SlideShare ist ein Scribd-Unternehmen logo

Rainbow Tables

Als PPTX, PDF herunterladen
Panggi Libersa
Panggi Libersa

My Presentation at Barcamp ID in Jakarta 12 th Dec 2009 [revised]

Technologie
1 von 36
Jakarta , December 12th 2009 Rainbow Tables Testing Passwords Security
About me PanggiLibersaa.k.amalcoder Student at Indonesia’s Computer University Like to take picture  Almost get his CEH certification ( waiting for exam) Member of GNU/Linux User Group at Bandung [ Klub Linux Bandung ] Small web hosting owner [ hostinggokil.com , ofirnetwork.com (in progress) ] Web : malcoder.infoandopensecuritylab.org Find me : @panggimalcoder panggi_y2k panggi.libersapanggipanggi
“Some things Man was never meant to know. For everything else, there's Google” Geeky Quote
Why Do I talk about this ? Awareness of Security ,[object Object]
Haven’t met anyone that isn’t surprised at the power of this stuff’s ability to make cracking password become so easy,[object Object]
Password Usage
How to keep it secret ? Don’t tell to anybody else , keep it in mind (personal) Store the password records on a secure environment (provider)
Type of storing password Cleartext (ex : this-is-so-secret , 260987) Encrypted ,[object Object]
Reversible encryption with key (ex : poly alphabetic substitution cipher)
One Way Hash ( ex : md5 , sha1 )
One Way Hash with salt ( ex : md5 + salt ),[object Object]
Decode : ciphertext -> cleartextcleartext : panggi ciphertext : cGFuZ2dp encode ciphertext : cGFuZ2dp decode cleartext : panggi
Polyalphabetic substitution cipher ,[object Object]
Usage :Key: ABCDEF AB CDEFA BCD EFABCDEFABCD Plaintext: CRYPTOIS SHORT FOR CRYPTOGRAPHY Ciphertext: CSASXTIT UKSWT GQU GWYQVRKWAQJB
[object Object]
CAN NOT BE DECODED , feel secured ? Wait ,[object Object]
Our Focus Today Cracking One Way Hash Cipher ,[object Object]
LM (LAN MANAGER) for MS Windows Password,[object Object]
LM : ,[object Object]
This password is null-padded to 14 bytes.
The “fixed-length” password is split into two 7-byte halves.
These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a parity-bit after every seven bits. This generates the 64 bits needed for the DES key.
Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.,[object Object]
1016 = ID
3EABC00C9F7B74B09A0F5D12D8F612D0 (LEFT side of LM password , it means the password is more than 7 chars)
34976BC196DADD52A6D02AE530F806C3 (RIGHT side of LM pass , so we just have to crack 7 chars and fit it together  ),[object Object]
Brute force Using all possible combination in sequence Example : Targeted hash : 4a8a08f09d37b73795649038408b5f33 OK.. Crack it .. a = 0cc175b9c0f1b6a831c399e269772661 <= no b = 92eb5ffee6ae2fec3ad71c777531578f <= no c = 4a8a08f09d37b73795649038408b5f33 <= yes Result : Plaintext of 4a8a08f09d37b73795649038408b5f33 is “c”
Dictionary Given the wordlist of common passwords Example : Targetted hash : 3858f62230ac3c915f300c664312c63f dic-crack3858f62230ac3c915f300c664312c63f- L “path-of-wordlist/wordlist.txt” searching…. … fooa <= 72b55c624205d69cc145cc610880e1f9 <= no foobar <= 3858f62230ac3c915f300c664312c63f <= yes …
Rainbow Tables ? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible (http://en.wikipedia.org/wiki/Rainbow_tables)
English please… Lookup table ? Trade-memory tradeoff ? <=?
Time for the Demo Example : md5_hash.txt 20392298d6b78e0890cd22a7bf071c49 c9122fd7bae0681b62a39ddfc1c7fb19 469590a45cc7f985b53d15113157e6ea 31c9febeeb68929cd6c097239cf3e9d3 2e19ab163556288cf239f5339927e408 dcb76da384ae3028d6aa9b2ebcea01c9 d1cbedff31b828ac2f15548357988073 c94630fe9dea660ba53ddf5d3a41e802 73e405227c02a626e66f0dc4dd3a53a3 9486f7a4fdf724cf6cacbdc103661fce 26f803e714f7d39c0b5a9dd67d03f887 0248750eb423b999bd684b10668f7241 9ac17fc47347d505c92e3ca31fee675d b65a81125dbfaab4a3ecdff26a979309 3fde6bb0541387e4ebdadf7c2ff31123 d695f8f703c1b3b0dce9d588a4d4abad 86acaeb6d0f7241ea54b73528fa204ca 78c5d5ed7ea4372435e9f006b29ea745 75003783871e9404cd0793ca81594841 e63d33d7ad4b4360f761634de070a860 a9684b0defabebc108720fda1627f43d b150e73aa5fc110c27320c98effcc0f1 464b59d944c93b6a5eb3dfd0abf15114 4e3d682f0821b23f6d49fa1ac2cf154a d740ee7f1cd46b3d536a6f4331a4c77f 13781c244d5bb85a296bcbe4ac7992f7 bcdc908a16dbfe1297b4b0891ccf9ed7 10f97476043d02db1a236b877232c0a6 d81bf97286c617c77b679478ce8b72b2 7279f67e313cc35e518f94c775a42196
