SlideShare a Scribd company logo

Rainbow Tables

Download as PPTX, PDF
Panggi Libersa
Panggi Libersa

This document discusses password cracking using rainbow tables. It begins with an introduction to the author and their background and interests. It then provides definitions and examples of hashing algorithms like MD5 and LM hashes. The bulk of the document demonstrates cracking hashed passwords like "PANGGI" and "LOVE" using rainbow tables, which are pre-computed lookup tables allowing efficient password cracking without brute force. Timings and results of cracking attempts using different rainbow table files are shown.

1 of 36
Jakarta , December 12th 2009 Rainbow Tables Testing Passwords Security
About me PanggiLibersaa.k.amalcoder Student at Indonesia’s Computer University Like to take picture  Almost get his CEH certification ( waiting for exam) Member of GNU/Linux User Group at Bandung [ Klub Linux Bandung ] Small web hosting owner [ hostinggokil.com , ofirnetwork.com (in progress) ] Web : malcoder.infoandopensecuritylab.org Find me : @panggimalcoder panggi_y2k panggi.libersapanggipanggi
“Some things Man was never meant to know. For everything else, there's Google” Geeky Quote
Why Do I talk about this ? Awareness of Security ,[object Object]
Haven’t met anyone that isn’t surprised at the power of this stuff’s ability to make cracking password become so easy,[object Object]
Password Usage
How to keep it secret ? Don’t tell to anybody else , keep it in mind (personal) Store the password records on a secure environment (provider)
Type of storing password Cleartext (ex : this-is-so-secret , 260987) Encrypted ,[object Object]
Reversible encryption with key (ex : poly alphabetic substitution cipher)
One Way Hash ( ex : md5 , sha1 )
One Way Hash with salt ( ex : md5 + salt ),[object Object]
Decode : ciphertext -> cleartextcleartext : panggi ciphertext : cGFuZ2dp encode ciphertext : cGFuZ2dp decode cleartext : panggi
Polyalphabetic substitution cipher ,[object Object]
Usage :Key: ABCDEF AB CDEFA BCD EFABCDEFABCD Plaintext: CRYPTOIS SHORT FOR CRYPTOGRAPHY Ciphertext: CSASXTIT UKSWT GQU GWYQVRKWAQJB
[object Object]
CAN NOT BE DECODED , feel secured ? Wait ,[object Object]
Our Focus Today Cracking One Way Hash Cipher ,[object Object]
LM (LAN MANAGER) for MS Windows Password,[object Object]
LM : ,[object Object]
This password is null-padded to 14 bytes.
The “fixed-length” password is split into two 7-byte halves.
These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a parity-bit after every seven bits. This generates the 64 bits needed for the DES key.
Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.,[object Object]
1016 = ID
3EABC00C9F7B74B09A0F5D12D8F612D0 (LEFT side of LM password , it means the password is more than 7 chars)
34976BC196DADD52A6D02AE530F806C3 (RIGHT side of LM pass , so we just have to crack 7 chars and fit it together  ),[object Object]
Brute force Using all possible combination in sequence Example : Targeted hash : 4a8a08f09d37b73795649038408b5f33 OK.. Crack it .. a = 0cc175b9c0f1b6a831c399e269772661 <= no b = 92eb5ffee6ae2fec3ad71c777531578f <= no c = 4a8a08f09d37b73795649038408b5f33 <= yes Result : Plaintext of 4a8a08f09d37b73795649038408b5f33 is “c”
Dictionary Given the wordlist of common passwords Example : Targetted hash : 3858f62230ac3c915f300c664312c63f dic-crack3858f62230ac3c915f300c664312c63f- L “path-of-wordlist/wordlist.txt” searching…. … fooa <= 72b55c624205d69cc145cc610880e1f9 <= no foobar <= 3858f62230ac3c915f300c664312c63f <= yes …
Rainbow Tables ? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible (http://en.wikipedia.org/wiki/Rainbow_tables)
English please… Lookup table ? Trade-memory tradeoff ? <=?
Time for the Demo Example : md5_hash.txt 20392298d6b78e0890cd22a7bf071c49 c9122fd7bae0681b62a39ddfc1c7fb19 469590a45cc7f985b53d15113157e6ea 31c9febeeb68929cd6c097239cf3e9d3 2e19ab163556288cf239f5339927e408 dcb76da384ae3028d6aa9b2ebcea01c9 d1cbedff31b828ac2f15548357988073 c94630fe9dea660ba53ddf5d3a41e802 73e405227c02a626e66f0dc4dd3a53a3 9486f7a4fdf724cf6cacbdc103661fce 26f803e714f7d39c0b5a9dd67d03f887 0248750eb423b999bd684b10668f7241 9ac17fc47347d505c92e3ca31fee675d b65a81125dbfaab4a3ecdff26a979309 3fde6bb0541387e4ebdadf7c2ff31123 d695f8f703c1b3b0dce9d588a4d4abad 86acaeb6d0f7241ea54b73528fa204ca 78c5d5ed7ea4372435e9f006b29ea745 75003783871e9404cd0793ca81594841 e63d33d7ad4b4360f761634de070a860 a9684b0defabebc108720fda1627f43d b150e73aa5fc110c27320c98effcc0f1 464b59d944c93b6a5eb3dfd0abf15114 4e3d682f0821b23f6d49fa1ac2cf154a d740ee7f1cd46b3d536a6f4331a4c77f 13781c244d5bb85a296bcbe4ac7992f7 bcdc908a16dbfe1297b4b0891ccf9ed7 10f97476043d02db1a236b877232c0a6 d81bf97286c617c77b679478ce8b72b2 7279f67e313cc35e518f94c775a42196
