Frequently Asked Questions

Cedric Tissieres

FAQ

This is a list of frequently asked questions and corresponding answers. Please read this topic carefully before asking any questions.

Using ophcrack LiveCD

Which version of the LiveCD should I download?

There are two versions: one called "ophcrack XP LiveCD" which should be used to crack LM hashes, and the other one, "ophcrack Vista" LiveCD for NT hashes.
Use "ophcrack XP LiveCD" for these systems, which have LMhash enabled by default:

  • Windows 2000 (any version, including Server)
  • Windows XP (any Service Pack)
  • Windows 2003 Server

Use "ophcrack Vista LiveCD" for these systems:

  • Windows Vista
  • Windows 2008 Server
  • Any system on which the LMhash has been explicitely disabled

The XP one includes XP free small tables as the Vista one contains Vista free tables.

I downloaded the ISO file. What should I do next?

When you download the file, specify that you want to save it on your harddisk. Verify that your download went well by comparing the md5sum of the file you downloaded with the one you will find on our Download page. You can use a software like md5summer for example. More on this here.

Then, burn this ISO file with your preffered burner software as an image. You can find many tutorials on the Internet that explains how to burn an ISO file on a CD. Google is your friend.

I burned the ISO file, but it does not boot ophcrack when I reboot my machine.

First verify that there are two directories stored on the CD:

  • boot
  • tables

Then make sure that you change your BIOS settings to make it boot from the CD drive. Tutorials here and here.

Make sure that the md5sum of the ISO file corresponds to the one displayed on the Download page. You can use md5summer on Windows for example.

After the CD boots, all seems to go well until I get a black screen.

Your graphic card is probably not well detected by the LiveCD. You should select the "text mode" entry in the boot menu when the LiveCD starts. It will start ophcrack in command-line mode in order to avoid having to deal with unsupported hardware. You can also try to boot with the manual mode.

No partition containing hashes found

New instructions (LiveCD version 2.3.1 and newer)

The ophcrack-launch.sh script now includes a "Search" and "Deep Search" mode. The "Search" mode looks for a directory called "tables" at the root of any media connected to the machine (USB hard drive, CDROM, USB stick, ...). The "Deep Search" mode takes more time but will be able to find any directory containing a file named "table0.bin", i.e. any directory that contains a table. The /media directory is now used instead of /mnt for mounting all the media connected to the machine.

Old instructions (LiveCD version 2.3.0 and older)

There are a few reasons while you could get this message from the launch.sh script. But first you should determine which partitions are mapped to your Windows partition. On Linux, harddisks are mapped to /dev/hda, /dev/hdb, ... for IDE disks or /dev/sda, /dev/sdb, ... for SCSI or SATA disks. Then you should add a number after in order to get the "path" to your partition. There you could get something like /dev/hda2 for the second partition on the first IDE drive, or /dev/sdc5 for the fifth partition of the third SATA drive.

  • One way to determine on which partition is your Windows partition (if you don't know) is to enter the command "fdisk -l". It will return the list of drives and partitions of your computer and their type. Look for a bootable FAT32 or NTFS partition usually.

  • Then determine if this partition has already been mounted by Linux at start. It generally creates a corresponding directory in /mnt, i.e. /dev/sdc5 is mounted in /mnt/sdc5. You can enter the command "df" to see if you partition appears in the list which means that it is mounted.

  • If your partition is already mounted, it means that ophcrack was not able to find your Windows directory. So start ophcrack by entering the command "ophcrack" and use the "Load from encrypted SAM" menu entry to navigate to your /mnt/.../Windows directory/system32/config directory.

  • If you partition is not mounted, enter the following commands:

    su (the password is root)
    mkdir /mnt/ntfs
    mount /dev/... /mnt/ntfs (where ... correponds to the partition that you found in the previous steps)

  • If you get an error message saying that you partition is unclean, reboot Windows and shut it down correctly. You can also try to enter this command instead:
    mount -o force -t ntfs-3g /dev/... /mnt/ntfs (... corresponds to your partition like before)

  • Then launch ophcrack as explained before and load the hashes from the encrypted partition.

I can see ophcrack window but no fonts at all, the window is blank.

There's no fonts that match the resolution of your screen. Try to select the VESA option in the boot menu (when you see Objectif Securite's logo).

How to start ophcrack manually in the LiveCD?

  • In the GUI, click with the right button on the background and select terminal in the favourite apps menu.
  • Enter /home/tux/launch.sh
  • If you got "No partition containing hashes found", go to the other topic of the FAQ. Otherwise, ophcrack should have started.

