Most important thing in information security is the password. More strong the password it’s become impossible for the attacker to get control of your system. Strong passwords are consists of character upper as well as lower case, numbers, special characters and spaces. Microsoft also gives a tool to check your password strength. These more complicated passwords are considered “strong” because they take a longer time to crack than shorter, easier-to-guess passwords. But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Other passwords crackers try thousands of combination of numbers, characters and special characters per second and this process may take hours, day or some times years to crack a complex password. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.

Ophcrack is not malware and has its legitimate uses. For instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.

Ophcrack let’s you to get your original password incase if you forget your password while other password recovery tools recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.

However, one of the tools Ophcrack uses to access the SAM is pwdump, which many virus scanners will flag and quarantine as malware during installation because of its ability to create surreptitious remote connections used for spiriting out data. Ophcrack requires pwdump in order to dump the hashes in the SAM, so its association with pwdump may present some ethical hackers with an uncomfortable level of risk.

Ophcrack features

• Runs on Windows, Linux/Unix, Mac OS X, …

• Cracks LM and NTLM hashes.

• Free tables available for Windows XP and Vista.

• Brute-force module for simple passwords.

• LiveCD available to simplify the cracking.

• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.

• Free and open source software (GPL).

Source : ophcrack Website

Share

You may also like to read

• Amitabh Bachchan Started His Own Blog (209)
• Kabhi Kabhi Aditi Lyrics…….For your dear ones… (30)
• Contact Us (20)
• 8 Things that Google Ignores (17)
• Linux Powers More then 85% of the World’s Top 500 Supercomputers (16)