The technology that is used to break Windows passwords is called Rainbow table.
A rough way to describe this technique is to say that tables of possible hashes are precomputed so that you can iteratively compare
the windows hashes to precomputed bits and piece together the hash and its value more quickly than brute-force guessing.
Being able to break security doesnt make you a hacker anymore than being able to hotwire cars makes you an automotive engineer
-Eric Raymond
Rainbow table:.
A rainbow table is a lookup table offering a time-memory tradeoff used in recovering
the plaintext password from a password hash generated by a hash function, often a cryptographic hash function.A common application is to make attacks
against hashed passwords feasible.A salt is often employed with hashed passwords to make this attack more difficult, often infeasible
To understand how rainbow tables work, you first have to understand how passwords are stored on computers, whether on your own desktop, or on a remote web server somewhere.
Passwords are never stored in plaintext.
At least they shouldn't be, unless you're building the world's most insecure system using the world's most native programmers. Instead, passwords are stored as the output of a hash function. Hashes are one-way operations. Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone.
But it is possible to attack the hashed value of your password using rainbow tables: enormous, pre-computed hash values for every possible combination of characters. An attacking PC could certainly calculate all these hashes on the fly, but taking advantage of a massive table of pre-computed hash values enables the attack to proceed several orders of magnitude faster-- assuming the attacking machine has enough RAM to store the entire table (or at least most of it) in memory. It's a classic time-memory tradeoff, exactly the sort of cheating shortcut you'd expect a black hat attacker to take.
It takes a long time to generate these massive rainbow tables, but once they're out there, every attacking computer can leverage those tables to make their attacks on hashed passwords that much more potent. The smallest rainbow table available is the basic alphanumeric one, and even it is 388 megabyt
Hash function
A hash function is any well-defined procedure or mathematical function which converts a large, possibly variable-sized amount of data
into a small datum, usually a single integer that may serve as an index into an array. The values returned by a hash function are called
hash values, hash codes, hash sums, or simply hashes.
Hash functions are mostly used to speed up table lookup or data comparison tasks such as finding items in a database,
detecting duplicated or similar records in a large file, finding similar stretches in DNA sequences, and so on.Hash functions are
related to (and often confused with) checksums, check digits, fingerprints, randomization functions, error correcting codes,
and cryptographic hash functions. Although these concepts overlap to some extent, each has its own uses and requirements.
Download the FreeRainbowTables.com list of cracked passwords
Rainbow Crack
Gone are the days when we have to wait for the days together to recover the Windows account password.
Thanks to the rainbow crack technology, now you can crack the passwords in
few seconds with 100% success rate.
This Rainbow cracking technology works on simple concept. Instead of computing the LM hashes dynamically during cracking,
hashes are computed in advanced for all character sets. These hashes are then stored in rainbow tables.
So cracking involves just comparing the pre computed hashes with the LM hash for the account to be cracked.
Hence it takes very less time compared to traditional method of brute force cracking.
Setting up the rainbow table for various character sets is just one time activity and may take days or months based on
the character set and speed of the machine. Once the rainbow tables are ready,
you can feed your LM hashes to it and get your password cracked in seconds.
Recovering LM Hash
In order to recover your Windows user password, you have to get the LM hash for the target account. This can be done in many ways. If you have another administrator user account on the same machine then you can login with it and dump the LM hash for other account using pwdump tool. Other way is to boot using BackTrack live cd or Windows restore CD and then copy the SAM & SYSTEM hive files (which is located in c:\windows\system32\config folder. Note that your system drive may be different). Next feed these files to Cain & Abel tool to get the LM hashes for the target account.
Download new hashes
Recovering Windows Password
Now you have LM hash and have setup the rainbow tables, you can start cracking operation using the 'rcrack' tool that comes with
RainbowCrack utility pack. If you don't have enough disk space or cannot wait for months together to setup rainbow tables
then you need not have to worry.
There are lot of websites which offer free as well as commercial online rainbow cracking.
Using free service, you have to wait at most for a day as there will be lot of requests in the queue.
However you can get the job done quickly by paying small amount. If you are large organization which involves periodic
password recovery process, then you can think of buying those rainbow tables.
Here are the few websites which offer free/commercial online rainbow cracking.
https://www.astalavista.net
http://plain-text.info
Hope this article has enlightened you. I will keep adding to this page. So keep visiting this page for more.
References
1. RainbowCrack: Fast method of recovering Windows password.
2. pwdump: Tool to dump hashes of Windows user accounts.
3. Cain & Abel: Multi purpose security tool.
4. BackTrack Live CD : Linux live CD distribution for Pentesting.
5. Online Rainbow Cracking : Online rainbow cracking service from Astalavista.
6. The multi-platform password cracker Ophcrack is incredibly fast * BEST