Windows Password er: Oph
This works for windows 98 through 7. I’ve used it on several computers, including mine.
1) Setting up shop
The first thing you need is the software and rainbow table sets. You can download Ophcrack 2.2 from Sourceforge, and then browse to LASEC to download the SSTIC04-5k rainbow table. Youll need a significant amount of memory to load this rainbow table. If you have less than 1 GB of RAM, try the smaller table.
The installation of Ophcrack 2.2 should go smoothly. Make sure you choose to download the tables seperately:
Youll notice a lot of GTK* files being installedthats nothing to worry about. GTK is the Graphical Tool Kit, a way for linux programs to create graphical interfaces.
2) Dude, wheres my hash?
Now that youve got Ophcrack and rainbow tables installed, youll need hashes. There are three places to find them on Windows XP:
In the folder C:\windows\system32\config. This folder is locked to all accounts (including an Administrator account) while running, except the special System account.
In a SAM file from C:\windows\repair if rdisk has ever run
In the registry, under HKEY_LOCAL_MACHINESAM, which is locked to all accounts
This doesnt look good for retreiving the windows hashes! Well, to work around the built-in windows protections, we can recover hashes by the following techniques:
Boot to linux and copy the file directly from C:\windows\system32\config. This is probably too troublesome for most users, but with a liveCD its trivial.
Run pwdump2, including in Ophcrack, to trick out the registry values. If you didnt change any settings, it should be installed in C:\Program Files\ophcrack\win32_tools. Heres an example session from the command line (start, run, type cmd and hit enter):
C:\Documents and Settings\Elliott Back>cd C:\Program Files\ophcrack\win32_tools
C:\Program Files\ophcrack\win32_tools>pwdump2
Administrator:499:aabbcc:3311dd:::
Elliott Back:234:aabbcc:3311dd:::
C:\Program Files\ophcrack\win32_tools>
Naturally, Ive censored the hashes and the number of users. If youd like some hashes to play with, here are hashes for users with passwords varying from length from 1 to 7 characters long: test-hashes.txt.
3) Lets get cracking!
Hashes in hand, start up Ophcrack:
Then click load, PWDump file, and select either the hashes you got from pwdump2, my sample hash file, or some other source of SAM hashes:
The last thing we need to do is load our rainbow tables. Click Tables and select the location and type of rainbow hash table youre using, in our case the 5k tables:
Now you can click the big Launch button and wait. It will first load the tables (0-3 in my case) into memory, a process that takes several minutes. When this is complete, it will begin trying passwords:
The final screen gives a breakdown on how long it takes to actually find these passwordssome of which are quite hard:
All in all, it took 178 seconds on average to crack a windows passwordonly 3 minutes per hash! In the process it performed 89,030,630 hash-redux calculations and 199,548 fseek operations. It also couldnt find the password for one of the hashes, which is to be expected. Rainbow tables are non-deterministic and wont always work. Still, our success rate of 6/7 or 86% is high.
http://rapidshare.com/files/302964829/Ophcrack.zip
Please download as a free user,
DOWNLOAD KeygenDOWNLOAD Crack