How to installl the LiveCD on a USB stick?

New instructions (LiveCD version 2.3.0 and newer)

On Windows:

  • Download the ISO file of the ophcrack LiveCD
  • Download tazusb (Slitaz installer) from our website
  • Connect your USB stick to your machine
  • Launch tazusb.exe and follow the instructions.

On Linux:

  • You can use the tazusb script you'll find on the Slitaz distribution.
  • To do it manually, mount ophcrack LiveCD ISO file using the "-o loop" switch. Copy the files from loop directory to the USB stick. Umount the USB stick and the ISO file. Execute syslinux on the device corresponding to your USB stick ("syslinux /dev/sdb1" for example).

Old instructions (LiveCD version 2.1.0 and less)

On Windows:

  • Decompress the iso file you downloaded to the root of the USB stick with your favorite decompression software (like 7-zip). There should be two directories on your USB stick (boot and ophcrack).
  • Execute the script bootinst.bat that is in the boot directory.
  • Reboot your computer and make sure it boots from the stick.

On Linux:

  • Mount your iso file to a new directory (mount -o loop /path/to/isofile.iso /path/to/new/directory)
  • Copy all the directories to your USB stick (cp -r /path/to/new/directory /mnt/usb)
  • Execute the script bootinst.sh that is located in the boot directory of the USB stick.
  • The USB stick is now bootable.

How to use more tables with the LiveCD?

You bought additional tables and want to add them to the LiveCD so that ophcrack automatically detects them when it starts. With ophcrack LiveCD 2.3.0 and newer, it is really easy to add new tables.

When the LiveCD starts, it will try to detect tables on all the devices connected to the computer (USB stick, external hard drives, internal hard drives, CDROMS, ...). All you have to do in order to make it works is to put them in a directory called "tables" at the root of this drive.

For example, let's imagine that you want to put the Vista free tables and Vista special tables on a USB stick:

  • First, create a directory "tables" at the root of your USB drive.
  • Then put each set of tables in its own directory (its name is not important):

    tables\vista_free
    tables\vista_special
    tables\XP_special

or

tables\1
tables\2
  • That's all!

Using ophcrack

What are rainbow tables?

They were invented by Philippe Oechslin, which is the author of ophcrack as well. You can read the article or read a more accessible explanation.

Can I use rainbowcrack tables with ophcrack?

No, these tables do not use the same format as ophcrack ones. We will not add any support for such tables in the future.

What is the difference between "XP free small" tables and "XP free fast" tables?

Both XP free small tables and XP free fast tables cover 99.9% of alphanumeric passwords. If you have 512MB of RAM or more, the cracking will be usually faster with XP free fast tables. XP free small are better suited for those who cannot download large files.

They have approximatively half of the passwords that are exactly the same (5000 first columns of 15'400'000 perfect chains) and the others are randomly selected. Therefore, using one after the other should improve the overall percentage of passwords covered. But you will remain between 99.9% and 100%.

Does ophcrack cracks accented characters?

Currently, ophcrack can crack the following characters on Windows XP English only:

ÈÊËèêëÙÚÛùúûÀÁÂÃàáâãÒÓÔÕòóôõÌÍÎÏìíîï

For cracking german characters, you will need to buy the XP german tables. We do not plan to release tables for any other language so far.

Does ophcrack installer contains viruses?

Ophcrack installer includes pwdump6 from Fizzgig. This tool is often detected as malware by antivirus softwares (usually samdump.dll and pwservice.exe). These files are not infected, but categorized as evil software. If you do not feel safe installing ophcrack, you will find online source code for every tool it includes as well as the main program.

Why is ophcrack much powerful on Windows XP than Windows Vista?

XP has a "security hole" that allows you to crack your password very easily. Vista fixed the "security hole" and therefore is much harder to crack. Several thousand to several trillion times harder. You'll need about a zettabyte of disk space and it will take 220 days + lookups + false alarms. (It goes kilobyte, megabyte, gigabyte, terabyte, petabyte, exabyte, zettabyte).

To crack Vista passwords you'll need to do the following:

You could always reset the password with this program http://pogostick.net/~pnh/ntpasswd/. You'll lose anything you have encrypted. If you're trying to get into someone else's computer they will know there computer has been tampered with since their password is different.

(thanks to Sc00bz)

Does ophcrack works on Windows XP SP3?

Yes, ophcrack (and ophcrack LiveCD) works well on Windows XP SP3.


Related

Wiki: Home