SecurityXploded.com
SecurityTrainings
Mailing List Join us on Google+ Twitter facebook RSS Feeds
Recover Windows Passwords Using Rainbow Crack - www.SecurityXploded.com
 
 
Recover Windows Passwords Using Rainbow Crack
 
 
 
See Also
 
 
 
About Rainbow Crack
Gone are the days when we have to wait for the days together to recover the Windows account password. Thanks to the rainbow crack technology, now we can crack the passwords in few seconds with 100% success rate.

This Rainbow cracking technology works on simple concept. Instead of computing the hashes for each password dynamically and comparing with the correct one during cracking, password hashes are computed in advance for all character sets. These hashes are then stored in datasets called rainbow tables.

So cracking involves just comparing the current password hash with the pre computed hashes within the rainbow tables and get the associated plain text password. Hence it takes very less time compared to the traditional method of brute force cracking. Setting up the rainbow table for various character sets is just one time activity and may take days or months based on the character set and speed of the machine. Once the rainbow tables are ready, you can feed the password hash to it and get your password cracked in seconds.
rainbow crack
 
 
 
Recovering Windows Account Password
In order to recover your Windows user password, first you have to get the LM hash for the target user account. This can be done in many ways. You can use any of the tools such as pwdump, cain&abel or LC5. You need to have administrator privileges to dump the hashes using these tools. If you have lost administrator password itself, then you can boot the system using BackTrack live cd or Windows restore CD and then copy the SAM & SYSTEM hive files (which is located in c:\windows\system32\config folder. Note that your system drive may be different). Next feed these files to Cain & Abel tool to get the LM hashes for the target account.
Here is the screenshot of retrieving LM hash for users using the Cain&Abel tool
LM Hash from Cain_Abel
Once you have collected the LM password hash, you can start the password cracking operation using the rcrack tool (part of the RainbowCrack Project) with the rainbow tables that you have already created for certain character sets.
 
Note that with Vista onwards Windows no longer stores LM hashes (unless under certain configurations)  as it was susceptible to easy brute force cracking. In such cases, you can as well use the NTLM hash to recover password with RainbowCrack.
 
Ideally setting up the rainbow tables takes huge amount of disk space and lot of computing time to generate the tables. Hence its not practical for anyone to create such an setup on the home system.
 
 
 
Online Rainbow Cracking
To make the game eaiser,  lot of websites ( including free as well as commericial ) offer free online rainbow cracking service. These organizations have setup huge database of rainbow tables for all keysets on their high end machines which makes the cracking possible in few seconds. Also these services offer password cracking for different type of hashes such as LM, NTLM, SHA, MD5 etc.

For FREE services you may have to wait for some time based on the load and incoming requests. However you may also look for commercial services for quick results at smaller cost.
 
If you are an organization who needs this kind of password recovery service frequently then you can consider buying precomputed rainbow tables for reasonable price and perform the password cracking operation using rcrack tool.
If you find good online hash cracker links let us know, we will update it here.
Now you don't have to wait for days together with half hope to get back your lost password :)
 
 
 
References
  1. RainbowCrack: Fast method of recovering Windows password. 
  2. pwdump: Tool to dump hashes of Windows user accounts.
  3. Cain & Abel: Multi purpose security tool.  
  4. BackTrack Live CD : Linux live CD distribution for Pentesting.
  5. LC5 : Tool to dump hashes and recover passwords for windows users.
 
 
 
See Also