What is Digg?99 Comments
- LimitedReality, on 10/12/2007, -1/+73Yes it does work as said, I recommend this to clients who forget their passwords just because its so easy for them to use (just have to tell them how to boot from cd). It's been around for awhile so I'm not sure why it's front page worthy... but I won't be THAT guy :)
- inactive, on 10/12/2007, -5/+64Does your mom know you're on the internet attempting to have a conversation with adults?
- SuperSloth, on 10/12/2007, -3/+46It works, but generally I prefer http://home.eunet.no/pnordahl/ntpasswd/. Just blank the Admin password. Then you're in. The only time you should ever need to recover the actual password is if the user has encrypted files and no key backup.
- inactive, on 10/12/2007, -4/+33http://www.*****.com/ :)
- julielacombe, on 10/12/2007, -0/+27That's an awesome tool.. I tried it out of curiosity on my box a few months ago, and it worked beatifully. Please note that Ophcrack can only crack your passwords if they are:
A- Stored using the LMHash presentation in your SAM Database (won't work with NTHash)
B- If your password is shorter then 15 Characters. (15 Chars + will be automatically stored using NTHash).
If you want to force Windows to use NTHash, even with password shorter then 15 Chars, you can follow the directions here:
Preventing XP from Storing an LM Hash of your Password in the SAM Database http://geeksaresexy.blogspot.com/2006/05/preventing-xp-from-storing-lm-hash-of.html
Also, here's a quick tutorial about how to use Ophcrack:
Cracking your Windows SAM Database in Seconds with Ophcrack 2
http://geeksaresexy.blogspot.com/2006/04/cracking-your-windows-sam-database-in.html - klawz, on 10/12/2007, -1/+27I got cut off I was going to say it works for non-complex passwords that contain a-z,0-9,A-Z but if you have a more complex password such as [1${49ce*nts}@l0^e!=h@t| you'll need to download the huge rainbow tables and let it work from those 20+ dvds. Simple passwords a-z A-Z 0-9 - it works like a charm.
- ArmandoM, on 10/12/2007, -4/+28I have a feeling it will work on something lots of people normally use, like Windows. That's why it's called a Windows Password Cracker, not an AIM password cracker.
- heffae, on 10/12/2007, -1/+19Comon guys don't be an ass
LM hash is a format that windows stores user passwords in. It has several known security vulnerabilities and was replaced by the much stronger NTLM Hash.
Even though NTLM Hash is a much more secure implementation All current versions of windows (don't know if this is true with Vista or Server 2003R2) still compute and store the LM hash for backwards compatibility with the 9x versions of windows.
SAM is the database that windows stores the passwords in.
I left a lot of stuff out so don't forget Google is your friend - Neoanarchist, on 10/12/2007, -0/+17For those too lazy to visit Microshaft's page.
Type this into a text file then save it as "All Files" and type "NoLMHash.reg" as the file name:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"nolmhash"=dword:00000001
After saving the file, double click it and it will ask if you want to save the information to the registry. Hit yes, then reboot and change your password to put this into effect.
This will automatically set your windows XP machine to not store an LM Hash of your password in the SAM Database. - Terc, on 10/12/2007, -3/+19stop downloading warez
- xtmno3, on 10/12/2007, -25/+40Has anyone tested it themselves? Does the liveCD work as they state it does?
- Neoanarchist, on 10/12/2007, -0/+14@dagamer
That still wouldn't matter. The software he linked to will blank out/change any password no matter how secure or how many times they changed it. But it is true that cracking the password, as opposed to actually changing it, is more discrete. - chayak, on 10/12/2007, -1/+13This isn't new, rainbow tables have been around and yes it does work quite well though the larger the hash tables the better. The most common set I've used in audits is in the 5 gig range.
- mikesbaker, on 10/12/2007, -1/+121)hit Del on the first screen and enter BIOS
2)change the boot order to boot from CD first
3)put CD in drive and save and exit BIOS
if thats not simple enough you need to read the manual to your motherboard and then computers for dummies or something like that - spunquik, on 10/12/2007, -0/+11Yes I've used the Ophcrack live CD. Works on Windows XP Home, its a little trickier with XP Pro.
