« OKboy 宣布暂时收回 smth.org 域名 | Main | Google Web Accelerator 大一统互联网 »

May 10, 2005

疯狂的MD5表 | CrazyKid是用户了!

版权声明：可以任意转载，转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2005/05/10/000655.html http://windtear.net/archives/2005/05/10/000655.html

Project RainbowCrack
http://www.antsight.com/zsl/rainbowcrack/

疯狂
Crazy

请输入单词: Rainbow
rainbow n.彩虹, 五彩缤纷的排列, 幻想, 幻觉, 虚无缥缈的东西
rainbow trout n.[鱼]虹鳟鱼

很早之前接触MD5时就想
这种HASH运算靠的是发生碰撞的概率小
后来我们的王小云教授带领的团队一次次向世界自豪的宣布找到碰撞方法
想什么呢
做个表
把"所有的"字串穷举得到一个大表
然后再反向的话匹配就行了
当然我还没白痴到不知道这要巨大巨大的数据存储
而且那会儿查询效率未必高到哪里去
于是只能是理论上的意淫
或者位数很少时才能进行md5crack

看到这个东东
大家热火朝天的想着把人家表搞下来
发现没有提供下载
就有自己跑着算的
呵呵
bless吧

应该不容易

不过想来
64GB的量几分钟内就可以搞定14位以内大小写字母、数字、特殊字符的任意排列组合的MD5反向
还是很牛的
或者少些特殊字符 24GB就够了
好赞啊

Project RainbowCrack

Contact

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting stuff among them is the lm #6 table, with which we can break any windows password up to 14 characters in a few minutes.

Download

The latest version of RainbowCrack is 1.2

download	platform	supported charset	supported algorithm
rainbowcrack-1.2-win.zip(547K) rainbowcrack-1.2-src.zip(44K)	windows binary source for windows and linux	customizable	lm, md5, sha1, customizable
rainbowcrack-1.1-win.zip(403K) rainbowcrack-1.1-win-src.zip(59K)	windows binary windows source	customizable	lm
rainbowcrack-1.01-win.zip(400K) rainbowcrack-1.01-win-src.zip(56K)	windows binary windows source	alpha and alpha-numeric	lm
rainbowcrack-1.0-win.zip(400K) rainbowcrack-1.0-win-src.zip(56K)	not recommended

lm: The LanManager hash algorithm. "lm" table can be used to break windows password.
customizable charset: Charset of rainbow table can be customized as described in documentation.
customizable algorithm: Support of new algorithm can be done with ease, as described in FAQ. A ready to work algorithm patch supporting NTLM, MD2, MD4 and RIPEMD160 is here Algorithm patch for RainbowCrack 1.2(3K).

Documentation

Frequently Asked Questions

RainbowCrack tutorial introduces basic steps to make rainbowcrack tool working.
Large charset configurations for RainbowCrack outlines a lot of tips when generating large rainbow tables, also two new configurations introduced.

If you are going to generate your rainbow tables with custom algorithm and/or custom charset, the major problem will be how to find out the proper table parameters(chain length, chain count of each table and table count). However, this is not a very easy topic, here are some material that can be useful:

Philippe Oechslin's paper is your best reference for the time-memory trade-off algorithm.
Parameter optimization of time-memory trade-off cryptanalysis in RainbowCrack. This article includes steps of how configurations in rainbowcrack documents are generated.
matlab script for rainbowcrack and the patch can be used to calculate storage requirement, cracking time performance, success probability and all other parameters of a certain table set. You need MATLAB to run these scripts.
Important: those very large tables are not feasible for personal. If you are going to generate a set of tables, make sure to calculate the key space before you start. For example, tables with keyspace 7555858447479 (69^1 + 69^2 + 69^3 + 69^4 + 69^5 + 69^6 + 69^7) needs several years to generate on single PC. For larger tables, you are likely need more time to generate. By the way, the largest key space supported by rainbowcrack is 2^64 - 1 (18446744073709551615). This limitation is not important because we will not arrive this.

