OPHCRACK 2.3 (Time-Memory-Trade-Off-Crack) A windows password cracker based on the faster time-memory trade-off using rainbow tables. This is an evolution of the original ophcrack 1.0 developed at EPFL (http://lasecwww.epfl.ch/~oechslin/projects/ophcrack) Ophrack 2.3 comes with a GTK Graphical User Interface which runs on Windows, Mac OS X (Intel CPU) as well as on Linux. USING OPHCRACK 2.3 Getting the hashes: The interface allows for three ways of dumping password hashes. - encrypted SAM: dumps the hashes from the SAM and SYSTEM files retrieved from from a Windows machine while booting on another disk. Note that in this case you do not need to known a windows administrator password to get the hashes. - local SAM (only for the windows version of ophcrack 2.3): dumps the hashes from the Windows machine the program is running on . You need to be administrator of your local machine for this to work. - remote SAM (only for the windows version of ophcrack 2.3): dumps the hashes of a remote Windows machine, provided you know the username and password of an administrator and the name of share. Alternatively, you can also crack hashes that you have saved from a previous session or obtained with another tool. Cracking the hashes: The launch button starts the cracking process. It can be interrupted and the results saved in a file, which can be loaded again at a later time. RAINBOW TABLES Ophcrack 2.3 uses the alphanumeric table sets of ophcrack 1.0 as well as another tables set with special characters. This means that it cracks 99.9% of passwords of length 1 to 14 containing uppercase letters, lowercase letters and numbers with the old table sets. With the new table set, it cracks 96% of passwords of length 1 to 14 composed by characters contained in this set: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;<=>?@[\]^_`{|}~ (including the space character) Ophcrack 2.3 also cracks NTLM hashes using a new tables set called NTHASH. It cracks 99% of: * passwords of length 6 or less composed by characters in this set: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;<=>?@[\]^_`{|}~ (including the space character) * alphanumeric passwords of length 7 (lower- and uppercase) * alphanumeric passwords of length 8 (lowercase only) SSTIC04 table sets These are the alphanumerical tables. They are distributed freely under the GNU general public license (GPL) and come in two sizes: SSTIC04-5k is a large one (720MB) for machines having atleast 500M of RAM. SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM. Theses tables can be downloaded from the page http://lasecwww.epfl.ch/~oechslin/projects/ophcrack Note that with the time-memory trade-off, the number of operations needed to crack a password reduces with the square of the table size. Thus the large tables should be roughly 4 times faster. WS table sets These are the tables with special characters. They are not distributed freely. A DVD containing the tables can be ordered from the page http://www.objectif-securite.ch/ophcrack WS-20k is a large set of tables (7.5 GB). NTHASH table sets They are not distributed freely. A DVD containing the tables can be ordered from the page http://www.objectif-securite.ch/ophcrack NTHASH is a large set of tables (8 GB). The tables used by ophcrack are not compatible with the ones generated by another tool called rainbowcrack. The tables of ophcrack are much more compact and since memory can be traded for time, allow for much faster cracking of passwords. GETTING and INSTALLING OPHCRACK Ophcrack 2.3 can be downloaded from sourceforge: www.sourceforge.org/projects/ophcrack. The Windows version comes with an installer that suggests automatic install or download of the tables. The linux version is a source package. It can be compiled and installed using the "./configure", "make" and "make install" commands. The tables have to be downloaded by hand, from the URL given above.