Result D:ashcrack>rcrack d:d5_tables.rt -l md5_hash.txt md5_alpha#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 9.99 s verifying the file... searching for 30 hashes... plaintext of 20392298d6b78e0890cd22a7bf071c49 is PANGGI plaintext of c9122fd7bae0681b62a39ddfc1c7fb19 is LOVE plaintext of 469590a45cc7f985b53d15113157e6ea is MUSTIKA cryptanalysis time: 377.34 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 73.13 s verifying the file... searching for 27 hashes... plaintext of 31c9febeeb68929cd6c097239cf3e9d3 is P4ST1 plaintext of d81bf97286c617c77b679478ce8b72b2 is 050479 cryptanalysis time: 102.56 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 60.70 s verifying the file... searching for 25 hashes... plaintext of 10f97476043d02db1a236b877232c0a6 is 7201421 cryptanalysis time: 28.19 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 68.28 s verifying the file... searching for 24 hashes... cryptanalysis time: 28.24 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 67.72 s verifying the file... searching for 24 hashes... cryptanalysis time: 27.81 s
md5_loweralpha#1-7_0_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 36.22 s verifying the file... searching for 24 hashes... plaintext of d1cbedff31b828ac2f15548357988073 is nashien plaintext of c94630fe9dea660ba53ddf5d3a41e802 is herc plaintext of 73e405227c02a626e66f0dc4dd3a53a3 is hayati cryptanalysis time: 79.63 s md5_loweralpha#1-7_1_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.86 s verifying the file... searching for 21 hashes... plaintext of 2e19ab163556288cf239f5339927e408 is nunung plaintext of dcb76da384ae3028d6aa9b2ebcea01c9 is sayang cryptanalysis time: 73.33 s md5_loweralpha#1-7_2_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 9.56 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.08 s md5_loweralpha#1-7_3_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.45 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.38 s md5_loweralpha#1-7_4_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 12.00 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.20 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 17.91 s verifying the file... searching for 19 hashes... plaintext of 3fde6bb0541387e4ebdadf7c2ff31123 is 1q2w3e cryptanalysis time: 75.73 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 14.73 s verifying the file... searching for 18 hashes... plaintext of 26f803e714f7d39c0b5a9dd67d03f887 is 8u7y6t cryptanalysis time: 21.09 s
md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 13.91 s verifying the file... searching for 17 hashes... cryptanalysis time: 20.03 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 14.20 s verifying the file... searching for 17 hashes... plaintext of 9486f7a4fdf724cf6cacbdc103661fce is metty77 cryptanalysis time: 19.31 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 14.41 s verifying the file... searching for 16 hashes... plaintext of 9ac17fc47347d505c92e3ca31fee675d is 4Dm1n plaintext of b65a81125dbfaab4a3ecdff26a979309 is Pa55 plaintext of d695f8f703c1b3b0dce9d588a4d4abad is UN1k0M plaintext of 75003783871e9404cd0793ca81594841 is G0D$ plaintext of 464b59d944c93b6a5eb3dfd0abf15114 is c(%H2n plaintext of d740ee7f1cd46b3d536a6f4331a4c77f is *$^#&3 plaintext of 13781c244d5bb85a296bcbe4ac7992f7 is h@xX0r cryptanalysis time: 33.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 12.95 s verifying the file... searching for 9 hashes... plaintext of 0248750eb423b999bd684b10668f7241 is iMoeTh plaintext of e63d33d7ad4b4360f761634de070a860 is w_Bu5H plaintext of 4e3d682f0821b23f6d49fa1ac2cf154a is R@54In cryptanalysis time: 3.86 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 12.92 s verifying the file... searching for 6 hashes... plaintext of 78c5d5ed7ea4372435e9f006b29ea745 is !Q@W#E plaintext of a9684b0defabebc108720fda1627f43d is 1!q^YW cryptanalysis time: 2.36 s