Result D:ashcrack>rcrack d:d5_tables.rt -l md5_hash.txt md5_alpha#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 9.99 s verifying the file... searching for 30 hashes... plaintext of 20392298d6b78e0890cd22a7bf071c49 is PANGGI plaintext of c9122fd7bae0681b62a39ddfc1c7fb19 is LOVE plaintext of 469590a45cc7f985b53d15113157e6ea is MUSTIKA cryptanalysis time: 377.34 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 73.13 s verifying the file... searching for 27 hashes... plaintext of 31c9febeeb68929cd6c097239cf3e9d3 is P4ST1 plaintext of d81bf97286c617c77b679478ce8b72b2 is 050479 cryptanalysis time: 102.56 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 60.70 s verifying the file... searching for 25 hashes... plaintext of 10f97476043d02db1a236b877232c0a6 is 7201421 cryptanalysis time: 28.19 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 68.28 s verifying the file... searching for 24 hashes... cryptanalysis time: 28.24 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 67.72 s verifying the file... searching for 24 hashes... cryptanalysis time: 27.81 s
md5_loweralpha#1-7_0_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 36.22 s verifying the file... searching for 24 hashes... plaintext of d1cbedff31b828ac2f15548357988073 is nashien plaintext of c94630fe9dea660ba53ddf5d3a41e802 is herc plaintext of 73e405227c02a626e66f0dc4dd3a53a3 is hayati cryptanalysis time: 79.63 s md5_loweralpha#1-7_1_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.86 s verifying the file... searching for 21 hashes... plaintext of 2e19ab163556288cf239f5339927e408 is nunung plaintext of dcb76da384ae3028d6aa9b2ebcea01c9 is sayang cryptanalysis time: 73.33 s md5_loweralpha#1-7_2_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 9.56 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.08 s md5_loweralpha#1-7_3_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.45 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.38 s md5_loweralpha#1-7_4_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 12.00 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.20 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 17.91 s verifying the file... searching for 19 hashes... plaintext of 3fde6bb0541387e4ebdadf7c2ff31123 is 1q2w3e cryptanalysis time: 75.73 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 14.73 s verifying the file... searching for 18 hashes... plaintext of 26f803e714f7d39c0b5a9dd67d03f887 is 8u7y6t cryptanalysis time: 21.09 s
md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 13.91 s verifying the file... searching for 17 hashes... cryptanalysis time: 20.03 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 14.20 s verifying the file... searching for 17 hashes... plaintext of 9486f7a4fdf724cf6cacbdc103661fce is metty77 cryptanalysis time: 19.31 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 14.41 s verifying the file... searching for 16 hashes... plaintext of 9ac17fc47347d505c92e3ca31fee675d is 4Dm1n plaintext of b65a81125dbfaab4a3ecdff26a979309 is Pa55 plaintext of d695f8f703c1b3b0dce9d588a4d4abad is UN1k0M plaintext of 75003783871e9404cd0793ca81594841 is G0D$ plaintext of 464b59d944c93b6a5eb3dfd0abf15114 is c(%H2n plaintext of d740ee7f1cd46b3d536a6f4331a4c77f is *$^#&3 plaintext of 13781c244d5bb85a296bcbe4ac7992f7 is h@xX0r cryptanalysis time: 33.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 12.95 s verifying the file... searching for 9 hashes... plaintext of 0248750eb423b999bd684b10668f7241 is iMoeTh plaintext of e63d33d7ad4b4360f761634de070a860 is w_Bu5H plaintext of 4e3d682f0821b23f6d49fa1ac2cf154a is R@54In cryptanalysis time: 3.86 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 12.92 s verifying the file... searching for 6 hashes... plaintext of 78c5d5ed7ea4372435e9f006b29ea745 is !Q@W#E plaintext of a9684b0defabebc108720fda1627f43d is 1!q^YW cryptanalysis time: 2.36 s

