Ophcrack: Password cracking made easy

Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords.

This Content Component encountered an error

One of the basic tenets of information security is to ensure that systems use strong passwords, namely those of a certain length that mix letters, numbers and other special characters. One way to determine if your password is strong is to type it into a password checker, like Microsoft's Password Checker. The software giant's tool checks for sufficient length and complexity.

These more complicated passwords are considered "strong" because they take a longer time to crack than shorter, easier-to-guess passwords. But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.

Thinking of it another way, someone else has already generated the password hashes for millions of potential passwords using the same algorithm as Windows XP and Vista. Ophcrack simply loads the megabytes of hashes it already has and compares the password hash in Windows against its giant database. When it finds a match, Ophcrack reveals the password in plain text. 

Ophcrack works on LAN Manager (LM) and NT LAN Manager (NTLM) hashes, and has rainbow tables available for cracking Windows XP and Windows Vista passwords. It comes with a slick GUI and runs on Windows, Linux/Unix, Mac OS X, or from a bootable LiveCD. Ophcrack has the ability to obtain password hashes from the Security Accounts Manager (SAM), the registry database that Windows uses to store protected user passwords.

Ophcrack is not malware and has its legitimate uses. For instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.

However, one of the tools Ophcrack uses to access the SAM is pwdump, which many virus scanners will flag and quarantine as malware during installation because of its ability to create surreptitious remote connections used for spiriting out data. Ophcrack requires pwdump in order to dump the hashes in the SAM, so its association with pwdump may present some ethical hackers with an uncomfortable level of risk.

About the author
Scott Sidel is an ISSO with Lockheed Martin. For more recommendations from the author, check out Scott Sidel's Downloads.
 

This was first published in May 2008

Dig deeper on Open Source Security Tools and Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close