Empfohlen

What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?Vahid Saffarian
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 

Empfohlen

What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?Vahid Saffarian
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipherdaniyalqureshi712
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniquesShubham Jain
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniquesShubham Jain
 
Network security
Network securityNetwork security
Network securitymena kaheel
 

Was ist angesagt? (20)

Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
User authentication
User authenticationUser authentication
User authentication
 
Pgp
PgpPgp
Pgp
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Cryptography
CryptographyCryptography
Cryptography
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipher
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniques
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptography
 
Network security
Network securityNetwork security
Network security
 

Ähnlich wie Rainbow Tables

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Filippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropyFilippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropyPacSecJP
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationOWASP
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
Neo4j after 1 year in production
Neo4j after 1 year in productionNeo4j after 1 year in production
Neo4j after 1 year in productionAndrew Nikishaev
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureSergey Gordeychik
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to DebuggersSaumil Shah
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 MarsRémi Dubois
 
Cryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptxCryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptxAngeloChangcoco
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacksAlexandre Moneger
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)Douglas Chen
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problemsTier1 app
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 

Ähnlich wie Rainbow Tables (20)

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Cram
CramCram
Cram
 
Filippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropyFilippo, Plain simple reality of entropy
Filippo, Plain simple reality of entropy
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
Neo4j after 1 year in production
Neo4j after 1 year in productionNeo4j after 1 year in production
Neo4j after 1 year in production
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
Cryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptxCryptography-Hash-Functions.pptx
Cryptography-Hash-Functions.pptx
 
Practical rsa padding oracle attacks
Practical rsa padding oracle attacksPractical rsa padding oracle attacks
Practical rsa padding oracle attacks
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problems
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
 
A Life of breakpoint
A Life of breakpointA Life of breakpoint
A Life of breakpoint
 

Kürzlich hochgeladen

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Kürzlich hochgeladen (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Rainbow Tables

