Passware Rainbow Tables for Windows is a ready-to-use set of rainbow tables designed to recover Windows user passwords from NTLM hashes in a predictable timeframe, ranging from minutes to hours, depending on the size of the rainbow table. The decryption is performed locally with a 99% success rate.
The set comes on an external USB HDD and is 3.6 TB in size. All the tables are in RTI2 format.
All versions of MS Windows are supported.
No data leaves your computer, the decryption is performed offline using the built-in Rainbow Tables attack. This attack is available for files with the Rainbow Tables attack possible flag in the File Type/Additional Options or Complexity.
NTLM hashes should be provided as a .TXT file in a special format. Check our supported hashes article for more information.
NOTE: Passware Kit Business, Forensic, or Ultimate license is required to use the Passware Rainbow Tables for Windows. The tables are not proprietary.
The Rainbow Tables delivered on the HDD USB are as follows:
Charset name | Password Length | Symbol Set | Example |
ntlm_hybrid2(alpha#1-1,loweralpha#5-5, loweralpha-numeric#2-2,numeric#1-3) |
8-11 | 1 [A-Z] + 5 [a-z] + 2 [a-z0-9] + 1-3 [0-9] | Password12 |
ntlm_hybrid2(loweralpha#7-7,numeric#1-3) | 8-10 | 7 [a-z] + 1-3 [0-9] | feather9 |
ntlm_loweralpha-numeric#1-10 | Up to 10 | [a-z0-9] | camel1967 |
ntlm_alpha-space#1-9 | Up to 9 | [A-Z ] | MY PASS |
ntlm_loweralpha-numeric#1-9 | Up to 9 | [a-z0-9] | r2rbu0gid |
ntlm_mixalpha-numeric-space#1-9 | Up to 9 | [a-zA-Z0-9 ] | XpQr3qmTo |
ntlm_loweralpha-numeric-space#1-8 | Up to 8 | [a-z0-9 ] | can be21 |
ntlm_loweralpha-numeric-symbol32-space#1-8 | Up to 8 | [a-z0-9!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] | c@$per 1 |
ntlm_mixalpha-numeric-space#1-8 | Up to 8 | [a-zA-Z0-9 ] | D3lt@12 !% |
ntlm_loweralpha-numeric-symbol32-space#1-7 | Up to 7 | [a-z0-9!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] | gr@ $$5 |
ntlm_mixalpha-numeric-all-space#1-7 | Up to 7 | [A-Za-z0-9!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] | $Pac3 Ti |
ntlm_mixalpha-numeric-all-space#1-8 | Up to 7 | [A-Za-z0-9!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] | aStA%&7 |
ntlm_mixalpha-numeric-space#1-7 | Up to 7 | [a-zA-Z0-9 ] | Dog123 |
How to understand the charsets
Example:
“ntlm_mixalpha-numeric-space#1-7_0_10000x67108864_distrrtgen[p][i]_00.rti2”
- #1-7 - the password length range
NOTE: For hybrid tables the length is always set to 0-0 since these tables may include hashes of various lengths.
- _0_ - the Rainbow table index (0, 1, 2, etc.)
- 10000x67108864 - the chain length (maximal amount of hashing iterations in the table) x chainCount (number of hashes in the table)
- _distrrtgen[p][i]_ - the name of the tool used to generate the table
- 00 - the table file number (00, 01, 02, etc)
- .rti2 - the table extension (can also be *.rt)
Passware Tip: To cover even more combinations (charsets), use the Brute-force approach or a Standalone system option.
How to use Passware Rainbow Tables for Windows
The steps for using the Passware Rainbow Tables for Windows are as follows:
- Drag and drop .TXT files with NTLM hashes or initiate a Standalone attack on a Windows account.
Continue by customizing the password recovery attacks. - On the Attack Settings page, remove all current attacks by clicking the “All” button at the bottom.
- Click “+” to add a new attack.
- Pick the Rainbow Tables attack from the left pane.
- Click the “+ Add folder” button and locate the .rti2 files (rainbow tables) on the connected Passware Rainbow Tables for Windows USB disk. Wait for the tables to be uploaded. This may take some time.
- Click “Add Attack” and start the decryption.
NOTE: Make sure your Passware Rainbow Tables for Windows disk is connected. The tables can be copied to a local disk or another external drive. SSD or NVMe is recommended for faster processing.
Passware Tip: Check the “Log” tab for the details of the decryption process.
Comments
0 comments
Article is closed for comments.