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.
Vuz Dở Hơi
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.
Vuz Dở Hơi
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?
Vahid Saffarian
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 

More Related Content

What's hot

Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?
Vahid Saffarian
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 

What's hot (20)

Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Network security
Network securityNetwork security
Network security
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Footprinting
FootprintingFootprinting
Footprinting
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
Network Security
Network SecurityNetwork Security
Network Security
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 

Similar to Rainbow Tables

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
CODE BLUE
 
Cram
CramCram
Cram
JamesBonfield
 
Filippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropyFilippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropy
PacSecJP
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
OWASP
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
Nemanja Nikodijević
 
Neo4j after 1 year in production
Neo4j after 1 year in productionNeo4j after 1 year in production
Neo4j after 1 year in production
Andrew Nikishaev
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
Sergey Gordeychik
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
Saumil Shah
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
Rémi Dubois
 
Cryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptxCryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptx
AngeloChangcoco
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacks
Alexandre Moneger
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
Yurii Bilyk
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)
Douglas Chen
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
NoSuchCon
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
Christopher Allen
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problems
Tier1 app
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 

Similar to Rainbow Tables (20)

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Cram
CramCram
Cram
 
Filippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropyFilippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropy
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
Neo4j after 1 year in production
Neo4j after 1 year in productionNeo4j after 1 year in production
Neo4j after 1 year in production
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
Cryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptxCryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptx
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacks
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problems
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
 
A Life of breakpoint
A Life of breakpointA Life of breakpoint
A Life of breakpoint
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

