top 100 most common eSSIDs to generate hashes. It's a lot of work that really shouldn't be done, considering that, even then, an effective character set must be chosen. Until a method arises where a salt can be "undone," this isn't a possibility.

I'm all for a new ntlm table. Then again, I'm a bit biased, since I know a lot more about Windows hashes than many other algorithms.

EDIT: also, a multilingual table would be a good idea. German and French characters have been used in some, before. Might be a good start. :)


Maybe you did not read my post completely....
I've written that salt is not a problem because there are max. only 30 Fritz!Box SSIDs.
And the charset is always numeric-16 for all FritzBoxes.
If there are Rainbowtalbes in the Internet who are 33GB including 100 SSIDs, it should be possible to generate a rt with under 30 SSID's.


Top
 Profile  
 
PostPosted: 28 Mar 2012, 23:34 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
Unknown wrote:
I've only come across one (imperfect) rainbow table that used the top 100 most common eSSIDs to generate hashes.

BluBb_mADe wrote:
If there are Rainbowtalbes in the Internet who are 33GB including 100 SSIDs, it should be possible to generate a rt with under 30 SSID's.

These are NOT rainbow tables these are simple lists of network keys. One costs O(N) space and O(N) time (lists) and the other costs O(N^(2/3)) space and O(N^(2/3)) time (rainbow tables).

I believe your are confused by renderlab.net "This page is to give a little more insight into the methodology and logic behind concieving and building the CoWF WPA-PSK Rainbow Tables (actually they are lookup tables but I just like the term 'rainbow tables' alot.)"

Also by WinRTGen which has the ability to generate rainbow tables for WPA but they are not worth much. It requires you to obtain the network key, but given the network key you are able to get onto the network.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 28 Mar 2012, 23:44 
Offline
Shoulder Surfer

Joined: 28 Mar 2012, 09:18
Posts: 3
You're right. I said nothing. It was just a beautiful dream.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 181 posts ]  Go to page Previous  1 ... 9, 10, 11, 12, 13  Next

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group