What is Digg?Sponsored by Sony Pictures
Do you believe the 2012 Mayan Prophecy? view!
whowillsurvive2012.com - The Mayan Calendar predicts the end of time: 2012. See the trailer for 2012, opening November 13.
67 Comments
- moosethumbs, on 10/12/2007, -2/+19Educational purposes, of course.
- inactive, on 10/12/2007, -4/+15If you replace the password, then the user knows something is wrong. If you crack it, you can long in as them without anyone knowing.
- inactive, on 10/12/2007, -1/+9Yes, let's ban knives because there are so many malicious ways of using them. The fact that it helps people better eat is only one reason and thus it is completely invalid.
Wake up, all tools can be used for good or bad. Choose your own adventure. - inactive, on 10/12/2007, -3/+9Sweet. You've written a password cracker then? Can we have a look?
- inactive, on 10/12/2007, -0/+6Gee what a surprise, a virus scanner detects a password cracker as..a password cracker.
At least we know their dat files are accurate. - AmZa, on 10/12/2007, -0/+5salt that hash before you toke it, so that the colours of the rainbow don't trip you out
- teh_toaster, on 10/12/2007, -0/+5Down for me, but the coral works: http://www.darknet.org.uk.nyud.net:8080/2006/03/ophcrack-22-password-cracker-released/
Download the files here: http://sourceforge.net/projects/ophcrack - vertigoblue, on 10/12/2007, -0/+5the live cd is awesome!
- paulsmerdon, on 10/12/2007, -1/+5Also, by replacing the password you can't view EFS protected files.
- dennbruce, on 10/12/2007, -1/+5I've used rainbow tables in the past and they are EXTREMELY fast compared with trying to brute force a password. The only downside is the disk space used for the tables themselves. Check out http://rainbowtables.shmoo.com/ for a nice collection of rainbow tables.
- pcgeek101, on 10/12/2007, -0/+3Anyone know where else to get rainbow tables other than shmoo? Rainbowcrack.com has tables, but you have to compute tables and submit them to gain access (I did one). I ran my first query today, but haven't gotten an e-mail yet ... not sure how long it'll take. It would be really nice if something like Ophcrack allowed you to query tables online where someone hosted them for free :)
- Writher, on 10/12/2007, -0/+3He might be referring to Active Directory cached credentials. But I don't think that it is correct regarding that.
- quadvods, on 10/12/2007, -0/+3That link I posted above is down.. here is the list of mirrors. Better luck this time...
http://prdownloads.sourceforge.net/ophcrack/ophcrack-livecd-1.0.iso?download - Jams, on 10/12/2007, -0/+3I thought this was an old thing?
Yeah, rainbow tables use up lots of space, but some poeple host em on the iterweb for remote querying. Thus freeing up your own hdd :)
Now if the encrytion used a salt that would render rainbow tables nearly useless.
PS. Did you know that for security reasons Windows XP only caches half of your password locally? - Bob_Oliver, on 10/12/2007, -0/+3Backtrack from remote-exploit.org is an awsome auditing tool. I like it better than STD.
- Xalorous, on 10/12/2007, -0/+2yeah, you must be running a cluster or a supercomputer or some such
- inactive, on 10/12/2007, -1/+3BFD. If you can do a samdump on a DC, you can crack an entire Active Directory list worth of passwords. I did it at my job just recently. It recovered about 95% of them in 2-3 hours.
- thepxc, on 10/11/2007, -0/+2If they physically see you at the computer, yes. But if you copy/dump the SAM and SYSTEM files and do it at home, no. This is brute-force, but it doesn't actually try every login. The tables they are referring to are the hashes (encrypted versions) of all possible combinations of passwords of a certain length. The tables have the hashes (what are stored in the SAM file) and what makes those hashes. What they do is they take the hashes from the SAM file, and try everything/check everything in the table to see what hash matches. If the hashes match, then the passwords that _make_ them match.
- jasqwerty, on 10/12/2007, -0/+2LAWL @ people too ***** stupid to realize how rainbow tables work.
I'm assuming I have the rainbow tables already, so searching it should be a joke, thus the less than 1 second crack time, and if it's a rainbow table, why DOESN"T it have 100% of the combinations possible? Are you assuming that your processor ***** up during the table generation?
~200 Billion password combinations fit on a 1.5 Terabyte array for a given algo, which although it is a high space requirement for 1 project you might have, isn't unheard of. - Bhima, on 10/12/2007, -0/+2What got my attention is the claim that these are more "compact" than the rainbow tables.
I wonder how they did it and how they took advantage of it... - Daem0nX, on 10/12/2007, -0/+2I was talking to a friend about this a few hours ago and was wondering when the next update would be, how convenient :)
-->ajitsmannan - Why? Why not? I use it to make sure my windows password is at least semi secure. The last LiveCD was only able to obtain 50% of my newest password. Plus it can be very useful in retrieving lost/forgotten passwords for friends/family. - longman2g, on 10/12/2007, -3/+5that "slew" of 2 reasons withstanding, there are far, far more numbers of devious purposes for a password cracker. You can all think of them, so I won't list them here. I can use a vial with Ebola virus in it as a paperweight, or think it looks pretty, but I can't just give it to anyone because of all the possible ways it can be misused. Giving it to a lab at a university for work on a vaccine (I dont know if one has already been created or not, or if it could even be prevented by vaccine) would be a proper usage of it; giving it to some guy because he says he wants it is not.
- Jams, on 10/12/2007, -0/+2As for it being correct, I only posted it because i was reading about it in a Microsoft book this morning. Sure it's on the net someplace.
- Jams, on 10/12/2007, -0/+1hehe I will remember that one.
