ophcrack-cli

ophcrack-cli [options]

-t table_path
    Specifies the path to the rainbow table directory. Required for cracking.

-d dump_file
    Specifies the path to the SAM database dump file (e.g., created with pwdump or similar tools). This is where the password hashes are read from.

-s session_name
    Specifies a session name. Useful for organizing and resuming cracking processes.

-l
    Lists available tables in the specified directory.

-h
    Displays the help message and exits.

-v
    Enables verbose output.

-p
    Show cracked password on standard output.

-i index
    Filter the index that will be used.

ophcrack-cli is a command-line tool for cracking Windows passwords using rainbow tables. It's the command-line interface for the ophcrack graphical password cracker.

The tool operates offline, meaning it doesn't require a running Windows instance to extract and crack the password hashes. It uses pre-computed rainbow tables to rapidly recover passwords from the SAM database (Security Account Manager) extracted from a Windows system.

Essentially, it parses the SAM file (or extracts the hashes from it) and then compares the password hashes found in that file with the pre-computed values in the rainbow tables. If a match is found, the corresponding plaintext password is revealed.

It's particularly effective against simple passwords (short length and low complexity). Ophcrack and, by extension, ophcrack-cli, are powerful tools, but their effectiveness decreases significantly against stronger, more complex passwords. Using strong passwords remains the best defense.

The effectiveness of ophcrack-cli is directly tied to the available rainbow tables. If a password is not represented within those tables, it cannot be cracked.

Rainbow tables can be very large, requiring significant storage space.

Example:

ophcrack-cli -t /path/to/rainbow/tables -d /path/to/sam_dump.txt -s my_session

This command would attempt to crack passwords from the 'sam_dump.txt' file, using rainbow tables located in the '/path/to/rainbow/tables' directory, and save the session as 'my_session'.

Ophcrack was originally developed by Philippe Oechslin. It gained popularity as a freely available tool for password cracking and was one of the first widely used implementations of rainbow tables on a Windows platform. The 'cli' version is intended to be a more manageable and automated alternative to the graphical interface for deployment on headless systems or scripting scenarios.

pwdump(1)