[Geeks are Sexy] technology news

Wednesday, April 12, 2006

Cracking your Windows SAM Database in Seconds with Ophcrack 2

A few months ago, I wrote an article explaining how to test the complexity of your users password using Cain&Abel, a security auditing application. Today, I'll show you how to do it with Ophcrack, a similar tool.

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. Yes, you read that right, in SECONDS. The application automates the cracking process, from dumping the sam database into the application, to cracking it and displaying the result in an easily readable grid.

First, you'll need to have admin rights on your machine or network to use the application. If you don't, then you have no business fooling around with password crackers. Be careful if you do this! You will need to get the proper authorization from management because if you don't, you may end up without a job. If you use it on your own machine, then don't worry about this.

How to crack a Sam Database using Ophcrack

1- Get the application from SourceForge.

2- Do a full installation of the product. Be sure to select the "Download alphanumeric table from Internet" radio button. This will download and install the proper charset in the application and will be used to crack your SAM database. These tables are distributed freely under the GNU general public license (GPL) and come in two size : SSTIC04-5k is a large one (720MB) for machines having atleast 500M of RAM and SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM.

3- Start the application and select Load -> Local SAM file or Remote SAM file (Network) (Your anti-virus application may give you an alert at this point, it should categorize the alert as something like "Hack Tool"). You should see the list of your users appear in the application now.

4- Click "Launch". If you have 200/300 users, this should take a while, but you'll start receiving results in 10-20 seconds, depending on the speed of your computer.

5- Voila, you're done. Dump the result in a text file via "Save As", print it up, and show it to your boss. If you want to persuade your company to adopt a strong password policy, this might be what you need to convince them. Whatever you do, NEVER forget to get the proper authorization when you do this.

Add to Del.Icio.us

Here are a couple of resources about how you can help your users choose safer and better passwords.

Other [Geeks Are Sexy] Original articles right here


  • Everyone, please remember that unauthorized computer intrusion is a federal crime and can be prosecuted. Using password-cracking to gain access to someone else's system or user account is now taken very seriously by most law enforcement agencies.

    By Anonymous Anonymous, at 3:16 PM  

    --- CFAA-Computer Fraud and Abuse Act - 1986
    It is a felony :

    to commit unauthorized access to a Federal computer system with the intent to steal or commit fraud or inflict malicious damage.
    It is a misdemeanor:
    to traffic in passswords.
    (enforced by Secret Service or other authorized federal agency)


    By Anonymous Anonymous, at 3:20 PM  

  • "Everyone, please remember that unauthorized computer intrusion is a federal crime and can be prosecuted."

    Of course it is, but tools like this are also used in "Legal" businesses, and posting a guide to it is in no way illegal. That is why I said in the article:

    "Be careful if you do this! You will need to get the proper authorization from management because if you don't, you may end up without a job."

    Doing it on your own computer out of curiosity is also completely legal.

    By Blogger Kiltak, at 3:31 PM  

  • The sadness is people like these other anon posters don't realize that using such tools in legit situations sheds light on the root of why so many security problems exists - user misunderstanding. So in this culture of fear, laws are written up and passed without first giving any thought to what it is we are trying to protect. This is part of the reason why this internet child porn law has a such hard time passing - you cannot take one large brush and paint one large stroke and proclaim goodness with a law. I think the computer fraud and abuse act of 1986 was just that and more so worse because technology and how we use it has change drastically since the act was mandated 20 years ago.

    By Anonymous Anonymous, at 5:33 PM  

  • There is a guide to using Ophcrack and online sites for cracking LM hashes on Wikibooks:

    By Blogger The PAMATMAT Clan, at 5:27 AM  

  • hi i ve tryed to download this but after about 5mins it comes up as url timed out, any advice ps ive tryed 3 different mirrors


    By Anonymous Anonymous, at 1:33 PM  

  • The windows version on the sourceforge page? Just tried it and it works fine..

    here's the direct link to the download page: http://prdownloads.sourceforge.net/ophcrack/ophcrack-win32-installer-2.3.3.exe?download

    used the Minneapolis server.

    By Blogger Kiltak, at 2:14 PM  

  • This article was fantastic, it saved me a load of grief, 10 out of 10

    By Anonymous Sy, at 12:28 PM  

Post a Comment

<< Home