Rainbow Tables

  • 1. Jakarta , December 12th 2009 Rainbow Tables Testing Passwords Security
  • 2. About me PanggiLibersaa.k.amalcoder Student at Indonesia’s Computer University Like to take picture  Almost get his CEH certification ( waiting for exam) Member of GNU/Linux User Group at Bandung [ Klub Linux Bandung ] Small web hosting owner [ hostinggokil.com , ofirnetwork.com (in progress) ] Web : malcoder.infoandopensecuritylab.org Find me : @panggimalcoder panggi_y2k panggi.libersapanggipanggi
  • 3. “Some things Man was never meant to know. For everything else, there's Google” Geeky Quote
  • 4.
  • 5.
  • 7. How to keep it secret ? Don’t tell to anybody else , keep it in mind (personal) Store the password records on a secure environment (provider)
  • 8.
  • 9. Reversible encryption with key (ex : poly alphabetic substitution cipher)
  • 10. One Way Hash ( ex : md5 , sha1 )
  • 11.
  • 12. Decode : ciphertext -> cleartextcleartext : panggi ciphertext : cGFuZ2dp encode ciphertext : cGFuZ2dp decode cleartext : panggi
  • 13.
  • 14. Usage :Key: ABCDEF AB CDEFA BCD EFABCDEFABCD Plaintext: CRYPTOIS SHORT FOR CRYPTOGRAPHY Ciphertext: CSASXTIT UKSWT GQU GWYQVRKWAQJB
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. This password is null-padded to 14 bytes.
  • 21. The “fixed-length” password is split into two 7-byte halves.
  • 22. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a parity-bit after every seven bits. This generates the 64 bits needed for the DES key.
  • 23. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
  • 24.
  • 26. 3EABC00C9F7B74B09A0F5D12D8F612D0 (LEFT side of LM password , it means the password is more than 7 chars)
  • 27.
  • 28. Brute force Using all possible combination in sequence Example : Targeted hash : 4a8a08f09d37b73795649038408b5f33 OK.. Crack it .. a = 0cc175b9c0f1b6a831c399e269772661 <= no b = 92eb5ffee6ae2fec3ad71c777531578f <= no c = 4a8a08f09d37b73795649038408b5f33 <= yes Result : Plaintext of 4a8a08f09d37b73795649038408b5f33 is “c”
  • 29. Dictionary Given the wordlist of common passwords Example : Targetted hash : 3858f62230ac3c915f300c664312c63f dic-crack3858f62230ac3c915f300c664312c63f- L “path-of-wordlist/wordlist.txt” searching…. … fooa <= 72b55c624205d69cc145cc610880e1f9 <= no foobar <= 3858f62230ac3c915f300c664312c63f <= yes …
  • 30. Rainbow Tables ? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible (http://en.wikipedia.org/wiki/Rainbow_tables)
  • 31.
  • 32. English please… Lookup table ? Trade-memory tradeoff ? <=?
  • 33. Time for the Demo Example : md5_hash.txt 20392298d6b78e0890cd22a7bf071c49 c9122fd7bae0681b62a39ddfc1c7fb19 469590a45cc7f985b53d15113157e6ea 31c9febeeb68929cd6c097239cf3e9d3 2e19ab163556288cf239f5339927e408 dcb76da384ae3028d6aa9b2ebcea01c9 d1cbedff31b828ac2f15548357988073 c94630fe9dea660ba53ddf5d3a41e802 73e405227c02a626e66f0dc4dd3a53a3 9486f7a4fdf724cf6cacbdc103661fce 26f803e714f7d39c0b5a9dd67d03f887 0248750eb423b999bd684b10668f7241 9ac17fc47347d505c92e3ca31fee675d b65a81125dbfaab4a3ecdff26a979309 3fde6bb0541387e4ebdadf7c2ff31123 d695f8f703c1b3b0dce9d588a4d4abad 86acaeb6d0f7241ea54b73528fa204ca 78c5d5ed7ea4372435e9f006b29ea745 75003783871e9404cd0793ca81594841 e63d33d7ad4b4360f761634de070a860 a9684b0defabebc108720fda1627f43d b150e73aa5fc110c27320c98effcc0f1 464b59d944c93b6a5eb3dfd0abf15114 4e3d682f0821b23f6d49fa1ac2cf154a d740ee7f1cd46b3d536a6f4331a4c77f 13781c244d5bb85a296bcbe4ac7992f7 bcdc908a16dbfe1297b4b0891ccf9ed7 10f97476043d02db1a236b877232c0a6 d81bf97286c617c77b679478ce8b72b2 7279f67e313cc35e518f94c775a42196
  • 34. Result D:ashcrack>rcrack d:d5_tables.rt -l md5_hash.txt md5_alpha#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 9.99 s verifying the file... searching for 30 hashes... plaintext of 20392298d6b78e0890cd22a7bf071c49 is PANGGI plaintext of c9122fd7bae0681b62a39ddfc1c7fb19 is LOVE plaintext of 469590a45cc7f985b53d15113157e6ea is MUSTIKA cryptanalysis time: 377.34 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 73.13 s verifying the file... searching for 27 hashes... plaintext of 31c9febeeb68929cd6c097239cf3e9d3 is P4ST1 plaintext of d81bf97286c617c77b679478ce8b72b2 is 050479 cryptanalysis time: 102.56 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 60.70 s verifying the file... searching for 25 hashes... plaintext of 10f97476043d02db1a236b877232c0a6 is 7201421 cryptanalysis time: 28.19 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 68.28 s verifying the file... searching for 24 hashes... cryptanalysis time: 28.24 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 67.72 s verifying the file... searching for 24 hashes... cryptanalysis time: 27.81 s