  • 1. Jakarta , December 12th 2009 Rainbow Tables Testing Passwords Security
  • 2. About me PanggiLibersaa.k.amalcoder Student at Indonesia’s Computer University Like to take picture  Almost get his CEH certification ( waiting for exam) Member of GNU/Linux User Group at Bandung [ Klub Linux Bandung ] Small web hosting owner [ hostinggokil.com , ofirnetwork.com (in progress) ] Web : malcoder.infoandopensecuritylab.org Find me : @panggimalcoder panggi_y2k panggi.libersapanggipanggi
  • 3. “Some things Man was never meant to know. For everything else, there's Google” Geeky Quote
  • 4.
  • 5.
  • 7. How to keep it secret ? Don’t tell to anybody else , keep it in mind (personal) Store the password records on a secure environment (provider)
  • 8.
  • 9. Reversible encryption with key (ex : poly alphabetic substitution cipher)
  • 10. One Way Hash ( ex : md5 , sha1 )
  • 11.
  • 12. Decode : ciphertext -> cleartextcleartext : panggi ciphertext : cGFuZ2dp encode ciphertext : cGFuZ2dp decode cleartext : panggi
  • 13.
  • 14. Usage :Key: ABCDEF AB CDEFA BCD EFABCDEFABCD Plaintext: CRYPTOIS SHORT FOR CRYPTOGRAPHY Ciphertext: CSASXTIT UKSWT GQU GWYQVRKWAQJB
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. This password is null-padded to 14 bytes.
  • 21. The “fixed-length” password is split into two 7-byte halves.
  • 22. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a parity-bit after every seven bits. This generates the 64 bits needed for the DES key.
  • 23. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
  • 24.
  • 26. 3EABC00C9F7B74B09A0F5D12D8F612D0 (LEFT side of LM password , it means the password is more than 7 chars)
  • 27.
  • 28. Brute force Using all possible combination in sequence Example : Targeted hash : 4a8a08f09d37b73795649038408b5f33 OK.. Crack it .. a = 0cc175b9c0f1b6a831c399e269772661 <= no b = 92eb5ffee6ae2fec3ad71c777531578f <= no c = 4a8a08f09d37b73795649038408b5f33 <= yes Result : Plaintext of 4a8a08f09d37b73795649038408b5f33 is “c”
  • 29. Dictionary Given the wordlist of common passwords Example : Targetted hash : 3858f62230ac3c915f300c664312c63f dic-crack3858f62230ac3c915f300c664312c63f- L “path-of-wordlist/wordlist.txt” searching…. … fooa <= 72b55c624205d69cc145cc610880e1f9 <= no foobar <= 3858f62230ac3c915f300c664312c63f <= yes …
  • 30. Rainbow Tables ? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible (http://en.wikipedia.org/wiki/Rainbow_tables)
  • 31.
  • 32. English please… Lookup table ? Trade-memory tradeoff ? <=?
  • 33. Time for the Demo Example : md5_hash.txt 20392298d6b78e0890cd22a7bf071c49 c9122fd7bae0681b62a39ddfc1c7fb19 469590a45cc7f985b53d15113157e6ea 31c9febeeb68929cd6c097239cf3e9d3 2e19ab163556288cf239f5339927e408 dcb76da384ae3028d6aa9b2ebcea01c9 d1cbedff31b828ac2f15548357988073 c94630fe9dea660ba53ddf5d3a41e802 73e405227c02a626e66f0dc4dd3a53a3 9486f7a4fdf724cf6cacbdc103661fce 26f803e714f7d39c0b5a9dd67d03f887 0248750eb423b999bd684b10668f7241 9ac17fc47347d505c92e3ca31fee675d b65a81125dbfaab4a3ecdff26a979309 3fde6bb0541387e4ebdadf7c2ff31123 d695f8f703c1b3b0dce9d588a4d4abad 86acaeb6d0f7241ea54b73528fa204ca 78c5d5ed7ea4372435e9f006b29ea745 75003783871e9404cd0793ca81594841 e63d33d7ad4b4360f761634de070a860 a9684b0defabebc108720fda1627f43d b150e73aa5fc110c27320c98effcc0f1 464b59d944c93b6a5eb3dfd0abf15114 4e3d682f0821b23f6d49fa1ac2cf154a d740ee7f1cd46b3d536a6f4331a4c77f 13781c244d5bb85a296bcbe4ac7992f7 bcdc908a16dbfe1297b4b0891ccf9ed7 10f97476043d02db1a236b877232c0a6 d81bf97286c617c77b679478ce8b72b2 7279f67e313cc35e518f94c775a42196
  • 34. Result D:ashcrack>rcrack d:d5_tables.rt -l md5_hash.txt md5_alpha#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 9.99 s verifying the file... searching for 30 hashes... plaintext of 20392298d6b78e0890cd22a7bf071c49 is PANGGI plaintext of c9122fd7bae0681b62a39ddfc1c7fb19 is LOVE plaintext of 469590a45cc7f985b53d15113157e6ea is MUSTIKA cryptanalysis time: 377.34 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 73.13 s verifying the file... searching for 27 hashes... plaintext of 31c9febeeb68929cd6c097239cf3e9d3 is P4ST1 plaintext of d81bf97286c617c77b679478ce8b72b2 is 050479 cryptanalysis time: 102.56 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 60.70 s verifying the file... searching for 25 hashes... plaintext of 10f97476043d02db1a236b877232c0a6 is 7201421 cryptanalysis time: 28.19 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 68.28 s verifying the file... searching for 24 hashes... cryptanalysis time: 28.24 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 67.72 s verifying the file... searching for 24 hashes... cryptanalysis time: 27.81 s
