Ophcrack

So, I mentioned I was playing with Ophcrack. That has been fun. I've just been trying setting different passwords on my laptop to see what was crackable and how long it took. This was running on my Compaq 700 series, which is a relatively low-powered little machine. It is only an AMD Duron 1Ghz with 256 Meg of RAM, but it works for me. Thanks Dobie. I'm sure that this process would run considerably faster on a newer machine. Anyway, Ophcrack (from the Wikipedia) "...is an open source program that cracks Windows LM hashes using rainbow tables. It can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes." I didn't know that stuff, so I tried some longer passwords in my experiments. By the way, Rainbow tables are interesting but complex; read up on them if you're interested.

I have a nice table, and (for god only knows what reason) Blogger won't display it right, so here it is in a separate window.

To use this tool, you have to have a computer that boots off the CD that you have in hand. If the computer doesn't boot from the CD (you have to just try it and see if it does or not) then you have to change the CMOS setting for boot order. Smart techs set their computers not to boot from CDs and set a CMOS password, but I'd be interested in seeing how many unprotected computers I could boot in the real world and have success with this. If you have easy access to a machine and time, but not the CMOS password, you can pull the CMOS jumper to clear it. By clearing that password, you gain access to the CMOS settings and change the boot order. If it isn't password protected, you just have to know what F-key to press to get in. Anyway, if you can get the computer to boot the CD, you just sit back and wait. If the password is short and easy (and let's be honest: most people use their dog's name or something) you'll have it in no time without any traces. I guess if you were a smart Orenthal James Hacker you'd wear gloves so as not to leave fingerprints. hehe.

So, the long and short is that hacking passwords is easy if several circumstances go your way. If the machine is CMOS password protected and cabled to the desk and doesn't boot off CD, you're outta luck. Then you have to social engineer the password out of the user, but that's probably illegal, so it would be inadvisable.