My Phone rings :” Hi Nik…. We came home from our 2 Month long Thailand trip, and I can’t get into my computer, which i got 3 months ago… I think I lost my password!”

Usually I would animate those People to think about it again, and mostly they remember what their password was. In all other cases, I went over to their house and booted in Safe mode, to get into the Admin account, that was not password protected.

Today I stumbled upon this Linux LiveCD Distro called “Ophcrack”, which Is available for free in the Internet. The usage is simple: You pop in the CD and let it boot from the Disk, then it will automatically load all necessary files, and will start the cracking process automatically.

It will scan your Hard drive for LM Hashes (format in which Windows stores passwords) and will put them through a rainbow table (just wiki that… its too complicated to explain). This procedure returns a decrypted password, that can be used for logging onto the system.

As you know, I am a person of curious nature, so I just HAD to try this in real life. I downloaded the ISO, burned it, and stuck it in my laptop. I booted up a virtual Windows XP using Virtual Box and set up some user accounts and passwords. One was only characters, the other one was alphanumeric, and another one was alphanumeric with upper and lowercase characters. All of them were cracked within 9 Minutes. Now that was indeed scary.

Then i tried this: &^!(%HPSam18. This password failed, because the version you can download is a “SE” version, which only allows to crack alphanumeric passwords. The full version can be bought at Objectif Sécurité; the company of the creator of this great piece of software.

Well, the next time you loose your password, make sure to have a disk of Ophcrack in your CD pouch, so that you can log in as quick as possible again.

Take care,

Nik (computec)

You got Questions? I got answers!

Feel free to leave a comment or write me an email. Please click the three dots in my email address below to solve a captcha and retrieve my address.

comp…@askcomputec.com

This entry was posted on Saturday, May 30th, 2009 at 11:48 pm and is filed under Home. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.