Practical 7.1 Rainbow Tables

This time we will be trying out a rainbow table; it is used to find out what the password is to an account or file...... BUT BE WARNED!!!!! I WILL NOT BE LIABLE IF U USE WHAT U HAVE LEARNT HERE FOR BAD INTENTIONS!!!!! With that out of the way>>>> Now, 1st you need to get your rainbow table software....... So go to ophcrack.sourceforge.net to download your ophcrack rainbow(if the URL mentioned above is invalid, try going to a search engine & search for "Ophcrack"), and remember to download the correct version of Ophcrack for your OS, if you are using Windows, download the Windows version & not MAC or others.....

Ok----------- After you download the correct version, locate the file on your computer and run it. (In this case, I will be using the Windows version)



Proceed with your setup until you have reached the page as shown in the screenshot above. You can choose to download all(but it will take quite long), if you want or you can just choose to "download and install" the "tables" that correspond to your version of Windows...... In this case I will be "downloading and installing" the "small Windows XP tables". Then just continue on with the setup with default choices.

After you have successfully installed your Ophcrack, locate it and run it. After running the program click on the Tables icon-this will lead you to a page similar to the screenshot shown below.However the status of all your "Tables" should be not installed, so to activate a "Table", click on the "Table" that you have downloaded and click on the "Install" button at the bottom of the page.... After that, the red circle beside your chosen "Table" should turn green, this will indicate that you are ready to continue, just click on the OK button to proceed on>>>>>>

After clicking on the OK button, it should bring you back to the homescreen.... & now your activated table should appear at the bottom half of your page as shown in the screenshot below-highlighted by the red line........

Now.... you will need a dummy hash value to test out your rainbow table..... To get your dummy hash value, go to www.objectif-securite.ch/en/products.php , when you have reached the webpage, scroll all the way down until you see something similar to the screenshot shown below....

In the input box beside the "password:" enter any password you want, in this case I will be using '12345' as my dummy password; after entering your dummy password click on the submit password button>> a single line of letters and numbers should appear just below the "password:" input box-that, is your hash value. Copy that and return to your Ophcrack program....

Now, click on the Load icon in your Ophcrack program to review a list of choices, from this list choose the Single hash option. A new window will appear, paste your hash value there as shown in the next screenshot>>>>>>

Now... just simply click OK and let the program run :)

In a few seconds your password will appear as shown in the screenshot below; highlighted by the red lines..... However, how long the program takes to crack your password depends on the complexity of your password, if your password is as simple as '12345' as in the case of this example, it only takes a few seconds.....

So......... feel free to test how powerful your password by using a similar password,,,, remember do not enter your actual password I won't be responsible if your password is leaked because of this arhs.............



REFLECTIONS!!!!!!!!!

Rainbow Table attacks work by obtaining a hash value and deciphering the password from the hash value through a similar method to brute force attacks....

Three characteristics of a strong password are:

1.Not make up of words that can be found in dictionaries.

2.Should not be easy for people to think of when they think of you.

3.Should be made up of letters, numbers and or special characters such as ":~!@#$%^&*;?<>".