Rainbow Table

We demonstrate some typical lanmanager(lm) rainbow tables here, all tables can be used to break windows password of the corresponding charset up to 14 characters in very short time.
Though no table includes lowercase letters as part of the charset, all lm tables with uppercase letters can also break windows password with lowercase letters. The rcrack.exe program in rainbowcrack can do the work of case correction with the help of ntlm hash if we are processing the hash file in pwdump format.

lm configuration #0

charset	[ABCDEFGHIJKLMNOPQRSTUVWXYZ]
keyspace	8353082582
table size	610 MB
success probability	0.9990
Demo: crack 5 alpha only windows password in a few seconds

lm configuration #1

charset	[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
keyspace	80603140212
table size	3 GB
success probability	0.9904
Demo: crack 5 alpha-numeric windows password in a few seconds

lm configuration #5

charset	[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ]
keyspace	915358891407 (2^39.7)
table size	24 GB
success probability	0.99909
This table set is capable of cracking windows password(up to 14 characters) of charset "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&()-_+= " in a few minutes, with the success rate 99.91%. Demo: crack of following windows password: N73k_a7()TUBoK PrFa$=ptRcb^__ z %G)rEW&2nk# cjST$=W0U-5CH (zw= ijV$ivEX the screen output, the windows media 9 video. Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).

lm configuration #6

charset	[ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}\|\:;"'<>,.?/ ]
keyspace	7555858447479 (2^42.8)
table size	64 GB
success probability	0.999
This table set is capable of cracking windows password(up to 14 characters) of charset "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&()-_+=~`[]{}\|\:;"'<>,.?/ " in a few minutes, with the success rate 99.9%. This charset includes all possbile characters on a standard keyboard (not including those alt+xxx characters). So this table set is likely to crack any windows password up 14 characters in minutes. It will take several years if we compute these tables on single computer. However, the actual time is reduced to a few months with a lot of computers to work parallelly. Demo: crack of following windows password: }m-6BRzCj=J}G D2@,:H?+e5#: $ Ot\KZ?/a/qr4d^ yc~<{1!Oe}l_j\| 5~\|3&-K^4S#c3q the screen output, the windows media 9 video. Demo: crack of 100 windows password: the screen output Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).

md5 configuration loweralpha-numeric,1-8

charset	[abcdefghijklmnopqrstuvwxyz0123456789]
keyspace	2901713047668
table size	36 GB
success probability	0.99904
Demo: crack 10 md5 hash in 35 minutes Table generation: this table set can be generated with rtgen utility of rainbowcrack 1.2 software(table generation commands).

btw:
今日个人的大事
历经665天戒网的 CrazyKid 疯狂小子同学终于是用户了
嗯 2003-07-15 665
时光匆匆而逝
sigh

发信人: CrazyKid (疯狂小子※爱学习/爱生活), 信区: Test
标题: 我是用户了!
发信站: 水木社区 (Tue May 10 18:43:07 2005), 站内

戒网665然后终于不显示戒网恢复显示用户了

666-665=1
原来加过15生命力

于是8.238那边生命力 16

CrazyKid (疯狂小子※爱学习/爱生活) 共上站 899 次，发表过 1842 篇文章
上次在 [Tue Jul 15 08:24:56 2003] 从 [61.149.1.*] 到本站一游。
离线时间[Tue Jul 15 19:16:57 2003] 生命力：[16] 身份: [用户]。
没有个人说明档

--
夹着尾巴做人
行胜于言
自强不息厚德载物
严谨勤奋求实创新
戒骄戒躁谦虚谨慎
助人为乐知足常乐自得其乐

※ 来源:·水木社区 http://newsmth.net·[FROM: 111.111.111.111]

Posted by windtear at May 10, 2005 6:44 PM

windtear 追求完美

网络技术/Linux/自由、协作、创造－为了明天/个人原创整理

May 10, 2005

疯狂的MD5表 | CrazyKid是用户了!

Project RainbowCrack