  • 35. md5_loweralpha#1-7_0_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 36.22 s verifying the file... searching for 24 hashes... plaintext of d1cbedff31b828ac2f15548357988073 is nashien plaintext of c94630fe9dea660ba53ddf5d3a41e802 is herc plaintext of 73e405227c02a626e66f0dc4dd3a53a3 is hayati cryptanalysis time: 79.63 s md5_loweralpha#1-7_1_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.86 s verifying the file... searching for 21 hashes... plaintext of 2e19ab163556288cf239f5339927e408 is nunung plaintext of dcb76da384ae3028d6aa9b2ebcea01c9 is sayang cryptanalysis time: 73.33 s md5_loweralpha#1-7_2_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 9.56 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.08 s md5_loweralpha#1-7_3_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.45 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.38 s md5_loweralpha#1-7_4_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 12.00 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.20 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 17.91 s verifying the file... searching for 19 hashes... plaintext of 3fde6bb0541387e4ebdadf7c2ff31123 is 1q2w3e cryptanalysis time: 75.73 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 14.73 s verifying the file... searching for 18 hashes... plaintext of 26f803e714f7d39c0b5a9dd67d03f887 is 8u7y6t cryptanalysis time: 21.09 s
  • 36. md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 13.91 s verifying the file... searching for 17 hashes... cryptanalysis time: 20.03 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 14.20 s verifying the file... searching for 17 hashes... plaintext of 9486f7a4fdf724cf6cacbdc103661fce is metty77 cryptanalysis time: 19.31 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 14.41 s verifying the file... searching for 16 hashes... plaintext of 9ac17fc47347d505c92e3ca31fee675d is 4Dm1n plaintext of b65a81125dbfaab4a3ecdff26a979309 is Pa55 plaintext of d695f8f703c1b3b0dce9d588a4d4abad is UN1k0M plaintext of 75003783871e9404cd0793ca81594841 is G0D$ plaintext of 464b59d944c93b6a5eb3dfd0abf15114 is c(%H2n plaintext of d740ee7f1cd46b3d536a6f4331a4c77f is *$^#&3 plaintext of 13781c244d5bb85a296bcbe4ac7992f7 is h@xX0r cryptanalysis time: 33.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 12.95 s verifying the file... searching for 9 hashes... plaintext of 0248750eb423b999bd684b10668f7241 is iMoeTh plaintext of e63d33d7ad4b4360f761634de070a860 is w_Bu5H plaintext of 4e3d682f0821b23f6d49fa1ac2cf154a is R@54In cryptanalysis time: 3.86 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 12.92 s verifying the file... searching for 6 hashes... plaintext of 78c5d5ed7ea4372435e9f006b29ea745 is !Q@W#E plaintext of a9684b0defabebc108720fda1627f43d is 1!q^YW cryptanalysis time: 2.36 s
  • 37. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 18.03 s verifying the file... searching for 4 hashes... plaintext of 86acaeb6d0f7241ea54b73528fa204ca is 5TR0n6 cryptanalysis time: 1.78 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 12.38 s verifying the file... searching for 3 hashes... cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#005.rt: 640000000 bytes read, disk access time: 12.41 s verifying the file... searching for 3 hashes... plaintext of b150e73aa5fc110c27320c98effcc0f1 is p@N66i cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#006.rt: 640000000 bytes read, disk access time: 12.44 s verifying the file... searching for 2 hashes... cryptanalysis time: 0.94 s md5_numeric#1-9_0_3000x3000000_panggi#000.rt: 48000000 bytes read, disk access time: 0.72 s verifying the file... searching for 2 hashes... plaintext of bcdc908a16dbfe1297b4b0891ccf9ed7 is 29041987 plaintext of 7279f67e313cc35e518f94c775a42196 is 776284123 cryptanalysis time: 23.86 s statistics ------------------------------------------------------- plaintext found: 30 of 30 (100.00%) total disk access time: 499.91 s total cryptanalysis time: 1129.94 s total chain walk step: 453610884 total false alarm: 853120 total chain walk step due to false alarm: 675710917
