Your SlideShare is downloading. ×
0
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Cracking Using Rainbow Tables
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cracking Using Rainbow Tables

3,892

Published on

This ppt gives you the details how the passwords are stored in windows, how one can crack them and ways to avoid them

This ppt gives you the details how the passwords are stored in windows, how one can crack them and ways to avoid them

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,892
On Slideshare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
88
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. RAINBOW TABLES<br /> LM &amp; NTLM HASHES<br /> By:- Rahul Sharma TE COMPUTERS T3224245<br />
  • 2. How Windows Store Passwords??<br /><ul><li>LM “hashes”
  • 3. Old technology used on LAN Manager
  • 4. NT hashes
  • 5. Unicode password or MD4 hash
  • 6. Used for authentication on more recent Windows systems</li></li></ul><li>How a Hash looks Like??<br />E52CAC67419A9A224A3B108F3FA6CB6D <br />
  • 7. LM “Hash” Generation<br />
  • 8. how to create the hash<br />
  • 9. LM hashes<br />
  • 10. Overview<br />
  • 11. Proof that case doesn’t matter<br />Password = E52CAC67419A9A22 4A3B108F3FA6CB6D <br />PaSSwORd = E52CAC67419A9A22 4A3B108F3FA6CB6D <br />Password1 = E52CAC67419A9A22 38F10713B629B565<br />
  • 12. NTLM HASHES<br />Uses MD4 algorithm to create a hash of the mixed-case password<br />Results in a 16 byte hash of the password (stored in the SAM…)<br />Used for any password greater than 14 characters<br />
  • 13. NTLM HASH <br />
  • 14. Proof that case DOES matter<br />Password = F15ABD57801840F3<br />348DDCCAFB677F6A <br />PaSSwORd = 17504CE07C0A0D4A<br />1BD3A99A0821F957<br /> Password1 = F9A3152D926F9FF8<br />98D0BAFBA0BFFD30<br />
  • 15. NTLM Hash Considerations<br />Case preserving<br />Maximum length = 127 characters<br />Better Security than LM Hashes<br />Number of ≤14-character password (full char set) ≈ 2.7*1067<br />Number of 127-character passwords ≈ 4.9*10611<br />
  • 16. ATTACKS ON PASSWORDS….<br />
  • 17.
  • 18.
  • 19. <ul><li>What is a Brute Force Attack?
  • 20. Types of Brute Force attacks: </li></ul> Online B.F.<br /> Offline B.F.<br /><ul><li>Can be prevented :-</li></ul>limit number of login attempts<br />
  • 21.
  • 22.
  • 23. Reduce<br />Hash<br />Hash<br />Reduce<br />Reduce<br />
  • 24.
  • 25. Algorithm followed:-<br />
  • 26. Hash<br />Reduce<br />Reduce<br />Hash<br />Reduce<br />Hash<br />Reduce<br />Hash<br />
  • 27.
  • 28. IS THIS EFFECTIVE???<br />
  • 29. How to prevent rainbow tables from cracking passwords??<br />
  • 30. What is SALT??<br />Special text or code.<br />It does password strengthening<br />SOME FACTS:-<br /><ul><li>Windows doesn&apos;t salt its hash!
  • 31. This makes it possible to speed up password cracking with precomputed Rainbow Tables
  • 32. LINUX uses SALT….</li></li></ul><li>PROOF<br />Here are two accounts on a Windows 7 Beta machine with the password &apos;password&apos;<br />This hash is from a different Windows 7 Beta machine<br />
  • 33. Linux Salts its Hashes<br />
  • 34. TWITTER ATTACK!!!<br /><ul><li>18yr student used dictionary script to automatically trying English word which led him to stuff account.
  • 35. Username: “crystal”, password:”Happiness” .</li></li></ul><li>
  • 36. REFERENCES<br />IEEE PAPERS<br /><ul><li>[1] Orhun KARA and Adem ATALAY - “Preimages of Hash Functions Through Rainbow Tables” dated-September 14-16, 2009
  • 37. [2] Kostas Theoharoulis,Charalampos Manifavas and Ioannis Papaefstathiou - “HighEnd Reconfigurable Systems for fast Windows’ Password Cracking” dated - November 10, 2009</li></ul>WEBSITES<br /><ul><li>http://www.rainbowtables.net/tutorials.php
  • 38. http://en.wikipedia.org/wiki/Rainbow_table
  • 39. http://www.freerainbowtables.com/
  • 40. http://kestas.kuliukas.com/RainbowTables/
  • 41. http://project-rainbowcrack.com/
  • 42. http://www.ethicalhacker.net/content/view/94/24</li></li></ul><li>
  • 43. QUESTIONS ?<br />

×