Ophcrack: Password cracking made easy

These more complicated passwords are considered "strong" because they take a longer time to crack than shorter, easier-to-guess passwords. But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.

Thinking of it another way, someone else has already generated the password hashes for millions of potential passwords using the same algorithm as Windows XP and Vista. Ophcrack simply loads the megabytes of hashes it already has and compares the password hash in Windows against its giant database. When it finds a match, Ophcrack reveals the password in plain text.

For more information: Discover how a keyring works in conjuction with passphrases to keep personal messages secure. In this Q&A, Joel Dubin unveils the best practices for protecting a router security password from compromise. Learn best practices and tools for ensuring password compliance.

Ophcrack works on LAN Manager (LM) and NT LAN Manager (NTLM) hashes, and has rainbow tables available for cracking Windows XP and Windows Vista passwords. It comes with a slick GUI and runs on Windows, Linux/Unix, Mac OS X, or from a bootable LiveCD. Ophcrack has the ability to obtain password hashes from the Security Accounts Manager (SAM), the registry database that Windows uses to store protected user passwords.

Ophcrack is not malware and has its legitimate uses. For instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.

However, one of the tools Ophcrack uses to access the SAM is pwdump, which many virus scanners will flag and quarantine as malware during installation because of its ability to create surreptitious remote connections used for spiriting out data. Ophcrack requires pwdump in order to dump the hashes in the SAM, so its association with pwdump may present some ethical hackers with an uncomfortable level of risk.

About the author:
Scott Sidel is an ISSO with Lockheed Martin. For more recommendations from the author, check out Scott Sidel's Downloads.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Scott Sidel's Downloads Nipper audits routers, reveals insecure settings Enigmail: Wrapping email in a digital security blanket Secure file copying with WinSCP FreeRADIUS: Acing a secure connection Spiceworks: Free network monitoring and management with a little zest VirusTotal: On-demand antivirus service scans malicious files Shining a spotlight on rootkits Closing the case on network firewall security with IPCop Eliminating the threat of spam email attacks ClamAV clamps down on e-mail security Open Source Security Tools Screencast: How to use Nipper to create network security reports Sun launches open source OpenSSO for identity management What reporting tools are available for an enterprise IDS? Screencasts: On-screen demonstrations of today's IT tools Positive changes coming to ModSecurity Analysis tool uses Intel virtualization to hide from malware Can IBM's SMash technology secure Web applications? Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities What are best practices for creating an IDS and maintaining a signature database? How to install and configure Nessus Password Cracking Bluetooth 2.1 is easy to crack Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM) What tools can a hacker use to crack a laptop password? Is encryption only as good as an organization's password management and access control policies? What are the risks associated with RIM's line of PDAs? Security360: Identity management market How to prevent hackers from accessing your router security password Complex password compliance requirements made simple Firefox, IE flaw could expose passwords Adding 'fudge' to your passwords RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Back Orifice  (SearchSecurity.com) Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) Snort  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.