• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • 1
    CommentGo Back
Download
 
 
Ophcrack – A Password Hack Tool to Crack Almost AnyWindows Password
Jul. 17th, 2009 BySimon Slangen
There are a lot of different reasons why one would want touse any number of password hack tools to hack a Windowspassword. Of course, there are the good-hearted reasons,like helping your grandpa because he forgot his passwordand is locked out of his own computer. Then, there are themore dubious reasons, like spying on your accountant.In the past, MakeUseOf has published other password-cracking related articles. Those who are interest should checkout T.J. Miniday’s3 Ways to Reset Forgotten WindowsAdministrator Password.However, there might be circumstances in which you’d need unnoticed access – being able touse the terminal without literally
changing
the password.
Ophcrack 
That’s where Ophcrack comes in. Ophcrack is one of the more effective password hack toolsthat runs via Windows, Mac and Linux installations or on a Live CD, and it can be used to crack
almost any Windows password.
To manage this, Ophcrack usesrainbow tablesto guess the password. When a working one isencountered, it is presented to you, and you can simply log in with it. One would think this “guessing” takes a lot of time, but that’s just where the power of rainbow tables lies.
Rainbow Tables in a Nutshell
Operation systems don’t store the user passwords in plain text — that’d be highly insecure,and even right out stupid. Instead, they calculate the hashes of the passwords by putting thepasswords through aone-way hashfunction and store those. When one would obtain thesehashes, they would still be rather useless; the password needs to be entered, after which thehash needs to be calculated and compared to the stored password hash.
 
e.g. ‘makeuseof.com’ would become ‘9fb883363640e11970be10a5936a37fc:b35f6f8268073d2242e0cd8b72554d8a’ when converted to Windows XP’s LM hash.
 
 A rainbow table is basically an enormous list of passwords — basically every password abruteforce attackwould try —
with
their respective hashes included. Although this table takes a lotof time to generate, it can reduce the cracking of passwords to minutes, or even seconds.
Downloadable Tables
Ophcrack supplies a few of these rainbow tables, free, for your use. They’re included in theLive CD, can automatically be retrieved from the Windows executable, or downloaded from theOphcrack website. We’ll quickly look over the available tables, and their possibilities.
For Windows XP
, Ophcrack supplies two alphanumeric tables. With these, you can crack99.99% of all passwords under 14 characters, consisting of a combination between letters andnumbers — abcdefghijklmnopqrstuvwxyz0123456789. Because the LM hash used byWindows XP is insensitive to capitalization, these hash tables contain 80 billion differenthashes, corresponding with 12septillionpossible passwords.You can choose between the
 XP free small 
and the
 XP free fast tables
. These can both be usedto crack the same passwords, but because the XP free fast table is twice as large, you cancrack them in half the time.The downside of both tables is their unability to crack passwords with special characters —these can only be cracked using the premium
 XP special 
tables.
For Windows Vista
, which abandoned the weak LM hash, and moved on to the stronger NThash, there are less possibilities. Currently, Ophcrack only gives away a table with dictionary-words and variations (hybrids) for free. If you’re willing to cough up a lot of money (about 99$), they also provide alphanumerical tables – including special characters.Because the NT hash
is
subjective to capitalization, and allows a much greater passwordlength (whereas the LM hash simply splits large sequences up in multitudes of smaller strings),these premium rainbow tables can range in size from 8GB to over 130GB.And that’s the essence of it. There’s some more technical information (a real how-to) in theOphcrack help files (included in the downloads).If you’re shivering in your boots after reading this article and thinking,”Gosh, everyone’s goingto know how to hack my password. What shall I do?” Then it may be a good time to create astronger password. Stefan wrote about5 free password generatorsthat will help you makenearly unhackable passwords, no matter what password hack tools a hacker tries to use. It’sa good start.So, what do you think? Is Ophcrack really the pot of gold at the end of the rainbow, or hardlyworth one’s attention? — Let us know your experiences, opinions and questions in thecomments section below.
More about:
 encryption,hack,password,privacy,security
View all tags
'
 
Add MakeUseOf to: 
Enjoyed the article? Subscribe to MakeUseOf to get daily updateson new cool websites and programs in your email for free. You'llalso get free printable cheat sheets to your favorite programs
Your Email:
(By) is a student from Belgium, obsessed with everything remotely technical. On MakeUseOf, he'sthe primary gaming writer and the PDF Manual editor.
Subscribe Me!
Follow MakeUseOf on Twitter!
[ DOWNLOADS ] FREE PDF Guides from MakeUseOf 
10 Essential Cheat Sheets To Download A Computer Geek’s Smart Productivity Guide A Newbie’s Getting Started Guide to Linux The Easy Torrent Guide for Everyone The Idiot's Guide To Photoshop The Ultimate iTunes Manual The Idiot’s Guide To Building Your Own Computer The Laptop Buying Guide For 2009 
Related Posts
Keeping Under the Radar and Securing Your PC FilesHide & Protect Your Files with Easy File Locker [Windows]Protect And Track Your Laptop In Case Of TheftHow To Keep Your Paypal Account Safe From Hackers5 Free Password Generators For Nearly Unhackable Passwords
2009-07-17 12:26:49
Sounds interesting.Gonna test this tool now.Thanks for sharing.Reply to this comment 
 
2009-07-17 14:08:02
I really need something like this to get into my old Toshiba with XP. BUT –when I downloaded, AVG informed me the file is infected with a Trojan and killed it.Is this something it’s supposed to have, or did someone slip it in the installer?Reply to this comment 
2009-07-17 18:37:04
 
It isn’t uncommon for a ‘password cracker’ to be labeled
bad-ware
. To myknowledge, AVG is (one of) the only anti-virus apps waving the red flag withOphcrack – and still without reason.Reply to this comment 
2009-07-18 09:38:31
 
There was a ticket submitted (and resolved) toSourceforgeabout thisissue.I quote: * resolution set to fixedGreetings,ophcrack is a password retrieval tool. Accordingly, many virus utilities willflag it as potentially harmful, as it is. Used properly and lawfully, there is
11 Comments
Add Comment
BinoyxjMerryann Palmer Simon SlangenSimon Slangen
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
Matahari_She_6586

how to unlock a forgotten password facebook facebook.com

reply04 / 07 / 2010
You must be to leave a comment.
Submit
Characters: ...