Took only 16 min. to crack my user/pass. - TomKarpik, on 10/12/2007, -2/+13ZaNkY: No.
You're making too many assumptions that will greatly change the outcome of what you think his password may be. - spooq, on 10/12/2007, -2/+12And you're going to get to a login prompt on his computer how?
- bightchee, on 10/12/2007, -0/+9I have used the LiveCD and it works.
- ZaNkY, on 10/12/2007, -1/+10I didn't know that Ophcrack had a live cd! Downloading :)
The only problem I have with Rainbow tables is the Speed/Space trade off. With Rainbow tables you get a HUGE increase in speed, but at the cost of space. The biggest tables that I keep locally on my HD are about 600 megs, they crack the simple stuff quickly. For anything more complex I use online databases such as:
Cost:
Rainbowcrackonline.com
Free:
Rainbowcrack.com
Plain-Text.info
... - x3nos, on 10/12/2007, -0/+7Yeah salt in the crack is bad . . . .
- grinin, on 10/12/2007, -0/+7Rather than cracking the password, I find it is much easier to clear the password using the ultimate boot CD and replacing the SAM entirely with a blank admin password.
My school issued laptops to CIS students and they gave us barely enough permission to use the damn thing. We had to go to the helpdesk (where I was working while in school) in order to have them install any application we needed them to install.
I asked my supervisors if I could grant myself more permissions and they said "Yeah ok... if you can do that, go for it"
So I did... Apparently working for a school is like working for government.
Back to the topic however. I have used 0phcrack, and it was not as quick as I was expecting, but then again my password wasn't "redfish" or "dolphin" or something like that... - droversoul, on 10/12/2007, -5/+11Who cares, this is the first time I've heard of it. I'm sure that goes for a lot of people. Get off your high horse.
- AnteChronos, on 10/12/2007, -0/+6@stoppedcode12
"Bad idea, what about windows encrypted files? They will be forever lost!"
That's why proxybot767 said, "If the user just forgot their password and did not have any encrypted files...." - BenDuncan, on 10/12/2007, -0/+5Hak.5 have done rainbow tables. they did 120Gigs of them download them here
http://silivrenion.com/rainbowtables/hak5_rtables_lm_all_1-7.torrent
Original forum post
http://hak5.org/forums/viewtopic.php?t=4320&highlight=rainbow - clickwir, on 10/12/2007, -0/+5who the hell are you talking to?
This does use rainbow tables. - Dathker, on 10/12/2007, -1/+6Welcome to microsoft.
- mikesbaker, on 10/12/2007, -1/+6people posting on digg shoud learn to read the rest of the thread before posting so they don't say something that other people have already said.
- AnteChronos, on 10/12/2007, -3/+8This, my friends, is why you should always salt your hashes: http://en.wikipedia.org/wiki/Salt_(cryptography) This makes pre-computed hash lookup tables useless, since you'd have to create a separate rainbow table for every possible salt value.
- MyBigRed, on 10/12/2007, -1/+6That's like installing a solid metal door to keep the thieves out, but then leaving your window wide open all the time so your boyfriend can still get in...
- inactive, on 10/12/2007, -0/+5I uses this tool all the time. i remember timing it once on the password "Fgpyyih804423" and it only took 211 seconds. its a good tool.
- minideezel, on 10/12/2007, -0/+4you know some people don't see every single article that makes the Digg homepage, i for instance had never heard of this before and am very glad that it made the home page because i was just needing this for this computer we just got for cheap had a admin password and no other accounts,
also there is 2658 people who haven't heard of this program, so will everyone please stop with the "dupe" comments - dagamer34, on 10/12/2007, -6/+10@SuperSloth
If you are hacking into someone's computer, the last thing you need them to know is that someone 1) gained access to their computer 2) probably took important documents from their computer 3) was knowledgeable enough to blank their password.
They'd instantly change their password to something much more secure. - rainrunner87, on 10/12/2007, -1/+5Funny. Foolish, but funny.
