In the past, MakeUseOf has published other password-cracking related articles. Those who are interest should check out T.J. Miniday’s 3 Ways to Reset Forgotten Windows Administrator Password.
However, there might be circumstances in which you’d need unnoticed access – being able to use the terminal without literally changing the password.
To manage this, Ophcrack uses rainbow tables to guess the password. When a working one is encountered, it is presented to you, and you can simply log in with it. One would think this “guessing” takes a lot of time, but that’s just where the power of rainbow tables lies.
Rainbow Tables in a NutshellOperation systems don’t store the user passwords in plain text — that’d be highly insecure, and even right out stupid. Instead, they calculate the hashes of the passwords by putting the passwords through a one-way hash function and store those. When one would obtain these hashes, they would still be rather useless; the password needs to be entered, after which the hash needs to be calculated and compared to the stored password hash.
e.g. ‘makeuseof.com’ would become ‘9fb883363640e11970be10a5936a37fc:b35f6f8268073d2242e0cd8b72554d8a’ when converted to Windows XP’s LM hash.A rainbow table is basically an enormous list of passwords — basically every password a brute force attack would try — with their respective hashes included. Although this table takes a lot of time to generate, it can reduce the cracking of passwords to minutes, or even seconds.
Downloadable TablesOphcrack supplies a few of these rainbow tables, free, for your use. They’re included in the Live CD, can automatically be retrieved from the Windows executable, or downloaded from the Ophcrack website. We’ll quickly look over the available tables, and their possibilities.
For Windows XP, Ophcrack supplies two alphanumeric tables. With these, you can crack 99.99% of all passwords under 14 characters, consisting of a combination between letters and numbers — abcdefghijklmnopqrstuvwxyz0123456789. Because the LM hash used by Windows XP is insensitive to capitalization, these hash tables contain 80 billion different hashes, corresponding with 12 septillion possible passwords.
You can choose between the XP free small and the XP free fast tables. These can both be used to crack the same passwords, but because the XP free fast table is twice as large, you can crack them in half the time.
The downside of both tables is their unability to crack passwords with special characters — these can only be cracked using the premium XP special tables.
For Windows Vista, which abandoned the weak LM hash, and moved on to the stronger NT hash, there are less possibilities. Currently, Ophcrack only gives away a table with dictionary-words and variations (hybrids) for free. If you’re willing to cough up a lot of money (about 99$), they also provide alphanumerical tables – including special characters.
Because the NT hash is subjective to capitalization, and allows a much greater password length (whereas the LM hash simply splits large sequences up in multitudes of smaller strings), these premium rainbow tables can range in size from 8GB to over 130GB.
And that’s the essence of it. There’s some more technical information (a real how-to) in the Ophcrack help files (included in the downloads).
If you’re shivering in your boots after reading this article and thinking,”Gosh, everyone’s going to know how to hack my password. What shall I do?” Then it may be a good time to create a stronger password. Stefan wrote about 5 free password generators that will help you make nearly unhackable passwords, no matter what password hack tools a hacker tries to use. It’s a good start.
So, what do you think? Is Ophcrack really the pot of gold at the end of the rainbow, or hardly worth one’s attention? — Let us know your experiences, opinions and questions in the comments section below.