{"id":2694,"date":"2024-08-20T12:15:00","date_gmt":"2024-08-20T04:15:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=2694"},"modified":"2025-09-01T22:13:22","modified_gmt":"2025-09-01T14:13:22","slug":"rainbow-table-attack","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/2694","title":{"rendered":"Rainbow Table Attack"},"content":{"rendered":"\n<p>\u5f69\u8679\u8868\u7684\u539f\u7406\u53ef\u4ee5\u7c21\u55ae\u5730\u7406\u89e3\u70ba\u300c\u7528\u7a7a\u9593\u63db\u53d6\u6642\u9593\u300d\u7684\u5bc6\u78bc\u7834\u89e3\u6280\u8853\u3002\u5b83\u7684\u6838\u5fc3\u601d\u60f3\u662f\u4e0d\u5132\u5b58\u6bcf\u4e00\u500b\u5bc6\u78bc\u7684\u54c8\u5e0c\u503c\uff0c\u800c\u662f\u53ea\u5132\u5b58\u300c\u93c8\u300d\u7684\u8d77\u9ede\u548c\u7d42\u9ede\uff0c\u85c9\u6b64\u5927\u5e45\u6e1b\u5c11\u5132\u5b58\u7a7a\u9593\u3002<\/p>\n\n\n\n<p>\u5f88\u591a\u4eba\u4e00\u958b\u59cb\u90fd\u4ee5\u70ba\u5f69\u8679\u8868\u5c31\u50cf\u4e00\u500b\u5de8\u5927\u7684\u5b57\u5178\uff0c\u53ef\u4ee5\u767e\u5206\u4e4b\u767e\u5730\u7834\u89e3\u5bc6\u78bc\u3002\u4f46\u9019\u78ba\u5be6\u662f\u500b\u8aa4\u89e3\u3002\u5f69\u8679\u8868\u4e4b\u6240\u4ee5\u88ab\u8996\u70ba\u4e00\u7a2e\u5de7\u5999\u7684\u6280\u8853\uff0c\u6b63\u662f\u56e0\u70ba\u5b83\u72a7\u7272\u4e86\u300c\u767e\u5206\u767e\u7684\u6210\u529f\u7387\u300d\u4f86\u63db\u53d6\u300c\u53ef\u884c\u7684\u5132\u5b58\u7a7a\u9593\u300d\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u5b8c\u6574\u7684 MD5 \u96dc\u6e4a\u5b57\u5178\u5927\u5c0f<\/h3>\n\n\n\n<p>\u5b8c\u6574\u7684 MD5 \u96dc\u6e4a\u5b57\u5178\uff08Hash Dictionary\uff09\u9700\u8981\u5132\u5b58\u6bcf\u4e00\u500b\u53ef\u80fd\u7684\u5bc6\u78bc\u7d44\u5408\u53ca\u5176\u5c0d\u61c9\u7684 MD5 \u503c\u3002\u6211\u5011\u4ee5\u5e38\u898b\u7684 95 \u500b\u53ef\u5217\u5370 ASCII \u5b57\u5143\uff08\u5927\u5c0f\u5beb\u5b57\u6bcd\u3001\u6578\u5b57\u3001\u7b26\u865f\u7b49\uff09\u4f5c\u70ba\u5b57\u5143\u96c6\u4f86\u8a08\u7b97\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u5bc6\u78bc\u9577\u5ea6\u5f9e 1 \u5230 10 \u7684\u7e3d\u7d44\u5408\u6578<\/strong> \u9019\u662f 951+952+\u22ef+9510 \u7684\u7e3d\u548c\u3002\u9019\u500b\u6578\u5b57\u975e\u5e38\u5de8\u5927\uff0c\u4e3b\u8981\u7531 9510 \u6c7a\u5b9a\uff0c\u7d04\u70ba 5.9\u00d71019\u3002<\/li>\n\n\n\n<li><strong>\u55ae\u4e00\u689d\u76ee\u7684\u5132\u5b58\u5927\u5c0f<\/strong> \u6bcf\u500b\u689d\u76ee\u9700\u8981\u5132\u5b58\uff1a\n<ul class=\"wp-block-list\">\n<li>MD5 \u96dc\u6e4a\u503c\uff1a16 \u4f4d\u5143\u7d44\u3002<\/li>\n\n\n\n<li>\u539f\u59cb\u5bc6\u78bc\uff08\u6700\u5927 