Recover (crack) forgotten Windows passwords with Ophcrack

Forget your Windows password?  Yes? How are you going to log in! If you don’t know your password, it can really take away from that whole “using of the computer” idea. Thankfully, a bunch of Swiss developers have put together Ophcrack, a free and open source program that will crack the password on your Windows XP, Vista, or Win7 account.

Image Credit: One and Two –>

You can see from the following screenshot that I have three accounts – one called “passworded account”, one “unpassworded account”, and me:

Unfortunately, I forgot the password to the “passworded account”. Luckily, using Ophcrack gives me a way to crack the password: Boot off the LiveCD, run Ophcrack, and wait a few minutes for Ophcrack to work its magic. For those who don’t know, a “LiveCD” is a disc that contains a bootable operating system. LiveCDs are more known in the Linux circle than the Windows gang because most, if not all, Linux distros have some sort of LiveCD. In fact the LiveCD of Ophcrack – the program that will crack your Windows password – runs on Linux. How’s that for poetic justice?

I actually jumped the gun a little bit there. Ophcrack is not just available on LiveCD; it comes in two forms: LiveCD and Windows installer. However, the Windows installer requires users to separately download rainbow tables (LiveCD comes with rainbow tables), and is harder to use – in my opinion – than the LiveCD. Indeed, I couldn’t even get the Windows installer version to work while the LiveCD works flawlessly. It should be noted, though, that the Windows installer version has the inherent ability to crack passwords better than the LiveCD because it can use the larger rainbow tables whereas the LiveCD version is limited to just the small rainbow tables that it comes with. However, because of the inability to get the Windows installer version to work, I will only be discussing the LiveCD version of Ophcrack in this article, but using the Windows installer version should be generally similar.

That said, in order to use Ophcrack on LiveCD you first need to download the correct LiveCD. There is the “ophcrack XP LiveCD” for Windows 2000/XP/Server 2003 and the “ophcrack Vista LiveCD” for Windows Vista/Server 2008/Win7. After downloading the correct LiveCD, you need burn it to a disc; the LiveCD is small enough to fit on a CD, so you don’t need another bigger like a DVD. To burn the image you can use your operating system’s built in image burner (if you are on Windows 7, Linux, or OS X) or you can use a program like ImgBurn or Ashampoo Burning Studio 2010 Advanced.

Once you have burned the image to a disc, you need to pop the disc into the computer that holds the account that you want to crack (say that ten times fast); then you need to boot off the disc. For some booting off the disc is as simple as restarting your computer with the disc in your drive; for others it may require you to tap an F key (like F10 or F12) during the BIOS screen and manually tell the computer you want to boot off the disc; yet for others you may need to enable to booting off disc from your BIOS before you can do any of the previously mentioned actions.

Booting into the Ophcrack LiveCD will take literally seconds. If you see something like the following, you know you are headed in the right direction:

IOSLINUX 3.82 2009-06-09 ETCD Copyright (c) 1994-2009 H. Peter Anvin et al

Once you’ve gotten past that first screen – it should only take a second – you’ll be prompted to choose between four modes:

  • Graphics mode – automatic
  • Graphics mode – manual
  • Graphics mode – low RAM
  • Text mode

Unless you have a specific reason to pick a different one, picking automatic graphics mode is fine because automatically that allows Ophcrack to pick the best resolution settings for you. Once you pick a mode, you will be booted into Ophcrack!

