Would someone please remind me of the name of the program used to take a list of words and hashes them into a table to be used in one of the password crackers like LC5, Cain, etc? Iíve got plenty of hash table creators that will build a table from a row of characters but I need to use it for a list of words. I really can not remember the name.
Well, the program I was trying to think of was Winrtgen that comes with Cain but after looking it over it doesn't allow selecting a text file, it is like the others I saw where you select a dropdown menu and select one of the choices from a list of characters to build the table.
I had read somewhere a while back that you could take a text file and run this app against it to build a table but I am now assuming that means Winrtgen uses the text file that is laid out in a certain format as the text file to which they were referring.
I really thought there was a way to take a dictionary file and create a hash table. I wonder if you could take the entire text list of passwords and just encrypt the whole thing, if that would work??
Iím also going to check out a few of the ones suggested, I should get lucky on one of these.
Thanks everyone for your help!!
February 17th, 2006, 09:48 AM
Sigh... Read about Rainbow tables as mentioned above..
What rainbow tables do, in a nutshell, is take a list of passwords (all the possible variations) and calculate the hashes from that.. It now has a list of all possible hashes, it then compares those with the hashes found on a system. The speed improvement is in the fact you can pre-calculate all the possible hashes, store them and reuse it.
February 20th, 2006, 06:31 PM
Thanks for the reply!
I've read up on the tables already, maybe I'm missing something. What I was hoping to do is actually take the real list of user's passwords that I am extracting and run something to make a rainbow table from that list. I know the other tables may eventually find the passwords with the coompiled hashes but I was shotting for creating a hash table that had the exact passwords to which I am trying to crack already in the table and there would be no need for other hashes since I have the list. Then if there are password changes or new users LC5 would then use the next table in the list.
I tried placing the passwords in the dictionary list but that didn't help, I'm assuming that was because LC5 didn't look at the word as a whole but as each letter.
Hopefully I'm not too far off base, I may have not understood the documents but I pulled a lot of it from security courses I've taken. The way I understood, pre-computed hashes were originally created by hashing a dictionary and indexing it to inhance the speed, which would make all the words in hashed form to compare against the password hashes...
If not, then it's back to school for me...:P
February 21st, 2006, 01:02 AM
As far as I'm concerned, you are right, I see nothing for winrtgen that takes an input file to generate hashes on a predetermined password list.
In a quick Google, I found nothing for windows that stood out to do the task you have specified.
You could probably write your own script on Unix and generate the password/hash combinations.
SirDice: I haven't seen any functionality with the rainbow tables to generate a limited set of the charset. EG from a pass dictionary.
February 21st, 2006, 09:22 AM
Originally posted here by T_Stark I've read up on the tables already, maybe I'm missing something. What I was hoping to do is actually take the real list of user's passwords that I am extracting and run something to make a rainbow table from that list.
Read it again as you clearly misunderstood what rainbow tables are. You create tables for every password possible. So that includes anything and everything, any user can think of..
February 21st, 2006, 09:44 AM
Firstly, let me state quite categorically that I am no expert in this area, but, given my limited understanding, it seems you are confusting two concepts.
1. A dictionary cracker............this has text entries (words) and probably well known default passwords, even if they are not proper language.
2. A brute force cracker...........rainbow tables are an advanced form of this. Here you calculate (or in the case of rainbow tables, pre-calculate) all possible combinations of characters within the set you have defined.
You appear to be trying to go diagonally across these two concepts?
I think that you might be looking for a dictionary cracker and how to load a specific dictionary? but I might well be wrong...........can you clarify a bit please?
Oh! and if you are trying to do what I think you are...............don't, it is a total waste of time. You must educate your users in what are secure passwords, NOT criticise them for having weak ones. That will just p1$$ them off ;)
You then need to implement a process that validates their passwords in accordance with your security model. BEFORE they can use them to gain access.