10 \u4f4d\u5143\uff09\uff1a\u6700\u591a 10 \u500b\u4f4d\u5143\u7d44\u3002<\/li>\n\n\n\n<li>\u52a0\u4e0a\u5176\u4ed6\u958b\u92b7\uff0c\u6211\u5011\u4f30\u8a08\u4e00\u500b\u689d\u76ee\u7d04 <strong>28 \u500b\u4f4d\u5143\u7d44<\/strong>\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u7e3d\u5132\u5b58\u7a7a\u9593<\/strong> \u7e3d\u5927\u5c0f\u7d04\u70ba 5.9\u00d71019\u00d728\u00a0bytes\u22481.65\u00d71021\u00a0bytes\u3002<\/li>\n<\/ul>\n\n\n\n<p>\u9019\u76f8\u7576\u65bc <strong><strong>1,364.04 <\/strong>EB (Exabyte)<\/strong>\uff0c\u9019\u662f\u4e00\u500b\u5728\u6280\u8853\u4e0a\u5e7e\u4e4e\u4e0d\u53ef\u80fd\u5132\u5b58\u7684\u6a94\u6848\u5927\u5c0f\uff0c\u9019\u9084\u53ea\u662f\u4e00\u500b\u5b57\u5143\u96c6\u7684\u8a08\u7b97\u7d50\u679c\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5f69\u7d05\u8868\u9810\u4f30\u5927\u5c0f<\/h3>\n\n\n\n<p><strong>100% \u8986\u84cb\u7387\u5f69\u8679\u8868\uff1a<\/strong>\u4e26\u975e\u7b49\u65bc\u5b8c\u6574\u5b57\u5178\uff0c\u7406\u8ad6\u4e0a\u7a7a\u9593\u63a5\u8fd1\u5b8c\u6574\u5b57\u5178\uff0c\u5927\u5c0f\u4e5f\u548c\u5b8c\u6574\u5b57\u5178\u5dee\u4e0d\u591a\u3002\u7576\u8a66\u5716\u8b93\u5f69\u8679\u8868\u9054\u5230 100% \u8986\u84cb\u7387\u6642\uff0c\u5be6\u969b\u4e0a\u5df2\u7d93\u62cb\u68c4\u4e86\u5b83\u6700\u6838\u5fc3\u7684\u512a\u52e2\uff0c\u5c07\u4e00\u500b\u5be6\u7528\u7684\u6280\u8853\u8b8a\u6210\u4e86\u4e00\u500b\u548c\u5b8c\u6574\u96dc\u6e4a\u5b57\u5178\u4e00\u6a23\u4e0d\u5207\u5be6\u969b\u7684\u4efb\u52d9\u3002<\/p>\n\n\n\n<p><strong>90% <strong><strong>\u8986\u84cb<\/strong><\/strong>\u7387<strong>\u5f69\u8679\u8868<\/strong><\/strong>\uff1a\u72a7\u7272 10% \u7684\u547d\u4e2d\u7387\uff0c\u63db\u53d6\u5927\u7d04 10% \u7684\u7a7a\u9593\u7bc0\u7701\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5efa\u7acb\u5f69\u8679\u8868<\/h2>\n\n\n\n<p>\u8a9e\u6cd5\uff1a<code>rtgen &lt; hash_algorithm > &lt; charset> &lt;length> [ optimize ]<\/code><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>hash_algorithm : \u6307\u5b9a\u96dc\u6e4a\u6f14\u7b97\u6cd5 <\/li>\n\n\n\n<li>charset: \u5b57\u5143\u96c6\u53ef\u9078 <code>loweralpha<\/code> (\u5c0f\u5beb\u5b57\u6bcd), <code>upperalpha<\/code> (\u5927\u5beb\u5b57\u6bcd), <code>numeric<\/code> (\u6578\u5b57), <code>mixalpha<\/code> (\u5927\u5c0f\u5beb\u5b57\u6bcd), <code>mixalpha-numeric<\/code> (\u5927\u5c0f\u5beb\u5b57\u6bcd\u548c\u6578\u5b57), <code>special<\/code> (\u7279\u6b8a\u7b26\u865f)\u3002<\/li>\n\n\n\n<li>length: \u9577\u5ea6\u7bc4\u570d\u6307\u5b9a <code>plaintext_len_min<\/code> (\u6700\u5c0f\u9577\u5ea6) \u548c <code>plaintext_len_max<\/code> (\u6700\u5927\u9577\u5ea6)\u3002<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>optimize: \u4e3b\u8981\u67094\u500b\uff0c\u9019\u4e9b\u53c3\u6578\u6703\u5f71\u97ff\u5f69\u8679\u8868\u7684\u6548\u7387\u548c\u5927\u5c0f\uff0c\u53ef\u4ee5\u6839\u64da\u9700\u8981\u8abf\u6574\u3002 \n<ul class=\"wp-block-list\">\n<li><strong><code>table_index<\/code><\/strong>\uff1a\u9810\u8a2d\u70ba <code>0<\/code><\/li>\n\n\n\n<li><strong><code>chain_len<\/code><\/strong>\uff1a\u9810\u8a2d\u70ba <code>3800<\/code>\uff0c<strong>(\u93c8\u9577\u5ea6)<\/strong>\uff1a\u4e3b\u8981\u5f71\u97ff<strong>\u7a7a\u9593<\/strong>\uff0c\u4f46\u904e\u9577\u6703\u72a7\u7272<strong>\u6548\u7387<\/strong>\u3002<\/li>\n\n\n\n<li><strong><code>chain_num<\/code><\/strong>\uff1a\u9810\u8a2d\u70ba <code>33554432<\/code>\uff0c<strong>(\u93c8\u6578\u91cf)<\/strong>\uff1a\u4e3b\u8981\u5f71\u97ff<strong>\u7a7a\u9593<\/strong>\uff0c\u540c\u6642\u76f4\u63a5\u6c7a\u5b9a<strong>\u6210\u529f\u7387<\/strong>\u3002<\/li>\n\n\n\n<li><strong><code>part_index<\/code><\/strong>\uff1a\u9810\u8a2d\u70ba <code>0<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>\u7bc4\u4f8b\u5982\u4e0b\uff0c\u7522\u751fMD5\u5404\u7a2e\u5b57\u5143\u4e14\u9577\u5ea61\u52306\u7684\u5f69\u7d05\u8868<\/p>\n\n\n\n<p><code>rtgen md5 mixalpha-numeric-special 1 6 9 3800 33554432 0<\/code><\/p>\n\n\n\n<p>\u9019\u4e9b\u547d\u4ee4\u6703\u751f\u6210 <code>.rt<\/code> \u548c <code>.rtc<\/code> \u6a94\u6848\uff0c\u8acb\u5c07\u5b83\u5011\u4fdd\u5b58\u5728\u4e00\u500b\u55ae\u7368\u7684\u76ee\u9304\u4e2d\uff0c\u4ee5\u4fbf\u5f8c\u7e8c\u4f7f\u7528\u3002<\/p>\n\n\n\n<p>\u751f\u6210\u904e\u7a0b\u53ef\u80fd\u9700\u8981\u5f88\u9577\u6642\u9593\uff0c\u5177\u9ad4\u53d6\u6c7a\u65bc\u60a8\u7684\u96fb\u8166\u6548\u80fd\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u7528\u5f69\u7d05\u8868\u7834\u89e3\u54c8\u5e0c\u503c<\/h2>\n\n\n\n<p>\u7576\u60a8\u6709\u4e86\u5f69\u8679\u8868\u6a94\u6848\u5f8c\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 rcrack \u4f86\u9032\u884c\u7834\u89e3\u3002rcrack \u6703\u81ea\u52d5\u52a0\u8f09\u6240\u6709 .rt \u548c .rtc \u6a94\u6848\uff0c\u4e26\u5728\u6bcf\u500b\u8868\u4e2d\u5c0b\u627e\u8207\u60a8\u7684\u54c8\u5e0c\u503c\u5339\u914d\u7684\u5bc6\u78bc\u3002\u5982\u679c\u6210\u529f\uff0c\u5b83\u5c07\u986f\u793a\u539f\u59cb\u5bc6\u78bc\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u7834\u89e3hash<\/h3>\n\n\n\n<p><strong>\u8a9e\u6cd5<\/strong>\uff1arcrack &lt; rainbowfile directory > -h &lt; hash ><\/p>\n\n\n\n<p><strong>\u7bc4\u4f8b\uff1a<\/strong> \u5047\u8a2d\u60a8\u8981\u7834\u89e3 MD5 \u54c8\u5e0c\u503c <code>e10adc3949ba59abbe56e057f20f883e<\/code>\uff08\u5c0d\u61c9\u5bc6\u78bc\u70ba <code>123456<\/code>\uff09\uff0c\u4e26\u4e14\u60a8\u7684\u6240\u6709\u5f69\u8679\u8868\u6a94\u6848\u90fd\u653e\u5728 <code>\/home\/rainbowtables<\/code> \u8cc7\u6599\u593e\u4e2d\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/home\/rainbowtables\nrcrack . -h e10adc3949ba59abbe56e057f20f883e<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u7834\u89e3hash\u6e05\u55ae<\/h3>\n\n\n\n<p><strong>\u8a9e\u6cd5<\/strong>\uff1arcrack &lt; rainbowfile directory> -l &lt; hash file ><\/p>\n\n\n\n<p><strong>\u7bc4\u4f8b\uff1a<\/strong> \u5047\u8a2d\u60a8\u6709\u4e00\u500b\u540d\u70ba hashes.txt \u7684\u6a94\u6848\uff0c\u5167\u5bb9\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>e10adc3949ba59abbe56e057f20f883e\n900150983cd24fb0d6963f7d28e17f72<\/code><\/pre>\n\n\n\n<p>\u7136\u5f8c\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u4f86\u7834\u89e3\u5b83\u5011\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/home\/rainbowtables\nrcrack . -l hashes.txt<\/code><\/pre>\n\n\n\n<p>rcrack \u5c07\u8b80\u53d6 hashes.txt \u4e2d\u7684\u6240\u6709\u54c8\u5e0c\u503c\u4e26\u5617\u8a66\u7834\u89e3\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5f69\u8679\u8868\u7684\u539f\u7406\u53ef\u4ee5\u7c21\u55ae\u5730\u7406\u89e3\u70ba\u300c\u7528\u7a7a\u9593\u63db\u53d6\u6642\u9593\u300d\u7684\u5bc6\u78bc\u7834\u89e3\u6280\u8853\u3002\u5b83\u7684\u6838\u5fc3\u601d\u60f3\u662f\u4e0d\u5132\u5b58\u6bcf\u4e00\u500b\u5bc6\u78bc\u7684\u54c8\u5e0c\u503c\uff0c\u800c\u662f\u53ea\u5132\u5b58\u300c\u93c8\u300d\u7684\u8d77\u9ede\u548c\u7d42\u9ede\uff0c\u85c9\u6b64\u5927\u5e45\u6e1b\u5c11\u5132\u5b58\u7a7a\u9593\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[369],"tags":[],"class_list":["post-2694","post","type-post","status-publish","format-standard","hentry","category-red-team"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=2694"}],"version-history":[{"count":2,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2694\/revisions"}],"predecessor-version":[{"id":2703,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2694\/revisions\/2703"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=2694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=2694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=2694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}