Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Hashing Word List

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    5

    Question Hashing Word List

    Hello,

    Would someone please remind me of the name of the program used to take a list of words and hashes them into a table to be used in one of the password crackers like LC5, Cain, etc? I’ve got plenty of hash table creators that will build a table from a row of characters but I need to use it for a list of words. I really can not remember the name.


    Thanks again!


    Tony

  2. #2
    Hmmm, was the program called John The Ripper?
    The access to the computer or
    anything else that shows us how the
    world works must be total and
    unlimited.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Rainbow tables?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    You could try this http://www.rainbowcrack-online.com/ and you won't have need
    to create rainbow tables by yourself.
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  5. #5
    Junior Member
    Join Date
    Feb 2006
    Posts
    5
    Hello,

    Well, the program I was trying to think of was Winrtgen that comes with Cain but after looking it over it doesn't allow selecting a text file, it is like the others I saw where you select a dropdown menu and select one of the choices from a list of characters to build the table.

    I had read somewhere a while back that you could take a text file and run this app against it to build a table but I am now assuming that means Winrtgen uses the text file that is laid out in a certain format as the text file to which they were referring.

    I really thought there was a way to take a dictionary file and create a hash table. I wonder if you could take the entire text list of passwords and just encrypt the whole thing, if that would work??

    I’m also going to check out a few of the ones suggested, I should get lucky on one of these.

    Thanks everyone for your help!!

    Tony

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Sigh... Read about Rainbow tables as mentioned above..

    What rainbow tables do, in a nutshell, is take a list of passwords (all the possible variations) and calculate the hashes from that.. It now has a list of all possible hashes, it then compares those with the hashes found on a system. The speed improvement is in the fact you can pre-calculate all the possible hashes, store them and reuse it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Junior Member
    Join Date
    Feb 2006
    Posts
    5
    Thanks for the reply!

    I've read up on the tables already, maybe I'm missing something. What I was hoping to do is actually take the real list of user's passwords that I am extracting and run something to make a rainbow table from that list. I know the other tables may eventually find the passwords with the coompiled hashes but I was shotting for creating a hash table that had the exact passwords to which I am trying to crack already in the table and there would be no need for other hashes since I have the list. Then if there are password changes or new users LC5 would then use the next table in the list.

    I tried placing the passwords in the dictionary list but that didn't help, I'm assuming that was because LC5 didn't look at the word as a whole but as each letter.

    Hopefully I'm not too far off base, I may have not understood the documents but I pulled a lot of it from security courses I've taken. The way I understood, pre-computed hashes were originally created by hashing a dictionary and indexing it to inhance the speed, which would make all the words in hashed form to compare against the password hashes...

    If not, then it's back to school for me...:P

    Thx again!

    Tony

  8. #8
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    T_Stark:

    As far as I'm concerned, you are right, I see nothing for winrtgen that takes an input file to generate hashes on a predetermined password list.

    In a quick Google, I found nothing for windows that stood out to do the task you have specified.

    You could probably write your own script on Unix and generate the password/hash combinations.

    SirDice: I haven't seen any functionality with the rainbow tables to generate a limited set of the charset. EG from a pass dictionary.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by T_Stark
    I've read up on the tables already, maybe I'm missing something. What I was hoping to do is actually take the real list of user's passwords that I am extracting and run something to make a rainbow table from that list.
    Read it again as you clearly misunderstood what rainbow tables are. You create tables for every password possible. So that includes anything and everything, any user can think of..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Tony,

    Firstly, let me state quite categorically that I am no expert in this area, but, given my limited understanding, it seems you are confusting two concepts.

    1. A dictionary cracker............this has text entries (words) and probably well known default passwords, even if they are not proper language.

    2. A brute force cracker...........rainbow tables are an advanced form of this. Here you calculate (or in the case of rainbow tables, pre-calculate) all possible combinations of characters within the set you have defined.

    You appear to be trying to go diagonally across these two concepts?

    I think that you might be looking for a dictionary cracker and how to load a specific dictionary? but I might well be wrong...........can you clarify a bit please?



    Oh! and if you are trying to do what I think you are...............don't, it is a total waste of time. You must educate your users in what are secure passwords, NOT criticise them for having weak ones. That will just p1$$ them off

    You then need to implement a process that validates their passwords in accordance with your security model. BEFORE they can use them to gain access.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •