search

Rainbow Crackalack

hashtag
Cracking NTLM - methodology

If the database of NTLM password hashes for a Windows domain were obtained, the optimal strategy would be:

  1. Use hashcat to brute-force all 1-7 character passwords (this can be done quickly).

  2. Use hashcat to crack passwords based on rules (variable time).

  3. Use rainbow tables to break complex 8-character passwords (a few hours).

  4. Use rainbow tables to break complex 9-character passwords (a few days).

While brute-forcing 8-character passwords is very much possible with hashcat, it is inefficient to do so for smaller numbers of hashes:

As shown in the graph above, on a machine with a single NVIDIA RTX 2070 GPU, hashcat takes roughly 75 hours to brute-force one hundred 8-character NTLM passwords, whereas the Rainbow Crackalack software (with the NTLM-8 tables) achieves a 93% success rate in an hour and a half!

The following graph shows the cracking times for 9-character NTLM hashes:

hashtag
Rainbow Crackalack Download

The source code for table generation and lookup is available on Githubarrow-up-right. Pre-compiled executables for Windows are available as wellarrow-up-right.

NTLM 8-character tables can be downloaded for free via BitTorrentarrow-up-right. These are 93% effective and are 486 GB in size.

NTLM 9-character tables can also be downloaded for free via BitTorrentarrow-up-right. These are 50% effective and are 6.7 TB in size.

hashtag
Generate NTLM 8 lenght

LogoGitHub - jtesta/rainbowcrackalack: Rainbow table generation & lookup tools. Make Rainbow Tables Great Again!GitHubchevron-right

hashtag
Crack NTLM

hashtag
OPHCrack

It's also interesting during the cracking process passing the hashes through OPHCrack.

Generate: LM:NT => LOAD

hashtag
Sources

List of Rainbow Tablesproject-rainbowcrack.comchevron-right
LogoRainbow Crackalack: Make Rainbow Tables Great Againwww.rainbowcrackalack.comchevron-right
LogoOphcrackophcrack.sourceforge.iochevron-right

PreviousTipsNextStatic Code Analysis

Last updated