Ophcrack

Last updated
Ophcrack
Developer(s) Cedric Tissieres
Philippe Oechslin
Objectif Sécurité
Stable release
3.8.0 / March 6, 2018;6 years ago (2018-03-06)
Repository
Written in C++, C
Operating system Microsoft Windows, Linux, macOS
Available inEnglish
Type Password cracking
License GNU General Public License
Website ophcrack.sourceforge.net

Ophcrack is a free open-source (GPL licensed) program that cracks Windows log-in passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows, and can be run via the command line or using the program’s GUI (Graphical user interface). On most computers, ophcrack can crack most passwords within a few minutes. [1]

Contents

Rainbow tables for LM hashes are provided for free by the developers. By default, ophcrack is bundled with tables that allow it to crack passwords no longer than 14 characters using only alphanumeric characters. Available for free download are four Windows XP tables and four Windows Vista tables. [2]

Objectif Sécurité has even larger tables for purchase that are intended for professional use. [3] Larger rainbow tables are NTLM hash for cracking Windows Vista/Windows 7. [2]

Ophcrack is also available as Live CD distributions, which automates the retrieval, decryption, and cracking of passwords from a Windows system. One Live CD distribution is available for Windows XP and lower and another for Windows Vista and Windows 7. [4] The Live CD distributions of ophcrack are built with SliTaz GNU/Linux.

Starting with version 2.3, Ophcrack also cracks NTLM hashes. This is necessary if the generation of the LM hash is disabled (this is default for Windows Vista) or if the password is longer than 14 characters (in which case the LM hash is not stored).

Starting with version 3.7.0, the source code has been moved from SourceForge to GitLab. [5]

See also

Related Research Articles

In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.

<span class="mw-page-title-main">John the Ripper</span> Password cracking software tool

John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions, Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.

Integrated Windows Authentication (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT-based operating systems. The term is used more commonly for the automatically authenticated connections between Microsoft Internet Information Services, Internet Explorer, and other Active Directory aware applications.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP).

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passwords falls into the hands of an attacker, they can use a precomputed rainbow table to recover the plaintext passwords. A common defense against this attack is to compute the hashes using a key derivation function that adds a "salt" to each password before hashing it, with different passwords receiving different salts, which are stored in plain text along with the hash.

SMBRelay and SMBRelay2 are computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines. They were written by Sir Dystic of Cult of the Dead Cow (cDc) and released March 21, 2001 at the @lantacon convention in Atlanta, Georgia. More than seven years after its release, Microsoft released a patch that fixed the hole exploited by SMBRelay. This fix only fixes the vulnerability when the SMB is reflected back to the client. If it is forwarded to another host, the vulnerability can be still exploited.

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings.

Cain and Abel was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock.

<span class="mw-page-title-main">Password strength</span> Resistance of a password to being guessed

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.

In computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password to gain access with stealing the hash.

<span class="mw-page-title-main">DistrRTgen</span> BOINC based volunteer computing project

Distributed Free Rainbow Tables was a volunteer computing project for making rainbow tables for password cracking. By using the Berkeley Open Infrastructure for Network Computing (BOINC) software platform, DistrRTgen was able to generate rainbow tables that are able to crack long passwords. DistrRtgen was used to generate LM, NTLM, MD5 and MYSQLSHA1 rainbow tables.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

Credential Guard is a virtualization-based isolation technology for LSASS which prevents attackers from stealing credentials that could be used for pass the hash attacks. Credential Guard was introduced with Microsoft's Windows 10 operating system. As of Windows 10 version 20H1, Credential Guard is only available in the Enterprise edition of the operating system.

<span class="mw-page-title-main">Q4OS</span> Lightweight Linux distribution, based on Debian

Q4OS is a light-weight Linux distribution, based on Debian, targeted as a replacement for operating systems that are no longer supported on outdated hardware. The distribution is known for an addon called XPQ4, which adds themes intended to replicate the look and feel of Windows 2000 and Windows XP.

References

  1. "OPH Reviews". Pcsupport.about.com. 2011-07-30. Archived from the original on 2016-10-14. Retrieved 2012-02-21.
  2. 1 2 "Rainbow Tables for ophcrack". Ophcrack.sourceforge.net. Retrieved 2012-02-21.
  3. "Objectif Sécurité. A leading Swiss company in the field of information systems security". Objectif-securite.ch. Archived from the original on 2012-02-20. Retrieved 2012-02-21.
  4. "Download ophcrack". Ophcrack.sourceforge.net. Retrieved 2012-02-21.
  5. "Ophcrack 3.7.0 released". Ophcrack.sourceforge.net. 2017-03-30. Retrieved 2017-04-06.