So you want to be a hacker huh? I was watching Transformers this last Sunday, and the really hot NSA Security analyst threw out a really cool buzz-word "brute force". Brute forcing passwords are okay when the passwords are extremely weak. If the password is 8 characters or more with upper and lower case, special characters and numbers, you are looking at trying to crack that password using brute force in about 8-20 years!
No, you need something a little faster than that. Attacking a password hash using rainbow tables is where it appears to be at now days. There are places you can go to download some rainbow tables. One place I found was at rainbowtables.shmoo.com, where they offer free rainbow tables via bit torrent. When I tried to download them, my bit torrent tracker said it would download in 8 days (I hate bit torrent by the way).
So why not make your own tables? Well, look no further, you can download WINRTGEN and generate your own tables. This still takes a lot of time. I am generating one table to pen test the ms-cache password on my domain computer (I will blog about that later) using Cain and Abel. I started generating the table at around 10:00am yesterday, now it is about 2:30pm, and it is only at 61%. Needless to say, you better pack a lunch, or go make some coffee. If you are wondering, WINRTGEN will generate rainbow tables to attack the following hashes: LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes.
You can download WINRTGEN by itself, or you can download Cain and Able and it comes with it. I'll let you guys know how well my tables worked against my cached password (And I use a strong password).
Aug 23, 2007
3:18 PM El DiPablo