WEBVTT

0
00:02.600 --> 00:09.440
In this lecture I'll show you how to generate your own rainbow tables and how to try to crack hashes

1
00:09.530 --> 00:18.290
using the generated tables. We'll use a program called RainbowCrack that includes tools for both generating

2
00:18.350 --> 00:28.010
rainbow tables and cracking them. Let's install rainbow crack on Kali Linux: apt update &&

3
00:28.010 --> 00:31.100
apt install rainbow crack.

4
00:42.050 --> 00:43.040
It was installed.

5
00:43.940 --> 00:51.320
If you use another distribution like Ubuntu, Linux Mint or even Windows you have to download the program

6
00:51.530 --> 00:56.130
from its official Web site. In Linux

7
00:56.140 --> 01:02.110
you just download the archive that already contains the executable tools.

8
01:02.110 --> 01:07.620
Then all you need to do is to set the execution permission on those tools.

9
01:09.090 --> 01:18.140
The tool used to generate the tables is called rtgen.

10
01:18.310 --> 01:24.520
This is its usage and these are the hash algorithms that are implemented.

11
01:26.410 --> 01:29.540
You can see a lot of options and I'll try to explain

12
01:29.560 --> 01:35.950
each option as I write it. So rtgen the command

13
01:36.140 --> 01:38.870
then comes the hash algorithm.

14
01:38.900 --> 01:48.130
This is the first option and represents the hash algorithm that we want the rainbow tables to use.

15
01:48.140 --> 01:56.990
You can see a list of available algorithms under hash algorithms implemented section in the return output

16
01:57.140 --> 01:57.800
of

17
01:57.800 --> 02:11.230
rtgen command. In this example we'll use sha256. The next option is charset. It represents the set of

18
02:11.230 --> 02:19.530
characters of the plaintext string used to generate the hashes for the rainbow tables.

19
02:19.570 --> 02:27.590
You can see all available charsets in a file called charset.txt  in /usr/share

20
02:27.650 --> 02:32.450
/rainbowcrack directory. In this file

21
02:40.350 --> 02:49.920
it can be numeric, alpha, alphanumeric and so on. In this example I'll choose  loweralpha.

22
02:52.800 --> 02:54.160
Plaintext length

23
02:54.180 --> 03:02.610
minimum is the next option and represents the minimum characters in each clear text password. And I write

24
03:02.620 --> 03:05.440
1; plaintext length

25
03:05.440 --> 03:13.550
maximum is the next option and represents the maximum number of characters in each word, for which will

26
03:13.550 --> 03:21.280
calculate the hash. I'll write only 3 because I don't want to wait too long to generate the tables

27
03:21.640 --> 03:26.160
but if you have enough time available you should choose a larger value.

28
03:26.230 --> 03:33.880
Take care  that if you choose a value too large you'll have to wait days, weeks or months for the operation

29
03:33.880 --> 03:42.750
to finish. The next parameters is rainbow table index and this is usually set to zero.

30
03:42.870 --> 03:51.570
This parameter will select the reduction function which is a math formula that trims the number of combinations

31
03:51.600 --> 03:56.950
by removing combinations that are incredibly unlikely to be used.

32
03:57.090 --> 04:05.280
By doing so it lowers computational time with the flip side that there is a tiny possibility that it

33
04:05.280 --> 04:07.050
will skip the combination

34
04:07.050 --> 04:15.280
we are looking for. The next option is  rainbow chain length and is the length of each table and the

35
04:15.280 --> 04:21.220
large of this number is the more plaintext are hashed and store in the table.

36
04:21.400 --> 04:23.590
I write 2400.

37
04:26.890 --> 04:36.100
The next option is chain num or rainbow chain count and is the number of rainbow chains to generate.

38
04:36.100 --> 04:46.670
I'll write 100000. And the last option is part index or file title suffix. This is used

39
04:46.670 --> 04:54.940
for rainbow tables which are to be linked with each other to prevent duplicating.

