信息来源:邪恶八进制信息安全团队(
www.eviloctal.com)
Summary
A Windows password cracker based on the faster time-memory trade-off using rainbow tables. This is an evolution of the original Ophcrack 1.0 developed at EPFL. Ophrack 2.3 comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.
Ophcrack Live CD
The Ophcrack LiveCD is a bootable Linux CD-ROM containing ophcrack 2.3 and a set of tables (SSTIC04-10k). It allows for testing the strength of passwords on a Windows machine without having to install anything on it. Just put it into the CD-ROM drive, reboot and it will try to find a Windows partition, extract its SAM and start auditing the passwords.
Getting it
You can download the ISO image from SourceForge mirrors.
Package
You will find ophcrack 2.3 release (source tarball and win32 installer) at the root of the CD-ROM. The tables are located in directory 'ophcrack/10000'. Please feel free to install ophcrack and copy the tables on your harddisk if you want to use ophcrack outside of the LiveCD.
Cracking special characters
The included release of ophcrack is able to deal with extended charset tables (alphanumeric + 33 special characters). To do that, it needs a new tables set called WS-20k that can be purchased on Objectif Securite website
Release notes
Version 1.1 is the second stable public release. This LiveCD is based upon the Slax LiveCD v.5.1.7. It has been customized to include Ophcrack 2.3 and the SSTIC04-10k tables set. It is able to crack 99.9% of alphanumeric passwords. Since the tables have to be loaded into memory, cracking time varies with the amount of available RAM. The minimum amount of RAM required is 256MB (because the LiveCD uses a lot of it). The recommended amount is 512MB. Ophcrack will auto-detect the amount of free memory and adapt its behaviour to be able to preload all the tables it can.
A shell script launched at the beginning of the X session does the job of finding the Windows partition and starting appropriate programs to extract and crack password hashes. It will look for all partitions that contains hashes. If more than one are found, you will have to choose between them.
If your partition is not detected, make sure your the partition containing the hashes you want to crack is mounted and the use ophcrack 'Load from encrypted SAM' function to recover your Windows hashes. Then click 'Launch' and the cracking process will start.
Using Ophcrack 2.3
Getting the hashes
The interface allows for three ways of dumping password hashes:
encrypted SAM: dumps the hashes from the SAM and SYSTEM files retrieved from a Windows machine while booting on another disk. Note that in this case you do not need to know a Windows administrator password to get the hashes.
local SAM (only for the Windows version of Ophcrack 2.3): dumps the hashes from the Windows machine the program is running on. You need to be administrator of your local machine for this to work.
remote SAM (only for the Windows version of Ophcrack 2.3): dumps the hashes of a remote Windows machine, provided you know the username and password of an administrator and the name of a share.
Alternatively, you can also crack hashes that you have saved from a previous session or obtained with another tool.
Cracking the hashes
The launch button starts the cracking process. It can be interrupted and the results saved in a file, which can be loaded again at a later time.
Rainbow tables
Ophcrack 2.3 uses the alphanumeric table sets of ophcrack 1.0 as well as new table sets with special characters. This means that it cracks 99.9% of passwords of length 1 to 14 containing uppercase letters, lowercase letters and numbers with the old table sets. With the new table set, it cracks 96% of passwords of length 1 to 14 composed by characters contained in this set:
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[\]^_`{|}~ (including the space character)
Ophcrack 2.3 also cracks NTLM hashes using a new tables set called NTHASH. It cracks 99% of:
passwords of length 6 or less composed by characters in this set:
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[\]^_`{|}~ (including the space character)
alphanumeric passwords of length 7 (lower- and uppercase)
alphanumeric passwords of length 8 (lowercase only)
SSTIC04 table sets
These are the alphanumerical tables. They are distributed freely under the GNU general public license (GPL) and come in two sizes:
SSTIC04-5k is a large one (720MB) for machines having atleast 500M of RAM.
SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM.
The tables can be downloaded from the page
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack
Note that with the time-memory trade-off, the number of operations needed to crack a password reduces with the square of the table size. Thus the large tables should be roughly 4 times faster.
WS table sets
These are the tables with special characters. They are not distributed freely. A DVD containing the tables can be ordered from the page
http://www.objectif-securite.ch/ophcrack
WS-20k is a large set of tables (7.5 GB).
NTHASH table sets
These are the tables that cracks NTLM hashes. They are not distributed freely. A DVD containing the tables can be ordered from the page
http://www.objectif-securite.ch/ophcrack
NTHASH is a large set of tables (8 GB).
The tables used by ophcrack are not compatible with the ones generated by another tool called rainbowcrack. The tables of ophcrack are much more compact and since memory can be traded for time, allow for much faster cracking of passwords.
More information
For more information on the rainbow tables, read this publication from the author of Ophcrack and inventor of the rainbow tables:
Making a Faster Cryptanalytical Time-Memory Trade-Off, Philippe Oechslin, Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings. Lecture Notes in Computer Science 2729 Springer 2003, ISBN 3-540-40674-3
This paper describes the use of rainbow tables and compares their performance with the best variants that have been used before.
Getting and installing Ophcrack 2.3
Ophcrack 2.3 can be downloaded from the project page on SourceForge.
The Windows version comes with an installer that suggests automatic install or download of the tables.
The Linux version is a source package. It can be compiled and installed using the ./configure, make and make install commands. The tables have to be downloaded by hand, from the URL given above or copied from the DVD or LiveCD.
Changes since version 2.2
New features:
Support for cracking of NTLM hashes
Auto-detection of tables type
Preload of the tables with Windows (makes the cracking process much faster)
Support of pwdump6 instead of pwdump2/pwdump4 to avoid LSASS crash (Win32 only)
Replacement of the binary search by a linear search
Support of Mac OS X (Intel CPU only) thanks to Cedric Luthi
Status bar is more explicit than before
Help menu added
Bugs fixed:
Configure script improved (thanks to Cedric Luthi)
Loading files containing many hashes are better handled
Some memory leaks fixed
Handling of special characters in username improved
Few smaller bugs
这里取得该软件:
http://ophcrack.sourceforge.net/#getting