- venom8599, on 10/12/2007, -0/+4@ScornForSega
Unless you're using the built-in EFS in XP to encrypt files. If you are and you blank the password, then you also lose access to the encrypted files. - proxybot767, on 10/12/2007, -1/+5The drawback to the way is that you need to have a large set of tables. The last set of tables of LMhash was 90Gb. If the user just forgot their password and did not have any encrypted files then I would use the ultimate boot cd. This has an program that will rewrite the LMhash. If you forgot your passwords on your IM accounts because you just have them saved the you should look at Cain&Abel. Cain&Abel also will use the tables to recover lost passwords from your computer.
- Rorrim, on 10/12/2007, -1/+4acceptab1euname: that is retarded. ppl have to learn somehow.
"Asking will make you look stupid for 5 minutes, not finding out will be stupid forever..." or some quote along those lines that I can't remember at all. - RyeBrye, on 10/12/2007, -1/+4To use the "16 minutes" value to do any kind of estimation... you would have to also know what his internal "BS" factor is... Chances are his computer is slow and it actually took 35 minutes... but to make it sound better he said "16 minutes"
Based on this comment, however, I'm going to look at the rainbow table and work backwards so my passwords will always be the very first one tried by this program to save a future cracker from having to work too hard... ;) - HappyScrappy, on 10/12/2007, -0/+3I've used the disc to test my own machine. It doesn't work on my machine because I turned off the LAN Manager hash for passwords, like any smart person would do.
If you do that, no one can nail you this way.
http://support.microsoft.com/kb/299656
It's turned off in Vista by default. - x3nos, on 10/12/2007, -0/+2load PHLAK
mount the ntfs vol
chntpasswd
reboot
done - rustedrazor, on 10/12/2007, -0/+2Ah, i love the live-cd.
I work as an IT-techie, and this is useful every time our users ***** up their admin-password, forget their own password, and call us for help to log in.
As mentioned it doesn't take passwords with symbols too good, but simple minds make simple passwords, luckily.
I've had some trouble getting this to work on XP Home for some odd reason - anybody else had this problem? - johnstar, on 10/12/2007, -0/+2I work at a computer shop and charge a 30 bucks to "recover windows passwords" takes about 2-10 minuets of work (that the computer is doing)
- Altotus, on 10/12/2007, -0/+2This isn't so useful for the case you mention. You can simply create a boot CD that runs ntpasswd to blank the admin's password, reboot, and you're admin.
This is specifically useful for recovering a password in certain circumstances (incidentally, there are cracks to NTLM passwords too), while retaining it intact. It's far easier an quicker to simply remove or replace the password altogether if you simply want access. - ashukg, on 10/12/2007, -5/+7Ha! I have a faster Password Cracker! Check it out here: http://en.wikipedia.org/wiki/Image:Colt_SAA45.jpg
- jasonwc, on 10/12/2007, -0/+2If you don't feel like downloading huge rainbow tables you can test out the demo here: http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
The demo runs on a remote server with a 1.1 GB rainbow table. Just enter in some random text in the password box, copy the MD5 hash to the hash section, and click submit hash- or you can enter an MD5 hash of your own. In a few seconds, it should tell you the password you entered. - rainrunner87, on 10/12/2007, -4/+6No, it's Windows XP. Unlike you, we don't make foolish assumptions that everyone's using archaic operating systems.
Baka. - Avian00, on 10/12/2007, -3/+5Why are people modding down xtmno3's question? It seems valid to me.
- Johnpaine, on 10/12/2007, -0/+1everyone should know about this.... but dugg cause it may be of use to people who don't.
- rustedrazor, on 10/12/2007, -0/+1@mancat
Well, all the users are administrators on their own machines, but not on the network.
We use Novell, so the windows-rights can be as admin as they want and still get nowhere.
The administrator-account is usually protected with a password only known by the IT-dept., but on odd occations they are not.
Usually when they ***** up we just use norton ghost on the machine, but sometimes password recovery is needed. - mancat, on 10/12/2007, -1/+2Why do your *users* know the *administrator* password?
- x3nos, on 10/12/2007, -0/+1dont say it so loud and hey psst - you could charge more :D
-
Show 51 - 99 of 99 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is 