Ophcrack
Encyclopedia
Ophcrack is a free
open source
(GPL
licensed) program that cracks
Windows passwords by using LM hash
es through rainbow table
s. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes.
Rainbow tables for LM hashes of alphanumeric
passwords are provided for free by the developers. By default, ophcrack is bundled with tables that allows it to crack passwords no longer than 14 characters using only alphanumeric characters. Available for freely for download are two Windows XP tables, one small and one fast, and one Windows Vista table.
Objectif Sécurité has even larger tables for purchase, intended for professional use. Larger rainbow tables contain LM hashes of passwords with all printable characters, including symbols and spaces, and are available for purchase.
Ophcrack is also available as Live CD
distributions which automate the retrieval, decryption, and cracking of passwords from a Windows
system. One Live CD distribution is available for Windows XP and lower, as well as another for Windows Vista and Windows 7. The Live CD distributions of ophcrack are built with SliTaz GNU/Linux
.
Starting with version 2.3, Ophcrack also cracks NTLM
hashes. This is necessary if the generation of the LM hash is disabled (this is default for Windows Vista
), or if the password is longer than 14 characters (in which case the LM hash is not stored).
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
(GPL
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
licensed) program that cracks
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
Windows passwords by using LM hash
LM hash
LM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords...
es through rainbow table
Rainbow table
A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a form of time-memory tradeoff, using less...
s. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes.
Rainbow tables for LM hashes of alphanumeric
Alphanumeric
Alphanumeric is a combination of alphabetic and numeric characters, and is used to describe the collection of Latin letters and Arabic digits or a text constructed from this collection. There are either 36 or 62 alphanumeric characters. The alphanumeric character set consists of the numbers 0 to...
passwords are provided for free by the developers. By default, ophcrack is bundled with tables that allows it to crack passwords no longer than 14 characters using only alphanumeric characters. Available for freely for download are two Windows XP tables, one small and one fast, and one Windows Vista table.
Objectif Sécurité has even larger tables for purchase, intended for professional use. Larger rainbow tables contain LM hashes of passwords with all printable characters, including symbols and spaces, and are available for purchase.
Ophcrack is also available as Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
distributions which automate the retrieval, decryption, and cracking of passwords from a Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
system. One Live CD distribution is available for Windows XP and lower, as well as another for Windows Vista and Windows 7. The Live CD distributions of ophcrack are built with SliTaz GNU/Linux
SliTaz GNU/Linux
SliTaz GNU/Linux is a community-based software project started in 2006 by Christophe Lincoln. It is a Linux distribution with a root filesystem that takes up approximately 100 MB of disk space, and its ISO image installation media is around 30 MB...
.
Starting with version 2.3, Ophcrack also cracks NTLM
NTLM
In a Windows network, NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users....
hashes. This is necessary if the generation of the LM hash is disabled (this is default for Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
), or if the password is longer than 14 characters (in which case the LM hash is not stored).
External links
- Ophcrack 3 (LiveCD 2) home page
- Ophcrack Online Demo - form to submit hashes and instantly crack passwords
- Ophcrack LiveCD 2 Tutorial
- Ophcrack home page at École polytechnique fédérale de Lausanne