40
04:55.140 --> 05:00.950
Usually it's set to zero. Before generating a table

41
05:00.980 --> 05:08.390
it is a good idea to check and see an approximation of the amount of time the table is going to take

42
05:08.390 --> 05:11.270
to generate. To do so

43
05:11.280 --> 05:19.590
you use the "-bench" argument at the end of the arguments excluding the last three arguments, like

44
05:19.600 --> 05:19.920
this:

45
05:25.700 --> 05:26.930
-bench

46
05:33.210 --> 05:34.170
and we are awaiting

47
05:37.140 --> 05:44.620
in this example it will calculate 4.39 million hashes per second.

48
05:44.680 --> 05:51.310
It will not actually create any rainbow tables, just determine how fast you can generate table entries.

49
05:52.490 --> 05:55.020
Let's generate the rainbow table!

50
05:55.020 --> 06:02.370
I'm hitting the enter key. The generation process usually takes an incredibly long time.

51
06:02.390 --> 06:10.640
What you can do is to generate sets of rainbow tables on multiple computers. Sets of rainbow tables are just

52
06:10.640 --> 06:13.390
rainbow tables based on each other.

53
06:13.430 --> 06:21.770
For example instead of generating a rainbow table of 100 gigabytes you could generate 100 files of 1

54
06:21.770 --> 06:23.090
gigabyte.

55
06:23.090 --> 06:29.750
This is done by having indexes on the tables. In this example

56
06:29.770 --> 06:36.490
this will be a very small rainbow table because the maximum password length is 3.

57
06:36.550 --> 06:45.470
It's just an example to see how it really works. And it takes approximately one minute; it's done.

58
06:45.490 --> 06:53.660
The rainbow table file or files are stored in /usr/share/rainbowcrack/ directory,

59
06:53.920 --> 07:02.230
no matter the directory where you've executed the command from. This is at least applicable to Kali Linux

60
07:02.240 --> 07:08.580
when installing rainbow crack using apt. This is the rainbow table file

61
07:08.650 --> 07:15.210
we've just generated. The next step is to sort it; to do that

62
07:15.220 --> 07:22.000
I'll use a tool called "rtsort" that belongs to the Rainbow crack package as well.

63
07:23.040 --> 07:29.840
I'm executing artsort and the directory that contains the table as its argument.

64
07:30.310 --> 07:32.510
/usr/share/

65
07:32.570 --> 07:32.990
rainbowcrack/

66
07:38.410 --> 07:39.880
It has been sorted.

67
07:39.880 --> 07:46.600
Note that the argument is the directory that contains the table files, not the file or the files.

68
07:47.810 --> 07:55.380
Now we can try to crack a hash using rcrack, another tool that is part of rainbowcrack.

69
07:55.400 --> 08:00.280
Let’s see the hash of any 3 lower alpha characters

70
08:00.280 --> 08:01.120
word.

71
08:01.520 --> 08:09.050
Using this online tool I'll calculate the sha256  of: xav


72
08:12.060 --> 08:15.700
You can choose any characters you like.

73
08:15.720 --> 08:20.700
This is the hash and I am copying it to the clipboard.

74
08:20.700 --> 08:27.340
Now back to Kali I am executing arcrack, the path to the rainbow file,

75
08:32.100 --> 08:40.190
this is the directory that contains the file, -h and the hash and I am pasting it.

76
08:45.640 --> 08:46.390
Perfect.

77
08:46.480 --> 08:48.610
The hash has been cracked.

78
08:48.760 --> 08:55.250
The clear text password that gives that hash is xav.

79
08:55.320 --> 08:55.970
Thank you!

80
08:55.980 --> 08:58.430
That's all! In the next lecture

81
08:58.530 --> 09:05.050
I'll talk about the countermeasures you could take to mitigate the risk of cracking passwords

82
09:05.060 --> 09:07.770
hashes using rainbow tables.