How to use "Ophcrack" to analyze Windows passwords in just minutes

I tried using open source software "Ophcrack" which can analyze and display passwords of various Windows user accounts. It also supports Windows Vista, because it does not analyze in brute-force, it is characterized by very quick analysis. It will be possible to analyze in about several minutes. In the experiment of this time, the administrator's password was displayed in just 3 minutes, shock.

Normally I burn ISO image to CD and start with CD boot, but this time I tried booting from USB memory. There is also a movie of the state from actually starting up to ending.

So the commentary on how to use is from the following.
※ It is software to check the weakness of your password to the last, so please use it at your own risk when using it


Download from below. Download the ISO image "ophcrack-livecd-1.2.1.iso" from "ophcrack-livecd". The latest version is about 450 MB. Files

As a mechanism, I will find out the password by analyzing what is called LM hash and NTLM hash. As a result, Windows can not parse this hash creation in Windows (normally it is on).

This time I will explain how to boot from USB memory. For details on how to create LiveCD by CD-R, not USB memory, see the following page. There is an example of creation with B's Recorder and CloneCD.

Laboratory: Creating boot CD(B's Recorder case)

Laboratory: Creating a startup disk(Clone CD case)

As a procedure to boot from the USB memory, after downloading the ISO image, open source software "Free software"7-zip"Extract all contents directly to USB memory directly. Then run "bootinst.bat" file to get it done. I will explain in order.

First of all, download "7-zip" from the following page. Since it runs on Windows XP SP2 this time, I used ".exe", "32-bit", "818 KB" format.


Click on it to download it

Click "Install"

Click "Finish", I will put empty USB memory in my computer. At least 512 MB of free space is required.

Click "7-Zip File Manager" from the start menu and click "computer" when it starts up

Click on the downloaded folder "ophcrack-livecd-1.2.1.iso" in order to go forward

After selecting "ophcrack-livecd-1.2.1.iso", click "decompress" button

Click the button in the upper right

Select USB memory drive and click "OK"

Click "OK" to decompress

Extracting into USB memory ...... Wait till the end

When decompression is done open the "boot" folder of the USB memory and execute the "bootinst.bat" file

Press the Enter key

When this screen is displayed, it means that the setting of the boot record has been completed, so if you press the Enter key the window will close automatically

Next, make the PC bootable from the USB memory. Since it depends on the BIOS installed, please set it referring to the following page.

USB-KNOPPIX (20041001R001) Confirmation of BIOS manufacturer

This time I used the Panasonic laptop computer CF - W5. After turning on the power, immediately press the "F2" key to display the BIOS menu. There is "USB HDD" in the "Startup" tab and this will be activated from the USB memory, so select it and press "x" key to activate it

Then press the "F6" key and take it to the top

When you come to the top it will look like this. Then press "F10" key to finish

Select "Yes" and press "Enter" key

When turning on the power with the USB memory stuck in, it will start with this kind of feeling. After turning on the power, the sequence of flow from displaying the password to the end will be like the following movie.

In the above movie, I ended without displaying the Administrator's password, but in fact it could be analyzed in about 180 seconds. It is displayed under "NTpasswd". It seems that it was in vain though there were about ten figures.

Whether it is possible to boot from the USB memory in the BIOS and analyze, if it is familiar people will be completed within 10 minutes.

By the way, default setting Ophcrack can only analyze up to 14 alphanumeric characters, but by downloading the table set from the following page you can analyze even non-alphanumeric characters and German strings.

Available table sets

Also, this time I use the smallest size table installed by default, but if the free space of the USB memory permits, since a huge size table can be used from the above page, use it The analysis speed further increases.

As it is, it is completely out so let's take some measures. Measures to prevent analysis by Ophcrack are well organized on the following page.

Analyze Windows XP password @ophcrack

In addition, Ophcrack startup itself supports Windows, Mac OS X, Linux, and in the LiveCD version based on the ISO image, "SLAX"Based on slackware-based Linux from Czech, various problems such as" LiveCD does not start "or" Hardware not recognizable "can be solved mostly by reading the following SLAX official website forum .

SLAX :: Index

When stopping during startup, the contents written on the following site are useful.

SLAX cheatcodes page

Although it seems like Linux screen is reached until reaching SLAX launch, if Ophcrack does not start automatically, it means that if you start xterm and enter the command in the following order you can start it manually .

Type "cd / root" and press Enter
Type ./ and press Enter

If you do not want it to start automatically, you can also enter "ophcrack" and press the Enter key and select the option in the procedure described on the following page to start it.

RE: LiveCd boot up not exactly right...

in Review,   Software,   Video, Posted by darkhorse