Introduction We have all heard of rainbow tables, which will be used to crack passwords and hashes. In this tutorial we will learn how to crack md5 hashes using rainbow tables. Tools u should have These are the tools u should have inorder to utilize this tutorial. Rainbow table generator - 'Winrtgen' comes with cain and abel cain and abel - get it from www.oxid.it Of course u must have some md5 hashes to crack. All are freewares, so you won't face problem in getting these tools. Creating rainbow tables Rainbow tables can be created for various kind of hashes. e.g lm,fastlm,nt,md5 etc. Here we are going to stick with md5 hashes alone. MD5 hashes MD5 hashes will be seen in sql databases. If u crack a site with SQL injection you will be shown with the username and md5 hashed password, for e.g 'admin:bc8f87a21501ae15a48d77a91513c3a7'. So one has to crack or decrpyt the md5 hashes to enter into that site. Creating rainbow tables I have a set of hashes whose passwords are 4-6 in length. All are numeric passwords. So i will explain how to create rainbow tables for this type of passwords. open the Winrtgen tool. click add table A dialog box will appear showing the settings. Explanation of the settings hash : type of the hash u wish to crack (in our case its md5) MinLen: minimum length of the password (4) Max Len: Maximum lenght of the password (6) Index : Keep it as zero always. ChainLen: It will tel u the success probability. And it plays a major role in the amount of time needed to create the table. For passwords with greater length the chain length should be a little larger. In our case chain length of 2 is enough. We will get 100% success probability with that. Chaincount: 40000000 No of tables: 1 Keep the above two in its default values. The picture below shows the setting for our case. Click ok in the table generator to create the table. Wait for it to complete. It will take a little extra time than it is showing in the benchmark. The time is for arranging the tables. It will do some kind of internal processing. Cryptanalysis Attack After creating the tables we are going to start the cryptanalysis attack of an md5 hash using the tables. open cain and abel. Load the hashes in the md5 screen under the cracker tab. These are some of the example hashes, which I will be using in this tutorial Code: 315ff5049c0634d7d8195d2a1d1cf0df - 021465 b139e104214a08ae3f2ebcce149cdf6e - 1924 2467d3744600858cc9026d5ac6005305 - 232323 286c9c72ce04c511e8b4ed91e1fa9a24 - 071678 1aa4396d4fd1f977d93a8a579d6a4167 - 71032 3941c4358616274ac2436eacf67fae05 - 8319 For adding the hashes click the button with ‘+’ symbol or goto file menu and select ‘Add to list’ or use Insert key. All the loaded hashes are within 4-6 in length. For cracking it, either select the hashes one by one or you can even select all. Right click the hash and select ‘Cryptanalysis Attack via Rainbow Tables’ In the dialog box appearing Click Add table and select the table which we created in the previous step. Click ‘start’ to perform the attack. Results In the picture(1), See the ‘Max cryptanalysis time’ . The cracking will take a little longer than that. It also depends on how speed your computer is. After few seconds, the result is shown like this, Code: Hash:286c9c72ce04c511e8b4ed91e1fa9a24 Plain:071678 (Hex:303731363738) Hash:1aa4396d4fd1f977d93a8a579d6a4167 Plain:71032 (Hex:3731303332) Hash:3941c4358616274ac2436eacf67fae05 Plain:8319 (Hex:38333139) Hash:79cef9cc5c842ee39e164009c7554da2 Plain:98304 (Hex:3938333034) Hash:315ff5049c0634d7d8195d2a1d1cf0df Plain:021465 (Hex:303231343635) Hash:b139e104214a08ae3f2ebcce149cdf6e Plain:1924 (Hex:31393234) Hash:2467d3744600858cc9026d5ac6005305 Plain:232323 (Hex:32333233323) That is it. The cryptanalysis attack has been performed and the hashes are cracked. This shows the power and capability of rainbow tables attack. If we have tables we can possibly crack any hashes within minutes. NOTE: Since these hashes are very small in length, even a brute force attack will reveal the plain texts. But I used rainbow tables for the purpose of simplicity and portability. U can create your own tables with the character set you need. Custom character set is also possible. For example you are watching a person who is typing his password, you are having an eye on his keyboard moves. If you are sure that he uses only numeric and symbols for his password. You can start cracking the hashes (if u get it by some means) by creating the tables with symbols and numbers alone. FAQ’s Cain and abel setup is caught by my antivirus! Yes, it is a password cracking utility. So your antivirus will block it. It may even quarantine it. So before installing disable the antivirus. After installing it too, cain.exe will be blocked by the AV, so disable the antivirus till you use that program. I don’t have any md5 hashes to test. Where can I get it? Open cain.exe and look for hash calculator, if u can’t find it use the shortcut ‘alt+c’. Type in anything and give calculate. You will be given with various hashes. Copy the md5 alone to test. You may ask why md5? There is lot of hashes! Yes there is lot of hashes, but when u hack a site with SQL injection or some other thing, you will get an md5 hashed password. That is why I am particular about md5. DISCLAIMER: This tutorial is for education purposes only; I do not encourage you to hack any site. If you do something and get caught you are solely responsible for what you have done.