Mandiant releases rainbow table that cracks weak admin password in 12 hours

Mandiant, a prominent security company, has launched a new database that facilitates the hacking of administrative passwords secured by Microsoft’s outdated NTLM.v1 hash algorithm. This initiative aims to encourage users to move away from this deprecated protocol, which is known for its security flaws. The released tool is a rainbow table, a precomputed compilation of hash values paired with their corresponding plaintext passwords. These tables can be used to quickly convert stolen hashes into actual passwords, making it easier for hackers to seize control of accounts. NTLMv1 rainbow tables are particularly simple to generate due to the limited range of possible passwords that the hashing function can produce. Although NTLMv1 rainbow tables have been available for two decades, their practical application typically required significant computational resources. However, Mandiant announced that their new NTLMv1 rainbow table can recover passwords in under 12 hours using consumer-grade hardware costing less than $600. This table is hosted on Google Cloud and is effective against Net-NTLMv1 passwords, which are commonly used for network authentication in services like SMB file sharing. Despite its long-standing vulnerabilities, NTLMv1 is still utilized in various sensitive networks worldwide. This persistence is partly due to legacy applications in sectors such as healthcare and industrial control that are incompatible with newer hashing algorithms. Additionally, organizations operating critical systems may hesitate to migrate due to the potential downtime involved. Mandiant's release of these tables is intended to empower security professionals to demonstrate the weaknesses inherent in Net-NTLMv1. The company stated, "While tools to exploit this protocol have existed for years, they often necessitated the upload of sensitive data to external services or the use of costly hardware to brute-force keys."