This is a list of frequently asked questions and corresponding answers. Please read this topic carefully before asking any questions.
There are two versions: one called "ophcrack XP LiveCD" which should be used to crack LM hashes, and the other one, "ophcrack Vista" LiveCD for NT hashes.
Use "ophcrack XP LiveCD" for these systems, which have LMhash enabled by default:
Use "ophcrack Vista LiveCD" for these systems:
The XP one includes XP free small tables as the Vista one contains Vista free tables.
When you download the file, specify that you want to save it on your harddisk. Verify that your download went well by comparing the md5sum of the file you downloaded with the one you will find on our Download page. You can use a software like md5summer for example. More on this here.
Then, burn this ISO file with your preffered burner software as an image. You can find many tutorials on the Internet that explains how to burn an ISO file on a CD. Google is your friend.
First verify that there are two directories stored on the CD:
Your graphic card is probably not well detected by the LiveCD. You should select the "text mode" entry in the boot menu when the LiveCD starts. It will start ophcrack in command-line mode in order to avoid having to deal with unsupported hardware. You can also try to boot with the manual mode.
The ophcrack-launch.sh script now includes a "Search" and "Deep Search" mode. The "Search" mode looks for a directory called "tables" at the root of any media connected to the machine (USB hard drive, CDROM, USB stick, ...). The "Deep Search" mode takes more time but will be able to find any directory containing a file named "table0.bin", i.e. any directory that contains a table. The /media directory is now used instead of /mnt for mounting all the media connected to the machine.
There are a few reasons while you could get this message from the launch.sh script. But first you should determine which partitions are mapped to your Windows partition. On Linux, harddisks are mapped to /dev/hda, /dev/hdb, ... for IDE disks or /dev/sda, /dev/sdb, ... for SCSI or SATA disks. Then you should add a number after in order to get the "path" to your partition. There you could get something like /dev/hda2 for the second partition on the first IDE drive, or /dev/sdc5 for the fifth partition of the third SATA drive.
One way to determine on which partition is your Windows partition (if you don't know) is to enter the command "fdisk -l". It will return the list of drives and partitions of your computer and their type. Look for a bootable FAT32 or NTFS partition usually.
Then determine if this partition has already been mounted by Linux at start. It generally creates a corresponding directory in /mnt, i.e. /dev/sdc5 is mounted in /mnt/sdc5. You can enter the command "df" to see if you partition appears in the list which means that it is mounted.
If your partition is already mounted, it means that ophcrack was not able to find your Windows directory. So start ophcrack by entering the command "ophcrack" and use the "Load from encrypted SAM" menu entry to navigate to your /mnt/.../Windows directory/system32/config directory.
If you partition is not mounted, enter the following commands:
su (the password is root)
mount /dev/... /mnt/ntfs (where ... correponds to the partition that you found in the previous steps)
If you get an error message saying that you partition is unclean, reboot Windows and shut it down correctly. You can also try to enter this command instead:
mount -o force -t ntfs-3g /dev/... /mnt/ntfs (... corresponds to your partition like before)
Then launch ophcrack as explained before and load the hashes from the encrypted partition.
There's no fonts that match the resolution of your screen. Try to select the VESA option in the boot menu (when you see Objectif Securite's logo).
You bought additional tables and want to add them to the LiveCD so that ophcrack automatically detects them when it starts. With ophcrack LiveCD 2.3.0 and newer, it is really easy to add new tables.
When the LiveCD starts, it will try to detect tables on all the devices connected to the computer (USB stick, external hard drives, internal hard drives, CDROMS, ...). All you have to do in order to make it works is to put them in a directory called "tables" at the root of this drive.
For example, let's imagine that you want to put the Vista free tables and Vista special tables on a USB stick:
Then put each set of tables in its own directory (its name is not important):
No, these tables do not use the same format as ophcrack ones. We will not add any support for such tables in the future.
Both XP free small tables and XP free fast tables cover 99.9% of alphanumeric passwords. If you have 512MB of RAM or more, the cracking will be usually faster with XP free fast tables. XP free small are better suited for those who cannot download large files.
They have approximatively half of the passwords that are exactly the same (5000 first columns of 15'400'000 perfect chains) and the others are randomly selected. Therefore, using one after the other should improve the overall percentage of passwords covered. But you will remain between 99.9% and 100%.
Currently, ophcrack can crack the following characters on Windows XP English only:
For cracking german characters, you will need to buy the XP german tables. We do not plan to release tables for any other language so far.
Ophcrack installer includes pwdump6 from Fizzgig. This tool is often detected as malware by antivirus softwares (usually samdump.dll and pwservice.exe). These files are not infected, but categorized as evil software. If you do not feel safe installing ophcrack, you will find online source code for every tool it includes as well as the main program.
XP has a "security hole" that allows you to crack your password very easily. Vista fixed the "security hole" and therefore is much harder to crack. Several thousand to several trillion times harder. You'll need about a zettabyte of disk space and it will take 220 days + lookups + false alarms. (It goes kilobyte, megabyte, gigabyte, terabyte, petabyte, exabyte, zettabyte).
To crack Vista passwords you'll need to do the following:
You could always reset the password with this program http://pogostick.net/~pnh/ntpasswd/. You'll lose anything you have encrypted. If you're trying to get into someone else's computer they will know there computer has been tampered with since their password is different.
(thanks to Sc00bz)
Yes, ophcrack (and ophcrack LiveCD) works well on Windows XP SP3.