MRL Wiki	Main Page | About | Help | FAQ | Special pages | Log in
	Category: Password Crackers Printable version | Disclaimers | Privacy policy

Ophcrack

From MRL Wiki

Ophcrack is a Windows password cracker based on the faster time-memory trade-off using Rainbow Tables. Ophcrack was released by a Swiss company called Objectif Sécurité. There are both command-line and GUI versions of the tool. Ophcrack runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

Contents 1 Features 2 bkhive2 3 Live CD 4 Rainbow Tables 5 Videos 6 See Also 7 External Links

[edit] Features

Ophcrack is capable of cracking the following hash types:

• LM
• NTLM

Ophcrack has several ways of importing password hashes:

• Single Hash - allows you to import a single hash entry in a format similar to pwdump
• PWDUMP - allows you to import PWDUMP generated file
• encrypted SAM - dumps the hashes from the SAM and SYSTEM files retrieved from from a Windows machine while booting on another disk. Note: you do not need to known a windows administrator password to get the hashes.
• local SAM (only for the windows version of ophcrack 2.3): dumps the hashes from the Windows machine the program is running on . You need to be administrator of your local machine for this to work. Note: This feature is only available on Windows version.
• remote SAM (only for the windows version of ophcrack 2.3): dumps the hashes of a remote Windows machine, provided you know the username and password of an administrator and the name of share. Note: This feature is only available on Windows version.

[[Image:File:Ophcrack.png]]

[edit] bkhive2

Ophcrack comes with an interesting utility tool called bkhive2 which is capable of extracting Syskey bootkey from the system hive file thus defeating the additional encryption layer for the SAM file.

[edit] Live CD

The Ophcrack LiveCD is a bootable Linux CD-ROM containing ophcrack and a set of tables (SSTIC04-10k). It allows for testing the strength of passwords on a Windows machine without having to install anything on it. Just put it into the CD-ROM drive, reboot and it will try to find a Windows partition, extract its SAM and start auditing the passwords automatically. All partitions will be mounted in read-only mode thus no modifications will be written to the windows partition itself. Unfortunately due to the limited space available on cd, only LM hashes can be cracked.

[edit] Rainbow Tables

Objectif Sécurité, the maker of Ophcrack, made available several rainbow table sets online:

• STIC04-5k is a large one (720MB) for machines having atleast 500M of RAM.
• SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM.

[edit] Videos

• http://www.thesprawl.org/videos/ophcrack.avi
• http://brokenfloppy.com/bf-episodes/BF.EP.005/bf.ep005.divx.avi
• http://irongeek.com/i.php?page=videos/cracking-windows-vista-passwords-with-ophcrack-and-cain

[edit] See Also

• Passwords
• Rainbow Tables
• pwdump

[edit] External Links

• http://ophcrack.sourceforge.net - Ophcrack

Edit this page | Discuss this page | Page history | What links here | Related changes Main Page | About MRL Wiki | Find: This page has been accessed 7,565 times. This page was last modified on 23 October 2009, at 12:26.