  • 38. result ------------------------------------------------------- 20392298d6b78e0890cd22a7bf071c49 PANGGI hex:50414e474749 c9122fd7bae0681b62a39ddfc1c7fb19 LOVE hex:4c4f5645 469590a45cc7f985b53d15113157e6ea MUSTIKA hex:4d555354494b41 31c9febeeb68929cd6c097239cf3e9d3 P4ST1 hex:5034535431 2e19ab163556288cf239f5339927e408 nunung hex:6e756e756e67 dcb76da384ae3028d6aa9b2ebcea01c9 sayang hex:736179616e67 d1cbedff31b828ac2f15548357988073 nashien hex:6e61736869656e c94630fe9dea660ba53ddf5d3a41e802 herc hex:68657263 73e405227c02a626e66f0dc4dd3a53a3 hayati hex:686179617469 9486f7a4fdf724cf6cacbdc103661fce metty77 hex:6d657474793737 26f803e714f7d39c0b5a9dd67d03f887 8u7y6t hex:387537793674 0248750eb423b999bd684b10668f7241 iMoeTh hex:694d6f655468 9ac17fc47347d505c92e3ca31fee675d 4Dm1n hex:34446d316e b65a81125dbfaab4a3ecdff26a979309 Pa55 hex:50613535 3fde6bb0541387e4ebdadf7c2ff31123 1q2w3e hex:317132773365 d695f8f703c1b3b0dce9d588a4d4abad UN1k0M hex:554e316b304d 86acaeb6d0f7241ea54b73528fa204ca 5TR0n6 hex:355452306e36 78c5d5ed7ea4372435e9f006b29ea745 !Q@W#E hex:215140572345 75003783871e9404cd0793ca81594841 G0D$ hex:47304424 e63d33d7ad4b4360f761634de070a860 w_Bu5H hex:775f42753548 a9684b0defabebc108720fda1627f43d 1!q^YW hex:3121715e5957 b150e73aa5fc110c27320c98effcc0f1 p@N66i hex:70404e363669 464b59d944c93b6a5eb3dfd0abf15114 c(%H2n hex:63282548326e 4e3d682f0821b23f6d49fa1ac2cf154a R@54In hex:52403534496e d740ee7f1cd46b3d536a6f4331a4c77f *$^#&3 hex:2a245e232633 13781c244d5bb85a296bcbe4ac7992f7 h@xX0r hex:684078583072 bcdc908a16dbfe1297b4b0891ccf9ed7 29041987 hex:3239303431393837 10f97476043d02db1a236b877232c0a6 7201421 hex:37323031343231 d81bf97286c617c77b679478ce8b72b2 050479 hex:303530343739 7279f67e313cc35e518f94c775a42196 776284123 hex:373736323834313233 D:ashcrack>
  • 39. Mr. @ialexs‘s request (pass : maLam1) K:ainbowashcrack>rcrack k:ainbowd5_tablesd5_mixalpha-numeric*.rt -h 7d 62eaa2e2a3da203573dc408d31cd0d md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 40.91 s verifying the file... searching for 1 hash... cryptanalysis time: 3.41 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 45.14 s verifying the file... searching for 1 hash... cryptanalysis time: 0.45 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 47.19 s verifying the file... searching for 1 hash... cryptanalysis time: 0.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 45.22 s verifying the file... searching for 1 hash... cryptanalysis time: 0.44 s
  • 40. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 46.28 s verifying the file... searching for 1 hash... plaintext of 7d62eaa2e2a3da203573dc408d31cd0d is maLam1 cryptanalysis time: 0.22 s statistics ------------------------------------------------------- plaintext found: 1 of 1 (100.00%) total disk access time: 224.73 s  See the time..  total cryptanalysis time: 4.98 s total chain walk step: 2876401 total false alarm: 2252 total chain walk step due to false alarm: 1882084 result ------------------------------------------------------- 7d62eaa2e2a3da203573dc408d31cd0d maLam1 hex:6d614c616d31 K:ainbowashcrack>
  • 41. Windows Password (LM) Dump it first K:wdump7>PwDump7.exe > pass_win.txt Pwdump v7.1 - raw password extractor Author: Andres TarascoAcuna url: http://www.514.es K:wdump7>
  • 42. pass_win.txt ( $ sign is censored by me ) Administrator:500:NO PASSWORD*********************:95C735766$$$$$$$$EAC22EC$$$$18CF::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: __vmware_user__:1011:NO PASSWORD*********************:2E4D88$$$$$$$$$$$$701F71FD7F63B9::: apache2triad:1013:A215FD4C479AAEC8$$$$$$$$$$465971:6B93A1E44490938$$$$$$$$$$E4C4D63::: okay:1014:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: HelpAssistant:1015:F681E43E4269$$$$$$3D27C551$$$$$$:32EB$$$$$$159997D$$$$$$1EC24BA2A::: percobaan:1016:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: crack it
  • 44. How to secure it ? MD5 Use salted password ( not naked ) Example : <?function enchsetenev($toencode,$times){    $salt = 's+(_a*';    for($zo=0;$zo<$times;$zo=$zo+1)    {        $toencode = hash('sha512',salt.$toencode);        $toencode = md5($toencode.$salt);    }    return $toencode;} ?>how to use it ?simply.. <?$password="this password is super ultra mega secure and no one would decrypt it for atleast 10 years.. or even alot more :)";$supersecurepassword=enchsetenev($password,1000);  ?>
  • 45. LM Hash percobaan:1016:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: Use at least 15 characters and Windows will change it’s algorithm to more secure one ( NTLM )