Hey, everybody, welcome to the next video, we're going to be talking about rainbow tables now what

a rainbow tables.

A rainbow table is a large database of password hashes and their plain text counterpart.

Now, this type of database can be hundreds of gigs, thousands of gigs.

It entirely depends on the type of rainbow table that you want.

People generate them just in their own spare time and with, you know, thousands of people generating

rainbow tables.

Eventually you're going to get a good list going or a good database going.

The main reason for this is because it reduces the memory requirement to attack or cracking a password

and normal situations, a such as traditional forcing which will go over in second.

It very memory intensive.

But this compromises memory requirements for larger disk space and time.

So it takes a little bit longer for it to go through everything, but it doesn't have as much of a memory

requirement.

Now, just to recap of traditional forcing, is every letter digit symbol in any order has to be rehashed

every time the string is changed?

This can be very, very memory intensive, very CPU intensive, GPU intensive.

It's a very long process and it's very slow and hard to track anything past five to six, maybe seven

characters, depending on how long you have to wait and how many how much power your machine has.

So this is why it comes into play, because it's very it's very nice to have pre-built hashes ready

for you so you can just do your searching based on the pre-built hashes instead of trying to figure

it out by scratch, by rehashing every possible combination in the world.

Now, rainbow tables, rainbow tables used a step called production to create chains of hashes in these

chains are also known as tables, and each chain will be looked at until the plain text is found.

So it'll go through the first chain and the second chain, then the third chain.

Now, how reduction works, essentially how a table or a chain is built.

So if we start off with initial MDI of hash, right.

So let's just grab just use this random modified hash.

So this is our hash.

So we want to start generating our chain from now.

We're talking about this in the terms of generation and not in trying to find the plain text of a password.

This is how a change is generated.

So we start off with some undefined hash or any type of hash and also the we know what the plain text

of that hash is.

So then we hit the first chain and grab the first eight characters and rehash it.

So you can see this first eight right here is then Raegan through an empty five hash and then we get

a new hash.

And then this process will grab the next eight character first day characters, then repeat the hash

again.

And this process will continue until the user decides that they don't want to generate any more hashes.

And then once that's done, the chain or the table is now complete.

So you can understand now how a chain or a table is built.

And then next we're going to go into the process flow of a rainbow table talk.

So the first thing we do is we have our hash submitted, right.

We submit this to the rainbow tables through some application that utilizes the rainbow tables.

Then we check the hash against the final hash and each chain.

And if there's a match, we're going to go ahead and go up here.

And if there's not, we're going to reduce the hash to its plain text, which is not the plain text

of the original password, but the plain text is part of the rainbow table.

Is this concern of that hash?

And then it rehashes that plain text and goes ahead and repeats that process.

Essentially, this is a production process that occurs on the initial hash, sort of creating its own

chain until one of those hashes have are found in the database.

And once they're found in the database, they're going to grab the next part of the chain, hash the

plaintext again, and then see if it matches the original hash that we started with.

If it doesn't, we're going to go ahead and redo the reduction process again and then rinse and repeat

that process.

If it does match, then we know what our plain text is and we can go ahead and look up that hash that

we found with the plain text that we have in the database.

And we in turn get our plain text on the password hash that we submitted.

So it's quite a complicated process and takes some time to study the flowchart.

Watch the video a few times.

It's important to understand what's going on here because in the hands on I'm going to I'm going to

task you guys with going ahead and downloading a rainbow table and actually going through and taking

a password hash of MI5 with the MI five password hash of password.

As an example, I'm going to give you guys an empty five hash.

And what I want you to do is go through and build your own build out the rainbow table set up.

You can use a pre-built rainbow table if you want to and try to grab the plain text of the hash I provide

you guys.