rcrack

rcrack [OPTIONS] -t <tables_directory> { <hash_file> [<hash_file>...] | -l <hash_value(s)> }

-h <file>
    Specifies an input file containing password hashes to be cracked. Multiple files can be provided.

-t <directory>
    Mandatory. Points to the directory where rcrack can find the pre-generated rainbow tables.

-l
    Enables live cracking mode, allowing hashes to be provided directly on the command line instead of from a file.

-o <file>
    Writes the cracked username and password pairs to the specified output file.

-p <number>
    Sets the number of threads or CPU cores rcrack should use for the cracking process.

-s
    Displays cracking statistics during and after the process, such as hashes cracked and speed.

-u
    Instructs rcrack to display the username alongside the cracked password if available in the input hash format.

rcrack is a command-line utility from the Ophcrack project, designed for efficient offline recovery of Windows user passwords. It leverages pre-computed rainbow tables to quickly find plaintext passwords corresponding to LM and NTLM hash values.

Users typically provide rcrack with a directory containing the rainbow tables and a file (or direct input) of hashes extracted from Windows systems (e.g., SAM files). Its primary strength lies in its speed for cracking hashes that are vulnerable to rainbow table attacks, making it a valuable tool for password auditing and recovery in environments using older Windows hashing schemes.

rcrack is primarily effective against LM and NTLM hashes, commonly found in older Windows environments. It is less effective or ineffective against modern, salted hash algorithms (e.g., NTLMv2 with strong entropy) or hashes from other operating systems.

Requires substantial, pre-generated rainbow tables, which can be very large (gigabytes to terabytes) and time-consuming to create. The cracking success depends heavily on the quality and completeness of these tables.

Rainbow tables are pre-computed tables used in cryptanalysis to reverse cryptographic hash functions, usually for cracking password hashes. They store pre-calculated chains of hash values and their corresponding plaintext, significantly speeding up the cracking process compared to brute-force or dictionary attacks, especially for unsalted hashes.

rcrack specifically targets LM (LAN Manager) and NTLM (NT LAN Manager) hash algorithms. These are traditional hash formats used by Microsoft Windows for storing user passwords, particularly in Windows NT, 2000, XP, and older versions of Vista/7, though NTLM continues to be used in various authentication contexts.

rcrack was developed as a core command-line component of the Ophcrack project. Ophcrack, first released around 2006, quickly became a popular open-source tool for Windows password auditing and recovery, primarily due to its efficient implementation of rainbow table attacks. rcrack provides the raw cracking engine accessible from the terminal.

ophcrack, john(1), hashcat(1)