- tjpeople, on 10/12/2007, -0/+1where is the rest of it? excusse my lack of knowledge, but by locally you mean on the pc itself, right?, where else would it be stored?
- schrags, on 10/12/2007, -0/+1I just use rcrack. I personally think its better.
- Jams, on 10/12/2007, -0/+1@tjpeopleI
Correct
(I forgot to add that I was on about locally cached domain passwords) The reason for this is that if someone cracks the password they will only obtain half of it; thus they will be unable to log into the domain.
Standard local accounts store the whole password. - bballguy2757, on 10/12/2007, -1/+2I think i just got a trojan and a some adware from this since this is the only thing I installed in the past few days. Anybody else have that problem?
- pebar57, on 10/12/2007, -1/+2mrtick is right about if someone leaves a company. A lantech at my school got fired and changed the passwords before he left, he is being an ass and won't tell us them. I had to crack it.
- Johnny1337h4x0r, on 10/12/2007, -0/+1I just tried it out and all i get is /EMPTY/ undernieth LMpasswd1 for all of my logins. Could someone tell me what I need to do to make this work.
- mrtrick, on 10/12/2007, -3/+4Let's see....
Admin leaves a company and takes a password with them?
Service Account password lost, painful to reset?
That's a slew of reasons to _legitimately_ use a password cracker. - tjpeople, on 10/12/2007, -0/+1ive booted the cd and it says it pre loading tables, and is on number 2? and taking ages, how many table are there? anyone know, thanks.
- sneakerelph, on 10/12/2007, -0/+1haha, that was a good 'un
- podgey22, on 10/12/2007, -0/+1Because this is not about replacing the system password. This is about actually cracking the password in a drastically lower amount of time than generating all the hashes on the fly.
You might as well have said: "You could make sandwiches and eat them on the beach" and that probably would have been more relevant. - CoolWind, on 10/12/2007, -0/+1Thanks for that very important tip.
- inactive, on 10/12/2007, -1/+2Lesson learnt - i hacked my own password in 10 secs (a 12 digit alphanumeric num).
The 'even if they see it they wouldn't be able to remember it' logic is over now in my mind!
Maybe i was just being slow. Thanks for the heads up! - ShaolinTiger, on 10/12/2007, -1/+2That's only true without table generation, it can crack LM hashes fast without any precomputed tables due to a flaw in the implementation of the hashing scheme..
But for other hashes like NT hash or md5, with the correct tables they can also be cracked within seconds (salting the has adds some problems...but you can always generate tables for all salts..if you have the disk space, which is cheap now). - dodd, on 10/12/2007, -2/+3"It recovers 99.9% of alphanumeric passwords in seconds." No it dosn't. It recovers 99.9% of alphanumeric passwords in seconds IF you use LM Hash ( http://en.wikipedia.org/wiki/LM_hash ). But if you Windows machine is configurated correctly ( no LM hash ), your passwords can't be cracked that easy. So this program can be used only against very old Windows system (Me or older) or on misconfigurated one. So what's big deal?
- thepxc, on 10/11/2007, -0/+1If your passwords aren't found in the hash table (empty or more than 14 characters), that's what it tells you.
- inactive, on 10/12/2007, -0/+1when first booting and you get to a screen that says press enter to install(if you dont press enter it will install anyway and so you may pass this screen quick)
Type in slax noagp
you will come to a dos login prompt
login
run the vga hardware detection
then run startx
I had the smae problem on a few of my comps, this is how i got it to work. - jasqwerty, on 10/12/2007, -0/+1Well, there is something called SYSKEY, but it's saved on the HD in most cases, so it isn't hard to remove. As would any salting implementation, since it would need to saved somewhere.
- Phazed, on 10/12/2007, -4/+4ummmm i can only think of 2 reasons for a password cracker.....
1. To get a password for malicious purposes
2. To get a password for non-malicious purposes - omgitsmit, on 10/12/2007, -1/+1I use Austrumi v.0.9.2 to change passwords on NTFS partitions.
http://sourceforge.net/projects/austrumi
But it doesnt always work out. I'll have to try the live cd out.
Dugg for good info. - JustMatt, on 10/12/2007, -2/+2Just in case anyone else is having problems with the sourceforge downloads, here is the mirror site to the Live CD.
http://prdownloads.sourceforge.net/ophcrack/ophcrack-livecd-1.0.iso?download - kernelhappy, on 10/12/2007, -1/+1I was all ready to crack the password on a orphaned XP machine when I discovered Password Renew, for a non-secured system (as most systems where users get locked out are) this little utility just changes the password or inserts a new user on the target machine. I found it when I discovered the Windows Ultimate boot CD a while back. I only put this out there for anyone that stumbles across this thread trying to get back into a machine with a lost password.
I'm still looking for a decent, free utility, without spyware, to extract or remove the password protection from word and excel files. Preferably one that doesn't rely on brute force alone.
Since where on the subject of - scrambled, on 10/12/2007, -1/+1Guys, can't site administrators like... notice if you're brute forcing/whatever this is?
- Jnetty99, on 10/12/2007, -0/+0Same here, I got the Live CD, burn it and boot it from it. It took about 25 minutes to go through each table and it didnt find the password to one my admin accounts on Windows XP.
Anyone get it to work? - linky1124, on 08/24/2009, -0/+0it didn't work sometimes.
at that case,you should try http://www.resetwindowspassword.com/
you see,it is the recommendation of http://pcsupport.about.com/od/toolsofthetrade/tp/p ... - Imagine3, on 10/12/2007, -1/+1When I try to install this it gives me the option to copy the tables from a CD or download them. If I download them, will I be able to copy everything onto a CD/DVD to use at a later time?
-
Show 51 - 68 of 68 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is