There are few tasks users fail easier than remembering their logon password. Unfortunately Windows is relatively secure in keeping it safe. Fortunately you can still crack it. :)
Ophcrack is perfect tool for this.
How passwords are stored
- passwords are not stored. Stored is their
- hash (LM and/or NTLM ) which is saved in
- Security Account Manager (SAM) which is part of
- Windows registry
SAM is not supposed to be accessed while Windows is running - it is locked on kernel level.
Editing or recovering
There are two ways to handle lost password. Both require access to SAM which can be done with some hacking tools under running Windows (troublesome) or by accessing disk drive offline (booting from other media like CD or another HDD).
- Editing SAM to change hash and in that way password to known one. This method is destructive . It works (mostly) but it can backfire rendering OS unbootable. Also if Windows encryption was used - all encrypted files from account edited are lost.
- Reading hash and discovering corresponding password . This one make no changes to the SAM and is perfectly safe .
Ophcrack uses second.
So what is Ophcrack?
Ophcrack is software for calculating passwords by known hash . It uses rainbow tables method. Math (lots of it) to really understand what it is. Skipping that.
Basically rainbow tables trade memory and disk space for time.
- Bruteforcing (trying all possible passwords) require little resources but may take years .
- Rainbow tables require lots of resources but take minutes .
How to use Ophcrack
- Download LiveCD version of Ophcrack.
- Burn it to blank CD (CDBurnerXP is nice app for that).
- Boot from that disc.
- automatically boot (LiveCD version is based on Linux)
- locate SAM on available HDD
- recover hashes from it
- and try to calculate passwords for them
Zero-click solution. Cool, isn't it?
Alternatively you can play with installable Windows version.
Ophcrack itself is free and open source but not all of the tables for it are. Simple tables that fit on CD and can crack most alpha-numerical passwords are free (included in LiveCD version). Bigger and more complex tables must be purchased or found (not easy) or made (if you have few extra years of computing time).
One of the best applications to recover Windows passwords. Free tables won't manage to crack really paranoid passwords but shall easily handle usual ones.
Home&download page http://ophcrack.sourceforge.net/