Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Using schmoo rainbow tables with rcrack
From: "Victor Chapela" <victor () sm4rt com>
Date: Fri, 31 Mar 2006 20:37:51 -0600

Hi,

The problem you have is based on the fact that you are trying to break 2 Lan
Manager hashes, not one. Remember that Lan Manager splits passwords into two
independent hashes and then sticks them together. You can do two things: use
the pwdump format in which as an extra bonus rcrack will break the lowercase
letters by bruteforcing the NTLM hash (only after it breaks both hashes) or
you can use the hash list (-l) or individual hashes (-h) by separating your
hashes into two separate ones. For example, the hash for the word "password"
would be E52CAC67419A9A224A3B108F3FA6CB6D where E52CAC67419A9A22 would be
broken into "passwor" and 4A3B108F3FA6CB6D into "d".

You can use "rcrack alpha/*rt -h E52CAC67419A9A22" to break the first half.

Good luck,
Victor

-----Original Message-----
From: Per √ėyvind Thorsheim [mailto:putilutt () online no] 
Sent: March 31, 2006 9:35 AM
To: 'Ghirai'; pen-test () securityfocus com
Subject: SV: Using schmoo rainbow tables with rcrack

I've got the same problem with all the shmoo charsets (yes, 
i've downloaded them all), and i have also tested them with 
Cain & Abel (www.oxid.it), also there without success.

Any clues would be much appreciated.

Regards,
Per

-----Opprinnelig melding-----
Fra: Ghirai [mailto:ghirai () ghirai com]
Sendt: 31. mars 2006 11:49
Til: pen-test () securityfocus com
Emne: Using schmoo rainbow tables with rcrack

Hello,

I downloaded the schmoo rainbow tables, and wanted to perform a few 
tests on my local machine, but rcrack gives me an error 
when i try the 
alpha charset:

D:\Rainbow Tables\LM\lm_alpha>rcrack.exe *.rt -h 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
lm_alpha#1-7_0_2100x8000000_all.rt:
this table contains hashes with length 8 only

lm_alpha#1-7_1_2100x8000000_all.rt:
this table contains hashes with length 8 only

lm_alpha#1-7_2_2100x8000000_all.rt:
this table contains hashes with length 8 only

lm_alpha#1-7_3_2100x8000000_all.rt:
this table contains hashes with length 8 only

lm_alpha#1-7_4_2100x8000000_all.rt:
this table contains hashes with length 8 only

Anyone used the schmoo RTs, and know how to use them properly?

Thanks.

--
Best regards,
Ghirai.


--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to 
proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security 
penetration testing and vulnerability management needs. You have an 
option to go with a managed service (Cenzic ClickToSecure) or an 
enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you 
to confirm 
your results from other product. Contact us at request () cenzic com
--------------------------------------------------------------
----------------




--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you 
need to proactively protect your applications from hackers. 
Cenzic has the most comprehensive solutions to meet your 
application security penetration testing and vulnerability 
management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to 
confirm your results from other product. Contact us at 
request () cenzic com
--------------------------------------------------------------
----------------




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]