  • 35. md5_loweralpha#1-7_0_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 36.22 s verifying the file... searching for 24 hashes... plaintext of d1cbedff31b828ac2f15548357988073 is nashien plaintext of c94630fe9dea660ba53ddf5d3a41e802 is herc plaintext of 73e405227c02a626e66f0dc4dd3a53a3 is hayati cryptanalysis time: 79.63 s md5_loweralpha#1-7_1_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.86 s verifying the file... searching for 21 hashes... plaintext of 2e19ab163556288cf239f5339927e408 is nunung plaintext of dcb76da384ae3028d6aa9b2ebcea01c9 is sayang cryptanalysis time: 73.33 s md5_loweralpha#1-7_2_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 9.56 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.08 s md5_loweralpha#1-7_3_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.45 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.38 s md5_loweralpha#1-7_4_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 12.00 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.20 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 17.91 s verifying the file... searching for 19 hashes... plaintext of 3fde6bb0541387e4ebdadf7c2ff31123 is 1q2w3e cryptanalysis time: 75.73 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 14.73 s verifying the file... searching for 18 hashes... plaintext of 26f803e714f7d39c0b5a9dd67d03f887 is 8u7y6t cryptanalysis time: 21.09 s
  • 36. md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 13.91 s verifying the file... searching for 17 hashes... cryptanalysis time: 20.03 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 14.20 s verifying the file... searching for 17 hashes... plaintext of 9486f7a4fdf724cf6cacbdc103661fce is metty77 cryptanalysis time: 19.31 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 14.41 s verifying the file... searching for 16 hashes... plaintext of 9ac17fc47347d505c92e3ca31fee675d is 4Dm1n plaintext of b65a81125dbfaab4a3ecdff26a979309 is Pa55 plaintext of d695f8f703c1b3b0dce9d588a4d4abad is UN1k0M plaintext of 75003783871e9404cd0793ca81594841 is G0D$ plaintext of 464b59d944c93b6a5eb3dfd0abf15114 is c(%H2n plaintext of d740ee7f1cd46b3d536a6f4331a4c77f is *$^#&3 plaintext of 13781c244d5bb85a296bcbe4ac7992f7 is h@xX0r cryptanalysis time: 33.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 12.95 s verifying the file... searching for 9 hashes... plaintext of 0248750eb423b999bd684b10668f7241 is iMoeTh plaintext of e63d33d7ad4b4360f761634de070a860 is w_Bu5H plaintext of 4e3d682f0821b23f6d49fa1ac2cf154a is R@54In cryptanalysis time: 3.86 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 12.92 s verifying the file... searching for 6 hashes... plaintext of 78c5d5ed7ea4372435e9f006b29ea745 is !Q@W#E plaintext of a9684b0defabebc108720fda1627f43d is 1!q^YW cryptanalysis time: 2.36 s
  • 37. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 18.03 s verifying the file... searching for 4 hashes... plaintext of 86acaeb6d0f7241ea54b73528fa204ca is 5TR0n6 cryptanalysis time: 1.78 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 12.38 s verifying the file... searching for 3 hashes... cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#005.rt: 640000000 bytes read, disk access time: 12.41 s verifying the file... searching for 3 hashes... plaintext of b150e73aa5fc110c27320c98effcc0f1 is p@N66i cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#006.rt: 640000000 bytes read, disk access time: 12.44 s verifying the file... searching for 2 hashes... cryptanalysis time: 0.94 s md5_numeric#1-9_0_3000x3000000_panggi#000.rt: 48000000 bytes read, disk access time: 0.72 s verifying the file... searching for 2 hashes... plaintext of bcdc908a16dbfe1297b4b0891ccf9ed7 is 29041987 plaintext of 7279f67e313cc35e518f94c775a42196 is 776284123 cryptanalysis time: 23.86 s statistics ------------------------------------------------------- plaintext found: 30 of 30 (100.00%) total disk access time: 499.91 s total cryptanalysis time: 1129.94 s total chain walk step: 453610884 total false alarm: 853120 total chain walk step due to false alarm: 675710917
