What is ophcrack?
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
You can download OphCrack from the following link:
FEATURES
OPHCRACK PROCEDURESOphcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
You can download OphCrack from the following link:
FEATURES
- Runs on Windows, Linux/Unix, Mac OS X, ...
- Cracks LM and NTLM hashes.
- Free tables available for Windows XP and Vista.
- Brute-force module for simple passwords.
- Audit mode and CSV export.
- Real-time graphs to analyze the passwords.
- LiveCD available to simplify the cracking.
- Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
- Free and open source software (GPL).
First step
This step is optional but will speed up the cracking process.
Run ophcrack and set the number of threads under the Preferences tab to the number of cores of the computer running ophcrack plus one.For example, for an old processor set the number of threads to 2, for a Core 2 Duo to 3 and for a Core 2 Quad to 5. If you change this value, you have to exit ophcrack and to restart it in order to save the change. If you don't exit and restart, the new number of threads will not be taken into account by the program.
Second step
This step is mandatory.
Load hashes using the Load button. You can either enter the hash manually (Single hash option), import a text file containing hashes you created with pwdump, fgdump or similar third party tools (PWDUMP file option), extract the hashes from the SYSTEM and SAM files (Encrypted SAM option), dump the SAM from the computer ophcrack is running on (Local SAM option) or dump the SAM from a remote computer (Remote SAM option).
For the Encrypted SAM option, the SAM is located under the Windows system32/config directory and can only be accessed for a Windows partition that is NOT running. For the Local SAM and Remote SAM options, you MUST logged in with the administrator rights on the computer you want to dump the SAM.
Third step
This step is optional but will speed up the cracking process.
Delete with the Delete button every user account you are not interested in (for exemple the Guest account). You can use the Ctrl key to make multiple selection. Ctrl-a will select every loaded hash.
Keep in mind that the time needed to crack password hashes with rainbow tables is proportional to the number of hashes loaded. With a brute force attack the cracking time is NOT dependant on the number of unsalted hashes loaded. That's why it's advisable to remove any unnecessary user account with the Delete button.
Fourth step
This step is mandatory.
Install (Tables button), enable (green and yellow buttons) and sort wisely (up and down arrows) the rainbow tables your are going to use. Keep in mind that storing the rainbow tables on a fast medium like a hard disk will significantly speed up the cracking process.
Here are a few guidelines :
If you want to crack LM hashes as found on Windows XP by default (the LM Hash column is never empty on the ophcrack main window), first install and enable either the XP free small (if you have less than 512MB of free RAM) or the XP free fast (if you have more than 512MB of free RAM). Do NOT enable both of them since this is generally useless and will slow down the cracking process. Then install and enable the Vista free tables set. Finally install and enable the other XP rainbow tables you may have (XP special, XP german) and Vista one (Vista special). Sort the rainbow tables with the up and down arrows the following way : first the XP free then the Vista free then the XP special after that the Vista special and finally the XP german.
If you want to crack NT hashes as found on Windows Vista by default (the LM Hash column is always empty on the ophcrack main window), first install and enable the Vista free tables set. Then install and enable the Vista special tables set. Disable every other XP tables sets since they are useless and slow down the cracking process. Sort the enabled rainbow tables with the up and down arrows the following way : first the Vista free then the Vista special.
If you want to crack a mix of LM and NT enabled hashes (some accounts have their LM column empty, others have both the LM and NT columns filled with hashes) proceed the same way as "If you want to crack LM enabled hashes".
Fifth step
This step is mandatory.
Click on the Crack button to start the cracking process. You'll see the progress of the cracking process in the bottom boxes of the ophcrack window. When a password is found, it will be displayed in the NT Pwd field. You can then save the results of a cracking session at any time with the Save button.
HOW TO USE IN DIFFERENT OPERATING SYSTEMS
Windows
Simply download the Ophcrack ISO and burn it to a CD (or load it onto a USB drive via UNetbootin). Insert the CD into a machine you would like to gain access to, then press and hold the power button until the computer shuts down. Turn the computer back on and enter BIOS at startup. Change the boot sequence to CD before HDD, then save and exit.
The computer will restart and Ophcrack will be loaded. Sit back and watch as it does all the work for your. Write down the password it gives you, remove the disc, restart the computer, and log in as if it were you own machine.
Linux
To change the password, turn on the computer and press the ESC key when GRUB appears. Scroll down and highlight ‘Recovery Mode’ and press the ‘B’ key; this will cause you to enter ‘Single User Mode’.
You’re now at the prompt, and logged in as ‘root’ by default. Type ‘passwd’ and then choose a new password. This will change the root password to whatever you enter. If you’re interested in only gaining access to a single account on the system, however, then type ‘passwd username’ replacing ‘username’ with the login name for the account you would like to alter the password for.
Mac
The easiest method would be to use Ophcrack on this also as it works with Mac and Linux in addition to Windows. However, there are other methods that can be used, as demonstrated below.
If the Mac runs OS X 10.4, then you only need the installation CD. Insert it into the computer, reboot. When it starts up, select UTILITIES > RESET PASSWORD. Choose a new password and then use that to log in.
If the Mac runs OS X 10.5, restart the computer and press COMMAND + S. When at the prompt, type:
fsck -fy
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/UserName newpassword
No comments:
Post a Comment