Rainbow Tables: How to Create & Use Them to Crack Passwords

How to Create & Use Them to Crack Passwords

More password cracking action from Null Byte! Today we aren't going to be cracking passwords per se, rather, we are going to learn the basics of generating rainbow tables and how to use them. First, let's go over how passwords are stored and recovered.

Passwords are normally stored in one-way hashes. When a password is created, the user types the password in what is called "plain text", since it is in a plain, unhashed form. However, after a password is made, the computer stores a one-way hash of the password that obfuscates it. Hashes are made to be one-way, which means algorithmic reversal is impossible. This means we have to crack those hashes!

Normally, when you crack a password hash, your computer computes a word, generates the hash, then compares to see if there is a match. If there is, the password is correct; if not, it will keep guessing. Rainbow tables work on the principle of a time-memory trade-off. This means that hashes are pre-generated by a computer and stored in a large rainbow table file with all of the hashes and words that correspond to them. This method works especially well for people with slow processors, since you don't have to compute much. Rainbow cracking can greatly reduce the amount of time it takes to crack a password hash, plus you can keep the tables, so you only have to generate them once!


  • Windows, Mac OSX, or Linux OS
  • Admin, or root access

Step 1 Download & Install RainbowCrack

Text in bold means it is a terminal command (NT, OSX, or *nix). However, for this step, all commands in bold are for Linux only. The other operating systems use a GUI.

RainbowCrack is the tool that we are going to be using to generate and use rainbow tables.

  1. Download RainbowCrack.
  2. Extract the archive (Windows and Mac users extract via GUI).
        tar zxvf <rainbowcrack>
  3. Change to the new directory that has been made from extracting RainbowCrack.
        cd <new dir>
  4. Configure the installation.
  5. Now, compile the source code for installation.
        make && sudo make install

Step 2 Generate a Rainbow Table and Crack with It

Now, lets generate a table that consists of all the alpha-lowercase and numeral characters. We want these to use the MD5 hash algorithm and be between 4-6 characters. All OS users must open a terminal, or a command prompt and be located in the RainbowCrack working directory.

  1. In your working directory, issue the following command to start table generation.
        rtgen md5 loweralpha-numeric 1 7 0 3800 33554432 0
  2. Sort the tables so the processor can access them quicker. The table files will be in the current directory. Run the following command on each of the files in the directory ending in *.rt.
        rtsort <*.rt file>

This will take about 6 hours to generate on a single core processor. After you generate the table, let's practice using it on a word.

  1. Let's hash the word "burger" with the MD5 algorithm and then use our tables to crack it. Notice the b is in lowercase. Here is our result: 6e69685d22c94ffd42ccd7e70e246bd9
  2. Crack the hash with the following command, along with the path to your file.
        rcrack <path-to-rainbow-table.rt> -h 6e69685d22c94ffd42ccd7e70e246bd9

It will return your hash. You'll see it is a lot faster than if you were try to bruteforce the six character hash.

If you have any questions or want to talk, stop by our IRC channel or start topics in the forums.

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Photo by JD Hancock 


Rainbow tables sure are great, for a couple of years ago I made some tables just as your guide, a-z lowercase and 0-9 of maximum 6 characters.
It cracked every password I tried within a couple of minutes, and this was done on my old laptop :D
Creating the tables took forever though

I have an external SSD filled to the brim with dictionaries and rainbow tables ^_^. It's the ultimate cracking kit.

Oh haha that sounds awesome :D

Does it hack all the passwords...how mch time does one password take

can you mention the steps to be done after generating this has file

At one point I had plans and code to get a 1TB external filled right up with a giant rainbow of SHA-2… Don't know where it went though :S

:O. If you do that at some point, I would buy a drive and ship it to you if you would fill it xD. I'll do the same for you for MD5 :D. Where have you been on IRC?

I got really busy with school… I'm coming up to exams, first one is next week and I'm basically failing all my classes. I have a whole bunch of health issues that are coming up at the same time as well, and I think I'm going to be changing programs to software engineering. So basically what I'm saying is that I haven't been on IRC much because I've been super busy, but I do hope to be on more soon.

Alright bro, I understand. I hope stuff gets better for you, we miss you :(.

rainbow table md5loweralpha-numeric#1-703800x335544320.rt parameters
hash algorithm: md5
hash length: 16
charset: abcdefghijklmnopqrstuvwxyz0123456789

charset in hex: 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39

charset length: 36
plaintext length range: 1 - 7
reduce offset: 0x00000000
plaintext total: 80603140212

can't create file md5loweralpha-numeric#1-703800x335544320.rt

how to create a custom rainbow table ,

Say i know 10 character secret has first 2 character as number, 3rd character as "-" and rest 7 characters as mixalphanumeric

does anyone at all have any idea at all how to do this at all ???

I download it for Linux x64, extracted and cd into it, after run ./configure I get :

sudo: ./configure: command not found
bash: ./configure: No such file or directory

Of course this article is 4 years old.... it might not be valid anymore..

no i did this right now; it's an evergreen technique :D

Make sure you are using proper lower or upper case characters. Be sure you are in the correct directory. Makke sure gcc and cmake are installed.

Any way to get a RainbowHack software on iOS? Or is that just too difficult? I'm new to this so... Haha.

can you use this method to crack WPA2 protected networks passwords?

Yes, you would need to get the hash from a handshake file (Nullbyte has tutorials for this) and use hashcat to break the hash :)

Can anyone mention step to be done after generating this hash file.

after generating the hash file, you hold on to it and cherish it lol. you can use it for breaking password hashes using hashcat.

Share Your Thoughts

  • Hot
  • Latest