Most important thing in information security is the password. More strong the password it’s become impossible for the attacker to get control of your system. Strong passwords are consists of character upper as well as lower case, numbers, special characters and spaces. Microsoft also gives a tool to check your password strength. These more complicated passwords are considered “strong” because they take a longer time to crack than shorter, easier-to-guess passwords. But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.
Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Other passwords crackers try thousands of combination of numbers, characters and special characters per second and this process may take hours, day or some times years to crack a complex password. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.
Ophcrack is not malware and has its legitimate uses. For instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.
Ophcrack let’s you to get your original password incase if you forget your password while other password recovery tools recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.
However, one of the tools Ophcrack uses to access the SAM is pwdump, which many virus scanners will flag and quarantine as malware during installation because of its ability to create surreptitious remote connections used for spiriting out data. Ophcrack requires pwdump in order to dump the hashes in the SAM, so its association with pwdump may present some ethical hackers with an uncomfortable level of risk.
Ophcrack features
-
Runs on Windows, Linux/Unix, Mac OS X, …
-
Cracks LM and NTLM hashes.
-
Free tables available for Windows XP and Vista.
-
Brute-force module for simple passwords.
-
LiveCD available to simplify the cracking.
-
Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
-
Free and open source software (GPL).
Source : ophcrack Website
Any idea where to get good rainbow tables for it? Ones that include symbols?
you can find more rainbow tables here
http://ophcrack.sourceforge.net/tables.php
Ophcrack does no work fine!
I have downloaded Windows Password Recovery Tool 3.0 from http://sn.im/resetwindowspassword. it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password. I Wrote it to an old 128mb USB flash drive do this. Booting up and clearing a password takes a minute or two works like a charm.
You can crack windows password in a minute. It is very easy to create a
recovery disk that you can use on any Windows PC. It works perfectly to reset any local user account to a blank password. Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/
If you lost windows password. I think the best solution is making a windows password recovery disk with the third part utility. The disk works perfectly to recover windows password to “Blank”. It is also useful for administrator password recovery, you can wrote it to an blank CD or USB flash drive to recover administrator password. Booting up and clearing a password takes a minute or two works like a charm.
more info: http://www.windowsloginrecovery.com
If you lost windows password. I found a windows password reset tool. you can wrote it to an blank CD or USB flash drive to reset administrator password. Booting up and clearing a password takes a minute or two works like a charm. more info: http://snurl.com/passwordtool