Ophcrack – A Password Hack Tool to Crack Almost Any Windows Password
There are a lot of different reasons why one would want to use any number of password hack tools to hack a Windows password. Of course, there are the good-hearted reasons, like helping your grandpa because he forgot his password and is locked out of his own computer. Then, there are the more dubious reasons, like spying on your accountant.
In the past, MakeUseOf has published other password-cracking related articles. Those who are interest should check out T.J. Miniday’s 3 Ways to Reset Forgotten Windows Administrator Password.
However, there might be circumstances in which you’d need unnoticed access – being able to use the terminal without literally changing the password.
Ophcrack
That’s where Ophcrack comes in. Ophcrack is one of the more effective password hack tools that runs via Windows, Mac and Linux installations or on a Live CD, and it can be used to crack almost any Windows password.
To manage this, Ophcrack uses rainbow tables to guess the password. When a working one is encountered, it is presented to you, and you can simply log in with it. One would think this “guessing” takes a lot of time, but that’s just where the power of rainbow tables lies.
Rainbow Tables in a Nutshell
Operation systems don’t store the user passwords in plain text — that’d be highly insecure, and even right out stupid. Instead, they calculate the hashes of the passwords by putting the passwords through a one-way hash function and store those. When one would obtain these hashes, they would still be rather useless; the password needs to be entered, after which the hash needs to be calculated and compared to the stored password hash.
e.g. ‘makeuseof.com’ would become ‘9fb883363640e11970be10a5936a37fc:b35f6f8268073d2242e0cd8b72554d8a’ when converted to Windows XP’s LM hash.
A rainbow table is basically an enormous list of passwords — basically every password a brute force attack would try — with their respective hashes included. Although this table takes a lot of time to generate, it can reduce the cracking of passwords to minutes, or even seconds.
Downloadable Tables
Ophcrack supplies a few of these rainbow tables, free, for your use. They’re included in the Live CD, can automatically be retrieved from the Windows executable, or downloaded from the Ophcrack website. We’ll quickly look over the available tables, and their possibilities.
For Windows XP, Ophcrack supplies two alphanumeric tables. With these, you can crack 99.99% of all passwords under 14 characters, consisting of a combination between letters and numbers — abcdefghijklmnopqrstuvwxyz0123456789. Because the LM hash used by Windows XP is insensitive to capitalization, these hash tables contain 80 billion different hashes, corresponding with 12 septillion possible passwords.
You can choose between the XP free small and the XP free fast tables. These can both be used to crack the same passwords, but because the XP free fast table is twice as large, you can crack them in half the time.
The downside of both tables is their unability to crack passwords with special characters — these can only be cracked using the premium XP special tables.
For Windows Vista, which abandoned the weak LM hash, and moved on to the stronger NT hash, there are less possibilities. Currently, Ophcrack only gives away a table with dictionary-words and variations (hybrids) for free. If you’re willing to cough up a lot of money (about 99$), they also provide alphanumerical tables – including special characters.
Because the NT hash is subjective to capitalization, and allows a much greater password length (whereas the LM hash simply splits large sequences up in multitudes of smaller strings), these premium rainbow tables can range in size from 8GB to over 130GB.
And that’s the essence of it. There’s some more technical information (a real how-to) in the Ophcrack help files (included in the downloads).
If you’re shivering in your boots after reading this article and thinking,”Gosh, everyone’s going to know how to hack my password. What shall I do?” Then it may be a good time to create a stronger password. Stefan wrote about 5 free password generators that will help you make nearly unhackable passwords, no matter what password hack tools a hacker tries to use. It’s a good start.
So, what do you think? Is Ophcrack really the pot of gold at the end of the rainbow, or hardly worth one’s attention? — Let us know your experiences, opinions and questions in the comments section below.
(By) Simon is a student and tech enthusiast from Belgium. On MakeUseOf, he's the primary gaming writer and eBook editor. Check Simon out @ http://meme.yahoo.com/slangen/
Sounds interesting.Gonna test this tool now.Thanks for sharing.
I really need something like this to get into my old Toshiba with XP. BUT – when I downloaded, AVG informed me the file is infected with a Trojan and killed it.
Is this something it’s supposed to have, or did someone slip it in the installer?
It isn’t uncommon for a ‘password cracker’ to be labeled bad-ware. To my knowledge, AVG is (one of) the only anti-virus apps waving the red flag with Ophcrack – and still without reason.
There was a ticket submitted (and resolved) to Sourceforge about this issue. I quote:
* resolution set to fixed
Greetings,
ophcrack is a password retrieval tool. Accordingly, many virus utilities will flag it as potentially harmful, as it is. Used properly and lawfully, there is likely nothing wrong with it.
Thank you,
David Burley
(Comments wont nest below this level)Systems Programmer/Analyst, SourceForge.net
Will this work with the system password? I have a password I cannot remember on my laptop before I get to the XP login.
if you are referring to a Bios password, then this would definitely NOT work on it. Bios passwords are extremely difficult to crack and are not even erased by formatting (for obvious reasons).
If you indeed do have a bios password issue, try contacting your bios manufacturer, so still do have a “master” unlock code, otherwise, you are simply better off turning your laptop into a photo frame
Heh heh, BIOS passwords are a trivial issue if you are the device owner and can take your time. First, there are large lists published to the internet of those master codes you’re refering to, but more importantly…
A BIOS password is stored in volatile memory that is supported by the CMOS battery (Little watchbattery looking thing the size of a washer.) Remove the laptop battery, AC-adapter cord and then pen the laptop and remove the CMOS battery. Attempt to power it on a few times (Hold power button for 45seconds or so, repeat) This is usually enough to drain the residule charge from the capacitors and wipe the volatile memory. If that fails, do it again, and wait 24-48hours before putting any power back to the device.
(Comments wont nest below this level)Pretty much all motherboard manufacturers provide a jumper(towers) or dipswitch(laptops) for overriding/resetting a bios password.
Check out http://www.computerhope.com/issues/ch000235.htm
Well my anti-virus calls this a malware!
Well good for you! Go have a cookie…
Get a new AV engine or report the false-positive. Ophcrack isn’t a virus.
That’s right. With Ophcrack’s popularity and the complete absence of any reported problems, Occam’s Razor rules out the malware possibility.
Security companies just don’t like rainbow tables/brute force/… in their eyes this might be enough to label it malware.
(Comments wont nest below this level)I am curious about one thing. Other than cracking a password without showing it has been cracked, how is this better than clearing our th windows passwords with the many live CDs out there?
Clearing out the password tends to take a minute or so and allows you to just login. Is there any sort of data loss that doesn’t occur when the password is cracked?
No, clearing out the password has the same result. Except, of course, that the password is then gone.
Actually, I’m afraid you are incorrect on that account.
Ther is infact data loss that occurs when you clear or force a change upon a user password. Or rather data loss that *could occur* Your security encryption keys are linked to your name/password combination at the time the password is set using the proper creation tool. If you use a tool that forces a change on the password, it does not update the encrytion keys associated with your account, thus creating a loss of any files using the EFS (Encrypting File System) in windows.
The only way to recover said lost data is if you already had a backup-operator/recovery operator account created with saved copies of the encryption keys exported for later data recovery scenarios. While such is the suggested practice is large corporate scenarios, it’s rarely followed even there, none the less on a home user’s computer.
(Comments wont nest below this level)Hi,forgot or lost windows password? don’t worry.
1.log on a computer that is linked to internet.
2. Free download windows password unlocker from http://www.passwordunlocker.com/products/wpu.html
3.Burn the downloaded .ISO file onto a blank CD
4.Insert newly created CD into the locked computer and then reboot it
5.select the account you wanna reset the password.
Just above steps, your problem will be solved with great ease. many of my friends have used this method, which solved their puzzle
just wanna know if somebody out there could help me out bout my hostin password?
it didn’t work sometimes.
then my friend recommend another recovery tool to me.
http://www.resetwindowspassword.com/
and it work.
this is 100% legit. i have a live cd for vista and xp. its worth having just in case. just ignore the warnings from antivirus scanners. they dont want you to have a password crack tool, maybe because you can crack any laptop/desktop with this.
Latest Hacking Tools and Yahoo hacks only on http://dark-coderz.blogspot.com
Used it in Vista, it worked, password was easy though (12345)
If you don’t want to reformat your system, I think you have to make a rest disk or use some tool to do all the job for you. Such as Windows Password Recovery Tool 3.0. Burn a boot CD with the program, and insert it into the problem computer and your password will be reset to “Blank”.
Help!!! Please!!…..Hi all from a computer novice, please be gentle with me lol….I have just downloaded ophcracklive cd for vista, ii burned the cd and then ran it on the computer but somethings not quite right…….I’m ending up with the black screen, loads of stuff on there that i don’t understand but the last message says..”passwords have been saved in /tmp/ophcrack.txt. Does anyone have a clue what i’ve done wrong and how to put it right….pleeeeeeeeeeease, it’s driving me insane lol…Many thanks…Suzie.
someone steal my logout file on da hosting and it’s said da password was encrypted and should be opened using a password encrypter tool, anybody wanna help me out please..?