README.md
1# ophcrack (Time-Memory-Trade-Off-Crack) #
2
3
4## About ##
5
6A windows password cracker based on the faster time-memory trade-off using
7rainbow tables.
8
9This is an evolution of the original ophcrack 1.0 developed at EPFL
10(http://lasecwww.epfl.ch/~oechslin/projects/ophcrack)
11
12Ophrack comes with a Qt Graphical User Interface which runs on Windows,
13Mac OS X as well as on Unix.
14
15
16## Install ophcrack ##
17
18Ophcrack can be downloaded from sourceforge: http://ophcrack.sourceforge.net
19
20Binaries compiled for Windows are provided. These binaries are standalone
21(portable) and no installation is required.
22
23The Linux version is a source package. It can be compiled and
24installed using these commands:
25```
26./configure
27make
28make install
29```
30
31
32### Tables ###
33
34The tables have to be downloaded manually:
35http://ophcrack.sourceforge.net/tables.php
36
37
38
39## HOWTO ##
40
41This howto assumes you have already installed ophcrack 3 and downloaded the
42ophcrack rainbow tables you want to use. It also assumes that you understand how
43to use third party tools like pwdump or mimikatz
44(https://github.com/gentilkiwi/mimikatz) to dump the SAM of a Windows system.
45
46Ophcrack and the ophcrack LiveCD are available for free at the ophcrack project
47page (http://ophcrack.sourceforge.net/).
48
49Ophcrack rainbow tables are available at ophcrack rainbow tables page
50(http://ophcrack.sourceforge.net/tables.php).
51
52
53### First step (optional) ###
54
55This step is optional but will speed up the cracking process.
56
57Run ophcrack and set the number of threads under the Preferences tab to the
58number of logical cores of the computer running ophcrack (accounting for
59Hyper-threading).
60
61
62### Second step ###
63
64Load hashes using the Load button. You can either enter the hash manually
65(Single hash option), import a text file containing hashes you created with
66pwdump, mimikatz or similar third party tools (PWDUMP file option), extract the
67hashes from the SYSTEM and SAM files (Encrypted SAM option) or dump the SAM from
68the computer ophcrack is running on (Local SAM option).
69
70For the Encrypted SAM option, the SAM is located under the Windows
71system32/config directory and can only be accessed for a Windows partition that
72is NOT running. For the Local SAM option, you MUST execute ophcrack with the
73administrator rights on the computer you want to dump the SAM.
74
75
76### Third step (optional) ###
77
78This step is optional but will speed up the cracking process.
79
80Delete with the Delete button every user account you are not interested in (for
81exemple the Guest account). You can use the Ctrl key to make multiple selection.
82Ctrl-a will select every loaded hash.
83
84Keep in mind that the time needed to crack password hashes with rainbow tables
85is proportional to the number of hashes loaded. With a brute force attack the
86cracking time is NOT dependant on the number of unsalted hashes loaded. That's
87why it's advisable to remove any unnecessary user account with the Delete
88button.
89
90
91### Fourth step ###
92
93Install (Tables button), enable (green and yellow buttons) and sort wisely (up
94and down arrows) the rainbow tables your are going to use. Keep in mind that
95storing the rainbow tables on a fast medium like a SSD will significantly
96speed up the cracking process.
97
98
99### Fifth step ###
100
101Click on the Crack button to start the cracking process. You'll see the progress
102of the cracking process in the bottom boxes of the ophcrack window. When a
103password is found, it will be displayed in the NT Pwd field. You can then save
104the results of a cracking session at any time with the Save button.
105