Penetration Testing mailing list archives
RE: Using schmoo rainbow tables with rcrack
From: "Victor Chapela" <victor () sm4rt com>
Date: Fri, 31 Mar 2006 20:37:51 -0600
Hi, The problem you have is based on the fact that you are trying to break 2 Lan Manager hashes, not one. Remember that Lan Manager splits passwords into two independent hashes and then sticks them together. You can do two things: use the pwdump format in which as an extra bonus rcrack will break the lowercase letters by bruteforcing the NTLM hash (only after it breaks both hashes) or you can use the hash list (-l) or individual hashes (-h) by separating your hashes into two separate ones. For example, the hash for the word "password" would be E52CAC67419A9A224A3B108F3FA6CB6D where E52CAC67419A9A22 would be broken into "passwor" and 4A3B108F3FA6CB6D into "d". You can use "rcrack alpha/*rt -h E52CAC67419A9A22" to break the first half. Good luck, Victor
-----Original Message----- From: Per Øyvind Thorsheim [mailto:putilutt () online no] Sent: March 31, 2006 9:35 AM To: 'Ghirai'; pen-test () securityfocus com Subject: SV: Using schmoo rainbow tables with rcrack I've got the same problem with all the shmoo charsets (yes, i've downloaded them all), and i have also tested them with Cain & Abel (www.oxid.it), also there without success. Any clues would be much appreciated. Regards, Per-----Opprinnelig melding----- Fra: Ghirai [mailto:ghirai () ghirai com] Sendt: 31. mars 2006 11:49 Til: pen-test () securityfocus com Emne: Using schmoo rainbow tables with rcrack Hello, I downloaded the schmoo rainbow tables, and wanted to perform a few tests on my local machine, but rcrack gives me an errorwhen i try thealpha charset: D:\Rainbow Tables\LM\lm_alpha>rcrack.exe *.rt -h xxxxxxxxxxxxxxxxxxxxxxxxxxxxx lm_alpha#1-7_0_2100x8000000_all.rt: this table contains hashes with length 8 only lm_alpha#1-7_1_2100x8000000_all.rt: this table contains hashes with length 8 only lm_alpha#1-7_2_2100x8000000_all.rt: this table contains hashes with length 8 only lm_alpha#1-7_3_2100x8000000_all.rt: this table contains hashes with length 8 only lm_alpha#1-7_4_2100x8000000_all.rt: this table contains hashes with length 8 only Anyone used the schmoo RTs, and know how to use them properly? Thanks. -- Best regards, Ghirai. -------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for youto confirmyour results from other product. Contact us at request () cenzic com -------------------------------------------------------------- ------------------------------------------------------------------------------ ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com -------------------------------------------------------------- ----------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- RE: Using schmoo rainbow tables with rcrack Victor Chapela (Apr 02)
- Re[2]: Using schmoo rainbow tables with rcrack Ghirai (Apr 02)