Rainbow tables are pre-computed tables of hash values that are pre-matched to possible plain text passwords. Rainbow tables are mainly used to crack hashes very quickly.
Computing rainbow tables takes exactly the same amount of time as a brute force, but searching the generated rainbow table takes a split second. So, if you want to test one handshake per an Access Point, then there is no difference between brute-force and using rainbow tables.
If you want to generate a rainbow table, I recommend you generate a large one that you can use on multiple handshake files.
In a pre-computed rainbow table, Aircrack-ng will go through the wordlist and combines each password from the wordlist to the wireless access point name to compute what’s called a PMK (Pairwise Master Key) using the pbkdf2 algorithm.
Next, the PMK will be compared to the Handshake.
If the PMK was valid, then the password that was used to create the PMK is the password we are looking for. If it’s not, it just went to the next password and it creates a PMK from it.
Generate a wordlist
crunch [min] [max] [charset] -o [output location]
Create a database and import wordlist
airolib-ng [db_name] --import passwd [dictionary location]
import the target ESSID
airolib-ng [db_name] --import essid [essid_file]
Compute PMK for the wordlist
airolib-ng [db_name] --batch
Crack the key using the PMK database
aircrack-ng -r [db_name] [handshake_file]
Saad Sarraj
I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.