Once Ophcrack is running, it will automatically detect your Windows installation and will start doing its thing. First, Ophcrack will do a brute force attack to try to crack the simple passwords. Next, Ophcrack will put its rainbow tables-assisted assault into action for the more complex passwords. The rainbow tables-assisted assault first requires the loading of relevant rainbow tables from the CD, which can take a few minutes while (Ophcrack will do this automatically, you don’t need to do a thing):

For me the rainbow tables were 79% loaded into RAM after ~2 minutes:

After the tables are loaded into your RAM, Ophcrack will start cracking using the rainbow tables:

Depending on the strength of your passwords, it can take a couple minutes to crack. (If you have a particularly nasty to crack password, the makers of Ophcrack were kind enough to include a little Sudoku game you can play while waiting. You can find it in the menu.) For my “passworded” account, the password was relatively easy to crack:

As you can see in the above screenshot, as Ophcrack finds passwords it lists the passwords next to their respective accounts. Write down the passwords once Ophcrack finds them for you so you can boot into your account. Or, you can memorize them, but if you had such a good memory in the first place you probably wouldn’t have forgot the password. :-P

Once the passwords you want are cracked, you just need to reboot your computer to get out of Ophcrack. (You may also have to take out the CD from the disc drive, depending on your computer.)

Last but not least, take note that Ophcrack cannot crack all passwords. Ophcrack will only crack passwords that are 14 characters or less in length, because Ophcrack takes advantage of a permanent flaw in Microsoft’s method of securing passwords; and if you have an extremely complex password you may find Ophcrack throw up its arms in defeat. However, all things considered, Ophcrack is an excellent tool that can help you when you find yourself between a rock and a hard place.

You can dowlnoad Ophcrack from the following links:

Version reviewed: v3.3.1 (LiveCD v2.3.1, which has v3.3.1 of Ophcrack)

Supported OS: Windows installer version works on Windows 2000, XP, Vista, and Win7; the LiveCD is OS-independent but will only crack the passwords for the OSes previously mentioned.

Download size: LiveCD is 416-496 MB depending on which version you download, while the Windows installer version if only 5.4 MB. However, you must separately download the rainbow tables for the Windows installer version which range from 380 MB to 136.8 GB.

Price: Ophcrack itself is freeware ($0), and the small rainbow tables are also free, but the larger rainbow tables cost you money

Ophcrack homepage

[Direct download – LiveCD, XP version]

[Direct download – LiveCD, Vista version]

[Direct download – Windows installer version]

[Rainbow tables downloads]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

20 comments

  1. promytius

    great looking program!
    BUT….
    downloads at 60kb a sec? It’s like a 2 hour download! Ouch – I never keep my browser open that long!

    I have an XP SP2 box that I can’t upgrade because every time SP3 goes in it locks the system up with a new user, new password and new network, all completely inaccessible; the only way out is a re-install. Maybe this will get me past that blockade!

  2. Zhuismile

    If you have lost windows password, the best thing for you is creating a password reset disk.Actually,when you add a password to your pc,the first thing you should do is creating a disk in case you lost the password.But how to make a password reset disk after you have lost the password ? Follow these

    You need to prepare:
    1:A blank CD/DVD or USB flash drive
    2.A computer which can link to internet
    3.A program called Windows Password Key

    Then let’s begin

    Step 1.Login to a PC which can link to internet,Download and install the program in that PC

    Step 2.Run the program and burn to CD/DVD OR USB flash drive

    Step 3.Turn to your locked PC,insert the newly create CD or USB to your drive.Reboot the Computer and then follow the instructions,it is very easy to use.

  3. Rylai

    A Windows Password Reset Disk could do all the job for you, it can reset your lost or forgotten Windows password safely and quickly without login, you can create a Windows password reset disk with the tool Windows Password Breaker, then reset your password.

  4. Andy

    Seems like everybody is posting Linux and Ubuntu stuff and i was wondering if someone could do an article on how to learning how to use linux or something of the sort and all the possible verson of linux you could use and which one does what. I am trying to learn and not sure where to star, there is not answers that in plain site?!?!

    Thanxs for the help

  5. Farrukh

    @Helmer:
    I was helped by a friend with same issue, but instead of deleting the SAM, they simply deleted Local Administrator account password :).

    And I still remember, once the Network Administrator refused to tell me the Local Administrator Password :)

  6. Helmer

    Hmmm, earlier when i´ve helped friends that forgotten their password i just booted into command prompt, used a program that can read/write NTFS from command prompt and then deleted the SAM database. Is that not possible anymore?