LinuxCommandLibrary

ophcrack

windows password cracker that uses rainbow tables to recover passwords from LM

TLDR

Crack passwords from a pwdump file using rainbow tables

$ ophcrack -g -d [path/to/tables] -f [hashes.txt]
copy
Crack with specific tables and multiple threads
$ ophcrack -g -d [path/to/tables] -t [xp_free_fast] -f [hashes.txt] -n [4]
copy
Crack and save results to a file
$ ophcrack -g -d [path/to/tables] -f [hashes.txt] -o [cracked.txt]
copy
Enable bruteforce alongside rainbow tables
$ ophcrack -g -B -d [path/to/tables] -f [hashes.txt]
copy
Run in quiet mode with logging
$ ophcrack -g -q -d [path/to/tables] -f [hashes.txt] -l [log.txt]
copy
Launch GUI mode
$ ophcrack
copy

SYNOPSIS

ophcrack [options]
ophcrack -g -d tablesdir -f hashfile

DESCRIPTION

ophcrack is a Windows password cracker that uses rainbow tables to recover passwords from LM and NTLM hashes. It implements a time-memory trade-off technique, pre-computing hash chains that dramatically speed up the cracking process.
The tool can crack Windows NT, 2000, XP, Vista, 7, 8, and 10 passwords. Free rainbow tables are available for common password patterns, with paid tables offering higher success rates. It can import hashes from pwdump files, SAM/SYSTEM registry files, or by dumping directly from local/remote Windows systems.
Ophcrack provides both GUI and command-line interfaces. The GUI includes real-time graphs analyzing password strength distribution. A LiveCD version allows booting directly on a Windows machine to extract and crack passwords without installing software.

PARAMETERS

-g

Disable GUI, run in command-line mode
-d DIR
Specify rainbow tables base directory
-t TABLES
Specify tables to use (table_name,start,end:...)
-f FILE
Load hashes from pwdump or session file
-o FILE
Write output in pwdump format
-l FILE
Log all output to file
-n NUM
Number of threads to use
-a
Disable audit mode (default)
-A
Enable audit mode
-b
Disable bruteforce
-B
Enable bruteforce (default)
-c FILE
Specify configuration file
-e
Do not display empty passwords
-i
Hide usernames in output
-I
Show usernames (default)
-p NUM
Preload level (0=none, 1=index, 2=index+end, 3=all)
-q
Quiet mode
-r
Start cracking immediately (GUI only)
-s
Disable session auto-saving
-S FILE
Session file for auto-saving progress
-u
Display statistics
-D
Display debugging information
-h
Show help

CAVEATS

Rainbow tables require significant disk space (hundreds of MB to tens of GB). LM hashes are limited to passwords up to 14 characters and are case-insensitive. NTLM hashes are harder to crack. Success depends on having appropriate tables for the password character set. Only use on systems you own or have authorization to test.

HISTORY

Ophcrack was developed by Philippe Oechslin at EPFL (Swiss Federal Institute of Technology) and first released in 2004. Oechslin invented the rainbow table technique as an improvement over earlier time-memory trade-off methods. The tool demonstrated the weakness of LM hash storage, contributing to Microsoft's decision to deprecate LM hashes in Windows Vista and later versions.

SEE ALSO

hashcat(1), john(1), pwdump(1), rcrack(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community