Skip main navigation

Crack a Password Using a Rainbow Table: Part 2

This video will show some exercises, now that we have covered how to generate a rainbow table. Zanidd will also use a brute force attack to compare.
6.9
So with this rainbow table, you’re going to crack a couple of passwords.
15.6
In the repository, you will find a directory called rainbow.
30
If you go into the rainbow directory, you will find three files. One is called Example, one is called Passwords Brute and one is called Passwords Rainbow.
41.9
You will use brute force attacks for the Passwords Brute file and the rainbow type of attack for the Passwords Rainbow file. Each of these file contains the same MD5 hashes, and each of them contains 10 of them.
63.8
So let me show you an example. The password I’m going to crack is 1234. The rainbow tables we created can be found at /usr/share/rainbowcrack/. Here, you can see I’ve created a couple more, but I think all you need for this exercise is this one, which we created together.
125
Now I’m going to show you how to crack a list of hashes. You enter sudo rcrack, then select the path with all your rainbow tables - in this case, it’s /usr/share/rainbowcrack/ -l, and then followed by the file with the list of the hashes.
164.2
But before we can do that, we have to sort the rainbow tables. We can do this with sudo rtsort and the path to the directory containing the tables.
197.5
As you can see, I was not lucky enough to find it. But maybe.
216.8
I went so far as to create 20 rainbow table files.
228.8
You can do this by changing this number and increment it one more. For example, from 19 to 20. So I executed this command 20 time, one time with zero, then with one, then with two, and so forth.
259.6
Then I sorted the tables with rtsort and the path to the tables.
273.1
So let’s see if this is enough to crack our example password.
283.9
Apparently, this was not enough.
291.1
So apparently, the current version of rcrack that we’re using in this Kali machine has some issues with MD5 hash lists. So what we can do alternatively is pass it the hash directly in the command line. In this example, I used the same command as before, but I changed the - l to a - h, and followed it by the MD5 hash of the password 123. And as you can see, it found it very quickly.
337.5
Now, what can you do now with this information?
351.1
You can open the hashes for the rainbow attack in a text document and execute this command with the hashes from the document by copying and pasting them to the command line argument. And the first one is 1234. So now go ahead, copy and paste these hashes and try to crack them all. So now you can go ahead and crack all of the passwords. And that’s all for the section on rainbow table attacks. In the next section, we’re going to take a look at the downside of passwords. I will teach you about other vulnerabilities and negative aspects of passwords that you might want to consider. I hope to see you there.

This video will show some exercises, now that we have covered how to generate a rainbow table.

Once you go into the rainbow directory, we will use a brute force attack and a rainbow attack, in order for you to compare the techniques.

Over to you: Having seen an example of both a brute force attack and a rainbow attack, what would you describe as the main differences between the two techniques?

Preparing for Test of the Week

Now that you completed the content steps for this week, you are ready for the test of the week!

The following test is going to assess your understanding of what you have learned within this past week of the course.

Remember, you do not have to take the test until you’re ready. To help you prepare, you might wish to spend some time refreshing your understanding of the contents of the past week.

You may wish to reflect on the Learning Outcomes introduced at the beginning of the week and make sure you are comfortable that you have met the requirements of each. Take some time to review your learning to help you prepare.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education