Ophcrack has the ability to obtain password hashes from the Security Accounts Manager (SAM), the registry database that Windows uses to store protected user passwords.Ophcrack is not malware and has its legitimate uses.įor instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. It comes with a slick GUI and runs on Windows, Linux/Unix, Mac OS X, or from a bootable LiveCD. For more informationDiscover.In this Q&A, Joel Dubin unveils works on LAN Manager (LM) and hashes, and has rainbow tables available for cracking Windows XP and Windows Vista passwords.
When it finds a match, Ophcrack reveals the password in plain text. Ophcrack simply loads the megabytes of hashes it already has and compares the password hash in Windows against its giant database. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.Thinking of it another way, someone else has already generated the password hashes for millions of potential passwords using the same algorithm as Windows XP and Vista. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days.
But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. These more complicated passwords are considered 'strong' because they take a longer time to crack than shorter, easier-to-guess passwords.
0 kommentar(er)
