Scribd
Upload
279 views4 pages

Hash Cracking With Rainbow Tables

The document explains the rcrack program, which uses rainbow tables to lookup the plaintext of user-supplied hashes. It provides details on six similar programs, including command line and GUI options, and notes that rainbow tables must first be sorted and optionally converted. It then gives examples of using rcrack to crack single or multiple hashes, and provides special instructions for cracking LM/NTLM hashes from a pwdump file. Finally, it offers performance tips related to operating system, memory, hard disks, GPUs, and disabling the Windows SuperFetch service.

Uploaded by

SaimonK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
279 views4 pages

Hash Cracking With Rainbow Tables

The document explains the rcrack program, which uses rainbow tables to lookup the plaintext of user-supplied hashes. It provides details on six similar programs, including command line and GUI options, and notes that rainbow tables must first be sorted and optionally converted. It then gives examples of using rcrack to crack single or multiple hashes, and provides special instructions for cracking LM/NTLM hashes from a pwdump file. Finally, it offers performance tips related to operating system, memory, hard disks, GPUs, and disabling the Windows SuperFetch service.

Uploaded by

SaimonK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Hash Cracking with Rainbow Tables

Introduction
This document explains the rcrack program. The rcrack program lookup existing rainbow tables for
the plaintext of user supplied hash.
Six similar programs are available:

Program User Interface GPU Acceleration


rcrack Command Line
rcrack_cuda Command Line NVIDIA CUDA
rcrack_cl Command Line AMD OpenCL
rcrack_gui GUI
rcrack_cuda_gui GUI NVIDIA CUDA
rcrack_cl_gui GUI AMD OpenCL
Command line program is ideal for batch processing, and GUI program is easy to use.
Rainbow tables used by rcrack program must already be sorted with rtsort program, and optionally
converted to .rtc file format with rt2rtc program.

Rainbow Table Lookup with rcrack/rcrack_cuda/rcrack_cl


Program
General Use
Assume rainbow tables are in directory c:\rt.
To crack single hash:
rcrack/rcrack_cuda/rcrack_cl c:\rt\*.* -h fcea920f7412b5da7be0cf42b8c93759
To crack multiple hashes:
rcrack/rcrack_cuda/rcrack_cl c:\rt\*.* -l hash_list_file
In the example above, hash_list_file is a text file with each hash in one line.
To lookup rainbow tables in multiple directories:
rcrack/rcrack_cuda/rcrack_cl c:\rt1\*.* c:\rt2\*.* -l hash_list_file
In the example above, the rcrack/rcrack_cuda/rcrack_cl program will lookup rainbow tables in
c:\rt1 and c:\rt2 directories sequentially.

Special Consideration for LM/NTLM Hash


LM/NTLM hashes are usually saved in text file of pwdump format.
Content of typical pwdump file:
Administrator:500:1c3a2b6d939a1021aad3b435b51404ee:e24106942bf38bcf57a6a4b29016eff6:::
Guest:501:a296c9e4267e9ba9aad3b435b51404ee:9d978dda95e5185bbeda9b3ae00f84b4:::
To load and crack LM hashes from pwdump file:
rcrack/rcrack_cuda/rcrack_cl c:\rt\*.* -f pwdump_file
To load and crack NTLM hashes from pwdump file:
rcrack/rcrack_cuda/rcrack_cl c:\rt\*.* -n pwdump_file

Rainbow Table Lookup with


rcrack_gui/rcrack_cuda_gui/rcrack_cl_gui Program
Step 1: Load the Hashes

Step 2: Specify the Rainbow Tables to be Searched


Select "Search Rainbow Tables..." to search individual rainbow tables.
Select "Search Rainbow Tables in Directory..." to search all rainbow tables in a directory.
Select "Search Rainbow Tables in Profile..." to search rainbow tables in multiple directories.

When rainbow tables are specified, hash cracking will start.

Performance Tips
32-bit Operating System vs. 64-bit Operating System
64-bit operating system is recommended so more than 2 GB memory can be used by application.

Memory Requirement
4 GB memory with 64-bit operating system is recommended. Larger memory always help to
improve performance when searching large rainbow tables.

Hard Disk
Because rainbow table must be loaded from hard disk to memory to look up and some rainbow
table set can be as large as hundreds of GB, hard disk performance becomes a very important factor
to achieve overall good hash cracking performance.
We suggest put rainbow tables in RAID 0 volume with multiple hard disks. Windows operating
system natively support software RAID 0 called "striped volume".
The rcrack program always read data from hard disk sequentially. There is no random access.

Multiple GPUs
RainbowCrack software supports GPU acceleration with CUDA enabled GPUs from NVIDIA and
OpenCL enabled GPUs from AMD.
GPU acceleration with multiple GPUs is supported. To get optimal performance, all GPUs need be
of same model.
If exact model of the GPUs is different, rcrack_cuda[_gui]/rcrack_cl[_gui] program try to balance
the computing load based on core number of each GPU.

The SuperFetch Feature of Windows


SuperFetch is a feature of Windows Vista & Window 7 that allocate many memory to preload those
frequently used applications from hard disk, so further launch of these applications will be faster.
The SuperFetch feature consumes many memory and hard disk bandwidth; both are critical
resources for fast rainbow table lookup.
We suggest disable the SuperFetch service (Computer Management -> Services and Applications ->
Services -> Superfetch) when rcrack program is running.

You might also like