In today's detailed article we are going to discuss about how we can use 'Rainbow Table' to crack password hashes easily on our Kali Linux system. We also learn the use of RainbowCrack tool. RainbowCrack is really faster like Barry Allen.
What is Rainbow Table?
Rainbow table is a pre-computed table for caching the output of cryptographic hash functions, mainly for cracking password hashes. Rainbow table was invented by Philippe Oechslin.
We know that our passwords are stored on a website or WiFi. There is isn't stored as a plain text. The stored passwords are hashed in various methods like LM, NTLM, MD5, SHA1 etc. This type of encryption is one-way encryption, that means we can encrypt it from a plaintext but we can't decrypt it in a plaintext from it's hash.
Then how brute-force attack works?
Well, as we know brute-force uses a list of passwords. In the brute-force it creates a hash of a password and match it hash with the target hash (if they are same or not). It did same process for the all passwords one by one in the list. That's why this attack is very time consuming and computer resource consuming also, but brute-force didn't uses much storage as compared to rainbow tables.
Rainbow table works on the principle of time-memory trade-off, using less computer processing time and more storage than a brute-force attack. Rainbow crack is much faster then brute-force. For more about rainbow table works we can check this. For the computer with low processing power rainbow table is batter is than brute-force.
We can create a rainbow table at once and use it, or we can download rainbow tables from internet. There are some types of rainbow tables depending on type of hashes, characters and length of password.
For an example a rainbow table is for SHA1 and uses all lowercase (a,b,c...z) and for password length 1 to 7, will be different from a rainbow table for SHA1, lowercase password with length of 1 to 9.
We can see or download (free and paid) rainbow tables on this website.
Here rainbow tables are divided by hashing algorithms (LM, NTLM, MD5, SHA1), charset (numeric, lowercase etc), length of the password (in plaintext). We can download rainbow tables from this website or we can create our own rainbow tables as per our own requirements. Here we should keep in mind that rainbow tables are large (from 20GB -- more than TB).
Creating own Rainbow Table using RainbowCrack
We can create our own rainbow table by using 'RainbowCrack' tool. This tool comes pre-installed on our Kali Linux system.
Creation of rainbow table takes much time and storage space on system, but after creating a table we are able to use it to crack passwords faster every time.
For an example we are going to create a rainbow table to crack a MD5 password which have plaintext length 4 and using only lowercase alphabets.
To do this we need to open our Kali Linux terminal window and use rtgen command. rtgen stands for rainbow table generation.
First we run it with -h to see the options as following:
Then the help menu of rtgen will open in front of us, as we can see in the following screenshot:
On the above screenshot we can see how to use rtgen with some example.
To generate a rainbow table for a MD5 hash of a 4 plaintext length (containing only alphabets) we use following command:
In the above command rtgen md5 is for generating rainbow table for MD5 hash, we have set it for lowercase alphabets only by using loweralpha. Then 1 is for minimum length of plaintext password and 4 is for maximum. Then we use left everything default. 0 for table index, chain length & chain number set to 1000, part index is 0.
Then our rainbow table will be generated as we can see in the following screenshot:
This is a small rainbow table so generated in seconds |
We can see the used character set, plaintext count and plaintext length on the above screenshot.
This rainbow table will be stored in /usr/share/rainbowcrack directory.
Cracking Hashes using RainbowCrack
Now we can use this rainbow table to crack four (4) characters password's MD5 hash.
Here we have a md5 hash which have 4 characters plaintext length in lowercase.
d6ca3fd0c3a3b462ff2b83436dda495e
We are going to crack it using our created rainbow table. Before that we need to sort our rainbow table by using the following command:
Then the rainbow table will be sorted as we can see in the following screenshot:
Now we can use RainbowCrack tool to crack the password hash. to crack it we use following command:Here we call rcrack aka RainbowCrack to crack the hash, then use used -h flag for hash, then we use the password hash to crack.
Then it will crack the password in seconds as we can see it on the following screenshot:
We also can use a hash list stored in a txt file. Here we have a hash.txt file on our Desktop.To crack all hashes inside it, we use -l flag for list, as shown in following command:
Then RainbowCrack will crack the the hashes in seconds as we can see in the following:
This is about rainbow tables and how to crack passwords using RainbowCrack on our Kali Linux system.
This is not ends here. We are giving a practice task.
Create a md5 rainbow table for 6 characters plaintext password (lowercase only) and crack hashes of this file.
Share the screenshot of the practice on Twitter and mention us @KaliLinux_in or comment down in the comment section.
Love our article? then make sure to follow us on Twitter and GitHub, we post article updates there.
For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
To join our family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity.