What is Digg?Sponsored by Dragon Age: Origins
Follow the Dragon Age: Origins development team on Twitter view!
twitter.com/DragonAge - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
82 Comments
- johnvm, on 10/12/2007, -1/+28Rainbowcrack is actually far faster - but requires the rainbow tables (which are very large and take a long time to produce) to actually crack the pw's. OPHCrack (this program) has support for rainbow tables, which is nice, and I'd imagine that it uses them moderately efficiently - perhaps even faster than rainbowcrack itself.
Nonetheless, I just wanted to point out that brute forcing PW's on the fly is not the fastest way to crack pw's. Employment of Philippe Oechslin's faster time-memory trade-off technique is currently the state of the art.
More information can be found here, at the RainbowCrack page: http://www.antsight.com/zsl/rainbowcrack/ - 2L84ME, on 10/12/2007, -2/+17"Good to have though incase you forget your password one time though."
That ol' excuse. - dapperdrake, on 10/12/2007, -0/+14I like the NSAcrack approach: get Microsoft to build a backdoor in for you.
- MyScreenname, on 10/12/2007, -2/+11I've been using this product for a while; i think its been on digg a few times but always cool if it catches a new eye each time....
- inactive, on 10/12/2007, -0/+8I should also add there's a registry tweak to disable LM hashes so windows will use the NT hash which is MUCH MUCH MUCH stronger and harder to crack.
Microsoft has a knowledge base article on what key to change (or change it through group policy in Active Directory) - http://support.microsoft.com/?kbid=299656 - VashTSPD, on 10/12/2007, -0/+8Responding to the comment below,
actually no, I've used this program for a long time, and if your password is fifteen characters or longer OPHcrack will not be able to recognize the password at all, this is because XP doesn't store a LAN-Manager hash for passwords over 14 characters, thanks to The Broken episode 3 for pointing that out :P - FCon4, on 10/12/2007, -3/+10Per TFA, it 2.2.
- HappyScrappy, on 10/12/2007, -0/+7ophcrack uses rainbow tables too. It's just a different program.
- TheG2, on 10/12/2007, -2/+8SysAdmins everywhere now have a new problem. Good to have though incase you forget your password one time though.
- ditoa, on 10/12/2007, -0/+6ERD Cmdr does not crack the password, it resets it. The problem with doing this is that for EFS you are screwed if you reset the password whereas with Ophcrack you can crack the password rather than reset it.
- inactive, on 10/12/2007, -1/+6I've used Rainbow crack to crack an entire dump of LM hashes from a domain controller with 120+ user accounts. It took about 45 minutes, and pegged them all. I think I only had to use about 10 gigs worth of rainbow tables. You do have to have admin account access to the domain controller to do the LM hash dump though.
Disclosure: I'm a sysadmin who was doing a user account password audit to recommend new password-strength requirements. - ditoa, on 10/12/2007, -0/+5Providing your password is over 14 characters (a good passphrase will be) Ophcrack will take a long time to crack it, in most cases longer than someone can get access to a system without the owner knowing about it (e.g a few days). It is great for
- Phaedruss, on 10/12/2007, -1/+6Ophcrack uses rainbow tables - http://en.wikipedia.org/wiki/Rainbow_tables
There's a general purpose project for generating rainbow tables with support for lm (windows), md5, and sha1 - http://www.antsight.com/zsl/rainbowcrack/
Now, generating effective tables for md5 and sha1 would take a single computer several months, so it's not for your casual password cracker. (Windows passwords are much easier though) - cybercat, on 10/12/2007, -0/+5I've used the boot cd of this several times, and it works quite well.
It was able to decrypt a simple password in about 2 minutes and complex 14 char password in about 10 minutes. It was unable to decrypt a 17 char complex password. It takes about 25 minutes to go through the whole rainbow table off cd on a 1Ghz machine.
Another solution I've used a lot is www.loginrecovery.net. They have a nice little program you put on a floppy, boot on the machine you want to recover passwords for, then upload the txt file from the floppy to their website. It takes about 1 minute for them to recover the password, but they make you wait 48 hours if you just use the free version.
In my experience, the best way to defeat programs like this is to use at least 18 char passwords, containing upper and lowercase letters, symbols and numbers. - pcronin, on 10/12/2007, -0/+4At work when someone uses a non-standard admin pass, or it was one of the old ones that no one remembers, we use that other boot cd (link escapes me now) to just blank the admin pass, then log in and set it to our standard.
From an admin/sercurity POV, if it's your machine, why 'recover' when a reset takes about a minute? The only reason you 'need' to recover without reseting is if you don't want the owner of the box to know you were there. - VashTSPD, on 10/12/2007, -0/+4or if you encrypt some data with the Windows Encryption File System (EFS), if you reset the password, you can't access any of the EFS files.
- john608, on 10/12/2007, -0/+4Yep. I have used the bootable commandline on a floppy version of this for a while - a total life saver. I have been in a jam so many times where a customer forgot the password, and was able to reset without a hitch.
- julielacombe, on 10/12/2007, -0/+4While browsing the link that feanor512 provided, I stumbled upon this nice OphCrack howto.
Cracking your Windows SAM Database in Seconds with Ophcrack 2
http://geeksaresexy.blogspot.com/2006/04/cracking-your-windows-sam-database-in.html - HappyScrappy, on 10/12/2007, -0/+4Note that if you turn off the LMHASH passwords in your Windows (as I have), then this program can't crack your passwords (as I just found out). When I first read the link, it didn't mention LMHASH, so I figured it was cracking NTHASH passwords, which it isn't.
http://support.microsoft.com/?kbid=299656 - peterw99, on 10/12/2007, -0/+3hmm. I tried this. seemed to load ok, got an ophcrack boot promt, then it continued to load. lots of device loading messages. lots of CD activity. then my monitor just shuts off because there is no input. wth? even while CD is still active. I have a pretty common vid card (geforce4). anyone have a clue what is wrong? list of boot options somewhere to tell it to do osmething specific (like crack the hashes it finds) on load?
- rmccs0x, on 10/12/2007, -0/+3i still have no idea what a rainbow table is, but i've used this program many times and love it.
- dhughes, on 10/12/2007, -0/+3 I've used Ophcrack and it worked except on a 64-bit system I tried, it would just hang, I didn't try it again I didn't have time and it wasn't my system.
- clickwir, on 10/12/2007, -1/+4***** the torrent. They have a dozen different sites to download it from
- rushfan, on 10/12/2007, -5/+8This is actually useful because people have messed with my windows passwords in the past. Fortunately I'm on linux right now anyhow, but I do require windows access from time to time.
- rockdave, on 10/12/2007, -0/+3Yeah... this is pretty old, but still very cool. For password cracking on-the-fly, install OphCrack on the target computer without downloading the rainbow tables. Run the utility and save the .oph file. It will be full of password hashes (not cracked), which you could just crack using their website http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
This eliminates the need to boot up Ubuntu, and is extremely useful if you have only a few minutes to get a password or two. I love to keep the OphCrack installer on my pen drive. Hehe... I got my school's admin in less than two minutes :)
Great tool. - porsche922, on 10/12/2007, -0/+3does any one know which "alt num" characters are valid in passwords in windows ?
- Flex, on 10/12/2007, -0/+3Ha! Yeah,"just asking."
- CoolWind, on 10/12/2007, -0/+3I've learned a few things about passwords from this discussion.
But if somebody boots into a different operating system from a CD, or if they put your hard drive in another computer, your Windows password is useless.
So you'd better encrypt any sensitive data. - muffinmanpoo, on 10/12/2007, -0/+2I use pwdump. ( http://www.foofus.net/fizzgig/pwdump/ )
- Ithaycu, on 10/12/2007, -0/+2You have misunderstood what this process does. It does not use a brute force login technique, it copies the sam database and then cracks the hash created and stored there when the admin set the password.
Cheers,
Ithaycu - DS513, on 10/12/2007, -0/+2The previous version of Ophcrack was featured on Digg before, but I dugg it again because it's such an awesome utility that really works well. If you haven't seen it before, be sure to check it out.
- bflfab, on 10/12/2007, -0/+2From Phaedruss' link above you can go create your own charset: http://www.antsight.com/zsl/rainbowcrack/
- VashTSPD, on 10/12/2007, -1/+3you only need a 15 character pasword for a windows login, after 14 characters it only stores the password as an NT-Hash and not the lm hash which is much, MUCH stronger.
- ASoggyWaffle, on 10/12/2007, -1/+3does anyone know of a program that will just dump the hashes into a textfile without an installer or anything?
- MateyO, on 10/12/2007, -0/+2@ditoa. Not necessarily. If your domain is in LANMAN compatibility mode, that 14 character password is UPPCASE converted and split into two 7 character passwords...and anything between 8 and 14 charaters is space padded.
We cracked a third of our passwords in less time than would register on the app with a good dictonary and a copy of the SAM. - ramsinks.com, on 10/12/2007, -0/+2Well sure, but nobody does.
Even if they did, it' time for "NTpassword'.
;) - inactive, on 10/12/2007, -1/+3For anyone who is interested, "windows password recovery" and "ntfs password recovery" are two of the most expensive search keywords with Google's Adwords program *and* Yahoo's Overture sales.
Do a search for this topic and you'll see dozens of for-sale applications as well as horrendously expensive services to find a windows password. Most of the time something goes wrong and people panic is at a business on a machine with important documents, and they'll pay absurd abouts of money, RIGHT NOW, with a credit card, to get it fixed.
Windows passwords and NTFS recovery are also one of the highest targets for the SEO crowd who attempt to game google to get high ranking on the organic search results.
Here's a hint- now that you guys have this free program, why dont you start selling your services to people who aren't bright enough to figure it out on their own? It's basically printing money.
BTW- mesothelioma (asbestos lung cancer), divorce lawer and malpractice round up the priciest keywords. - ASoggyWaffle, on 10/12/2007, -0/+2this is a nice program cause the live CD leaves no evidence hehehe
however it would be nice if it would do a dictionary and hybrid attack first, they take so little time and often find the passwords, another thing that would be cool is an ISO with a better rainbow table that you could burn to a bootable dvd - PhiL666, on 10/12/2007, -0/+2i already have slax iso ... is there anyway to get just the module ?
- SuperFarStucker, on 10/12/2007, -0/+2All this rainbow table nonsense is easily circumvented by adding a system-wide 10 character unicode salt to password hashes. Even the shortest passwords (6 - 7 chars) will take an eternity to crack then.
- pcronin, on 10/12/2007, -0/+2encryption? bah.. if that gets turned on, it's by accident around here :P
besides, I wasn't refering to users (who's data is on the server in our case) but to the admin passwords... - feanor512, on 10/12/2007, -0/+2Just make your password longer than 14 characters.
http://geeksaresexy.blogspot.com/2006/05/preventing-xp-from-storing-lm-hash-of.html - ramsinks.com, on 10/12/2007, -0/+2Yap, Slax based.
Love it, I use it sometimes instead of calling clients.
;)
It's standard rainbow, BF. - DonPMitchell, on 10/12/2007, -0/+1The problem is the old-fashion LM hashing scheme. The modern scheme is not vulnerable, but the old LM hash is still stored for backward compatability reasons. Dumb.
If you are sure your administrator will never need to crack lost passwords, you can close this hole on the domain controller and local machines thus
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Set the nolmhash value to 0x1 - mavsman78, on 10/12/2007, -0/+1My laptop this week didn't have the option to log into a domain, which was my main account, and I couldn't figure out what the administrator password was. I used the Offline NT Password & Registry Editor and I was able to reset and blank the Administrator password. It uses a linux boot disk that fits on a floppy. Check out an old digg here: http://digg.com/security/Offline_NT_Password_Registry_Editor
- ve39, on 10/12/2007, -0/+1How do i make this work:
I boot of Ophcrack Live CD and all I get is blank window of "Launch.sh;bash" and a toolbar
(sorry was in a rush when posted above) - inactive, on 10/12/2007, -0/+1@ benjaminrayburn
I used MS's registry tweak to disable storage of the LM hash on my laptop, and I think the password hash was re-generated using NT hash. I didn't have to change anything, it just worked. - rockdave, on 10/12/2007, -0/+1In theory, yes... you'll get a list of all the user names, so you'll need to guess which one is the admin username.
- ve39, on 10/12/2007, -0/+1How do i make this work:
I boot for Ophcrack Live CD and all I get is black "Launch.sh;bash" window open -
Show 51 - 84 of 84 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is