  • 38. result ------------------------------------------------------- 20392298d6b78e0890cd22a7bf071c49 PANGGI hex:50414e474749 c9122fd7bae0681b62a39ddfc1c7fb19 LOVE hex:4c4f5645 469590a45cc7f985b53d15113157e6ea MUSTIKA hex:4d555354494b41 31c9febeeb68929cd6c097239cf3e9d3 P4ST1 hex:5034535431 2e19ab163556288cf239f5339927e408 nunung hex:6e756e756e67 dcb76da384ae3028d6aa9b2ebcea01c9 sayang hex:736179616e67 d1cbedff31b828ac2f15548357988073 nashien hex:6e61736869656e c94630fe9dea660ba53ddf5d3a41e802 herc hex:68657263 73e405227c02a626e66f0dc4dd3a53a3 hayati hex:686179617469 9486f7a4fdf724cf6cacbdc103661fce metty77 hex:6d657474793737 26f803e714f7d39c0b5a9dd67d03f887 8u7y6t hex:387537793674 0248750eb423b999bd684b10668f7241 iMoeTh hex:694d6f655468 9ac17fc47347d505c92e3ca31fee675d 4Dm1n hex:34446d316e b65a81125dbfaab4a3ecdff26a979309 Pa55 hex:50613535 3fde6bb0541387e4ebdadf7c2ff31123 1q2w3e hex:317132773365 d695f8f703c1b3b0dce9d588a4d4abad UN1k0M hex:554e316b304d 86acaeb6d0f7241ea54b73528fa204ca 5TR0n6 hex:355452306e36 78c5d5ed7ea4372435e9f006b29ea745 !Q@W#E hex:215140572345 75003783871e9404cd0793ca81594841 G0D$ hex:47304424 e63d33d7ad4b4360f761634de070a860 w_Bu5H hex:775f42753548 a9684b0defabebc108720fda1627f43d 1!q^YW hex:3121715e5957 b150e73aa5fc110c27320c98effcc0f1 p@N66i hex:70404e363669 464b59d944c93b6a5eb3dfd0abf15114 c(%H2n hex:63282548326e 4e3d682f0821b23f6d49fa1ac2cf154a R@54In hex:52403534496e d740ee7f1cd46b3d536a6f4331a4c77f *$^#&3 hex:2a245e232633 13781c244d5bb85a296bcbe4ac7992f7 h@xX0r hex:684078583072 bcdc908a16dbfe1297b4b0891ccf9ed7 29041987 hex:3239303431393837 10f97476043d02db1a236b877232c0a6 7201421 hex:37323031343231 d81bf97286c617c77b679478ce8b72b2 050479 hex:303530343739 7279f67e313cc35e518f94c775a42196 776284123 hex:373736323834313233 D:ashcrack>
  • 39. Mr. @ialexs‘s request (pass : maLam1) K:ainbowashcrack>rcrack k:ainbowd5_tablesd5_mixalpha-numeric*.rt -h 7d 62eaa2e2a3da203573dc408d31cd0d md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 40.91 s verifying the file... searching for 1 hash... cryptanalysis time: 3.41 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 45.14 s verifying the file... searching for 1 hash... cryptanalysis time: 0.45 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 47.19 s verifying the file... searching for 1 hash... cryptanalysis time: 0.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 45.22 s verifying the file... searching for 1 hash... cryptanalysis time: 0.44 s
  • 40. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 46.28 s verifying the file... searching for 1 hash... plaintext of 7d62eaa2e2a3da203573dc408d31cd0d is maLam1 cryptanalysis time: 0.22 s statistics ------------------------------------------------------- plaintext found: 1 of 1 (100.00%) total disk access time: 224.73 s  See the time..  total cryptanalysis time: 4.98 s total chain walk step: 2876401 total false alarm: 2252 total chain walk step due to false alarm: 1882084 result ------------------------------------------------------- 7d62eaa2e2a3da203573dc408d31cd0d maLam1 hex:6d614c616d31 K:ainbowashcrack>
  • 41. Windows Password (LM) Dump it first K:wdump7>PwDump7.exe > pass_win.txt Pwdump v7.1 - raw password extractor Author: Andres TarascoAcuna url: http://www.514.es K:wdump7>
  • 42. pass_win.txt ( $ sign is censored by me ) Administrator:500:NO PASSWORD*********************:95C735766$$$$$$$$EAC22EC$$$$18CF::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: __vmware_user__:1011:NO PASSWORD*********************:2E4D88$$$$$$$$$$$$701F71FD7F63B9::: apache2triad:1013:A215FD4C479AAEC8$$$$$$$$$$465971:6B93A1E44490938$$$$$$$$$$E4C4D63::: okay:1014:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: HelpAssistant:1015:F681E43E4269$$$$$$3D27C551$$$$$$:32EB$$$$$$159997D$$$$$$1EC24BA2A::: percobaan:1016:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: crack it
  • 44. How to secure it ? MD5 Use salted password ( not naked ) Example : <?function enchsetenev($toencode,$times){    $salt = 's+(_a*';    for($zo=0;$zo<$times;$zo=$zo+1)    {        $toencode = hash('sha512',salt.$toencode);        $toencode = md5($toencode.$salt);    }    return $toencode;} ?>how to use it ?simply.. <?$password="this password is super ultra mega secure and no one would decrypt it for atleast 10 years.. or even alot more :)";$supersecurepassword=enchsetenev($password,1000);  ?>
  • 45. LM Hash percobaan:1016:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: Use at least 15 characters and Windows will change it’s algorithm to more secure one ( NTLM )