When Windows stores a password, it is done so by hashing the password in an LM hash and putting it in the Windows SAM file. In the scary moment that you lose your password, but don't want to pay some geek to have full root access to your computer, you need to recover it using Ophcrack. Ophcrack doesn't remove the password, or bypass it, it cracks the password hash using rainbow tables.
Ophcrack is favored to be used on a live CD medium. Windows has a security measure in place that disallows all access to the SAM file when the system is in use. To combat this, the partition and Windows file system must be mounted using a operating system that can load and run itself from memory. This prevents the Windows system from loading, and allows the SAM file to be read from.
In today's Null Byte, we are going to burn the Ophcrack medium to a disc, and run its tables against our Windows password to assess their strength.
Requirements
- A Windows installation on your hard drive
- A blank CD
Step 1 Burn Ophcrack to a Disc
We need to burn our tool to a CD so we can boot from it and crack our SAM file.
- First, let's install some easy-to-use, free software to burn our ISO.
Download Free ISO Burner. - Download the Ophcrack ISO that corresponds to your OS.
- Open up Free ISO Burner and select the Ophcrack ISO file. Here is an example image from the website:
- Check off Finalize Disc.
- Set the burn speed to as low as you can. The slower the burn, the higher the quality it is. It also helps reduce turning CDs into a coffee coaster due to incorrectly burning the image.
- Click "Brun" (program typo).
Step 2 Boot from Ophcrack
- Throw the disc in your disc tray.
- Reboot your computer.
- Hit the button to get into the setup menu during boot time (variable f* key).
- Boot from the CD first.
- The software should have a popup window that runs the rainbow tables against your SAM file.
I'm not sure how large Ophcrack tables are, but some people swear it has a greater than 90% success rate. I doubt it would on mine, with my ridiculous passwords.
Please, come by the IRC and talk with me and other crew members! You can follow me on Twitter and G+ to get Null Byte's latest updates.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
6 Comments
I cant remember the table "speccs" right now, but they can crack a lot. I think you can download extra tables for larger and more advanced passwords though.
I've used Ophcrack about ~7 times, and it has successfully cracked every password except my last try so I ended up having to reformat the computer.
My sister in law whom is 10 years old cant remember her password :/
Hehe, that's when you just KonBoot :D.
Hehe true :)
why so dificult, when starting up your pc press F4 for save mode, then you can choose a new password.
you don't need the old one.
Because, most users have the default admin account disabled. Also, it is because we want to KNOW the password, not just get rid of it, or get access to the computer. Think outside the box, buddy :).
we can reset windows password with the third software.http://www.resetwindowspassword.com/recover-windows-7-password.html
Share Your Thoughts