Cain – Rainbow Password Cracking Exercise
Exercise: Cain – Rainbow Table Password Cracking
By: George Starcher, CISSP
Description
This exercise takes you through setting using an open source rainbow table generation program in conjunction with the Cain password recovery program. A rainbow table is pre-computed password has file containing all possible combinations for a selected character set combination. An example would be all possible alpha character passwords up to 8 characters long. Cain is a windows GUI program written by Massimiliano Montoro (Mau). It has the ability to read in various types of password has files such as a Microsoft Windows password list then you may run the dumped hashes against your pre-computed files to recover the passwords in a fraction of the time a normal live brute force attack would take. At the time I was wrapping up this document I found Mau had written a graphical rainbow table generator that even does Pix password hashes. The lesson there is do not keep copies of your network gear configurations in plain text where an attacker can find them.
Objective
The objective of this exercise is to give you experience using a combination of tools to demonstrate the minimal nature of password based protection given proper preparation.
Requirements
Permission This exercise entails the installation of software that allows revealing confidential password information. If you are not the legal owner of the system used for this exercise, you should obtain authorization from the legal owner and/or your management prior to conducting this exercise. Do not proceed without receiving the necessary permissions. Hardware * Intel-based Windows NT/2000/XP PC * Minimum 512MB Ram recommended * Minimum 600Mhz processor recommended Software * * * Cain & Abel – http://www/.oxid.it/ Rainbow Crack - http://www.antsight.com/zsl/rainbowcrack/ Administrative Rights on the PC being used in this exercise
WARNING – Many open source packages have...