Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: freerainbowtables.com

  1. #21
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Oh and for the skiddies like me - speaking on the whosthere - life is a tad eaiser now. Well for the professionals anyway.

    http://seclists.org/pen-test/2008/Mar/0005.html
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  2. #22
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    I'm sorry, but I have to agree with Nokia here. I believe there are more uses to this than you say nihil. There is the real possibility of knowing someone who forgot a password to windows who may have had important data in their Documents folder or whatnot that is locked behind that username. There is also the possibility of them wanting to know their passwords that they have forgotten, and this is not a felony if it is their computer and you have permission. Having rainbow tables for LM hashes is simply convenient. Even if you are only using it for legal purposes.

  3. #23
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Quote Originally Posted by metguru
    ..... Even if you are only using it for legal purposes.
    I'm glad that I raised the EFS topic in the first place. Of course, many software tools can be used for legal or illegal purposes - inbuilt utilities like telnet have been used to penetrate systems in the past (yes, I know that this is well known now).

    As an analogy, what if I have been to a hardware store to buy a large kitchen knife? I have to carry it home and could be stopped by the police. Yes, I might use it to murder someone but my actual intention is to prepare a meal for friends.

  4. #24
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Metguru - this is in response to you. To all the readers, be advised this is in NO way agreeing with Nihil - in fact I believe he should apologize to the OP for his most *U*N*P*R*O*F*E*S*S*I*O*N*A*L* response...but anyway to the topic:

    Re: password resets for windows - this can be done by a simple removal of the 'password' jumper on the motherboard, fully unlocking both system and operating system for all to use as administrator, allowing for deletion of the old unknown password, shutdown, replacement of said jumper, and reboot to set a new password (if the forgetful (l)user wants another one). It's quite a simple procedure really, taking all of 3 minutes time and has made me a lot of $$ in the past from forgetful clients.

    In all my time teching, I never once had to mess with rainbow tables - but I got to know them out of sheer curiosity. In the article archives on this very site (unless they've been deleted) there are posts regarding how to get into them and edit them - you might have to dig quite a bit though...

    Luck to yas!
    |ce
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  5. #25
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    HI Ice,

    Resetting the jumper on the MoBo will only reset the CMOS setting, hence the BIOS password and possibly any hard drive level password that needs to be entered before the BIOS can hand over to the OS, depending on the chip-set. It won't reset any Windows passwords, such as the admin account etc as it is physically impossible. (not sure if I am misreading your post though but you seem to be implying this.... apologies if I've misread it)

    There are a multitude of third party tools that will reset a windows password, usually involving booting to a live CD or a DOS prompt - however if something like EFS is in use this will then render every encrypted file useless, unless the proviso's mentioned above can be used - if EFS is used then the way forward is to recover the passwords and usually the only way to do that is to crack it - the best way to crack it is by using rainbow tables.

    (My company often gets employed by SME's to recover a forgotten local admin password that is in use on multiple non-domain work stations - it would be pretty expensive to reset each and every one, but by cracking one admin account, all local admin accounts become accessible that use the same password)

    Pen testers use rainbow tables extensively - as do malicious users - but this can be said about almost anything I suppose.
    Last edited by Nokia; March 16th, 2008 at 06:57 PM.

  6. #26
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Ah yes - forgot about my xp live disk that I used to use to do winblows passes. Thanks for the correction Nokia.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  7. #27
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by |3lack|ce
    Re: password resets for windows - this can be done by a simple removal of the 'password' jumper on the motherboard, fully unlocking both system and operating system for all to use as administrator, allowing for deletion of the old unknown password, shutdown, replacement of said jumper, and reboot to set a new password (if the forgetful (l)user wants another one). It's quite a simple procedure really, taking all of 3 minutes time and has made me a lot of $$ in the past from forgetful clients.

    Luck to yas!
    |ce
    Yes, I know about password resets. My point was that there is the possibility of the need to know the password.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •