Networking Geek to Geek

Jimmy Ray Purser

Previous Article Next Article

Taste the Rainbow...Tables

By JimmyRay on Wed, 09/10/08 - 7:35pm.

. What's this?

Secret stuff really appeals to me. Movies like National Treasure and Indy Jones, coupled with books like Da Vinci Code and By Way of Deception, really hook me. Who out there today doesn't daydream about having privileged access to some big secret that folks are chasing you down to get? Can I get a witness? If you really want to get someone's attention, start your statement with "Let me tell you a secret" I would stop eating Popeye's chicken to tune in to that OK, maybe not that drastic.

Cracking passwords is typically what most folks think of when they think about hacking. Password cracking is really a lot of fun and is something as IT folks we should do often as part of a security audit. When security folks today conduct pen testing, they are looking to piggyback on someone else's access level to get into a system. I feel like Jimmy Ray Bond when I do have to crack a password and actually do it. It is euphoric!

Brute Forcing passwords takes too long. Rainbow Tables are a very cool method sometimes referred to as time memory trade-off. It is a cross between a dictionary attack and a brute-force attack. What if I could tell you that you could crack every single possible combination of letters, numbers, and characters up to 18 characters long in less then 13 seconds? In walks the rainbow table. These tables are every possible precomputed password hash. As you can imagine, these tables are huge in size and not easily downloadable. The current size for all hashes is around 78 GB, and this changes monthly. Normally you either pay a monthly fee to use the tables online or just order the DVD sets. The price averages between $30 and $150.

If you balk at the price and would like to build your own tables, this can be easily accomplished with the program rtgen for Linux or Winrtgen for Windows. Use a powerful server PIII, or better, add some time, disk space, and there you go. Using the tables is a real piece of cake. When doing tables I always use Cain. I just load the hash file I captured with pwdump3, select rainbow tables instead of dictionary or brute force, and it is done superfast. The longest I have ever seen this process take was 12 minutes. If you do demos to "wow" folks, this is a superimpressive demo to show the power of tables. Just invite anyone to enter any password they want and crack it before they sit down. Bond, Jimmy Ray Bond.

Jimmy Ray Purser

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About Networking Geek to Geek

Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.

Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.