Ophcrack
Results 1 to 8 of 8

Thread: Ophcrack

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Ophcrack

    Anyone here played with Ophcrack yet?

    http://ophcrack.sourceforge.net/

    Iím just beginning it look at it. It can work like SAMInside by dumping hashes from the SAM and undoing Syskey by pulling the key out of the SYSTEM hive. No admin access is needed if you use a boot disk. Itís open source, multiplatform, has a GUI interface (for those that like that kind of thing) and supports rainbow table. Pretty nice.

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    175
    Yeah checked out last week. Its almost similar to SAMInside.

    I think its particularly made for Rainbow tables.
    \"And life is what we make it. Always has been, always will be.\"

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I noticed this a few days ago and haven't had a chance to play with Ophcrack until today...

    I've ran a few benchmarks and have a few more left to come.

    Basically I concatenated the two sample files that come with LC5 (attached) and used those to test the software.

    I have a few more benchmarks still come (for comparison... but these will do for start.... I'll post the rest tomorrow).

    I'm quite impressed with the software and we've made the assumption that it caches it's database after the first run (you'll see the time coming up to compare the results).

    System 1:

    AMD XP 2500+
    768MB RAM
    1 80GB USB 2 HDD - Location of File to be Cracked and installed Software
    1 45GB 5400RPM HDD - Location of Operating System
    Windows XP
    (Other hardware unimportant)

    First Run: 460 seconds
    Second Run: 204 seconds
    (this is why we believe it caches, we had similar results on another laptop, which we're rebooting to retest, then we'll post the results from it.)

    System 2:

    Laptop - Celeron 2.2Ghz
    512MB RAM
    30GB 4500RPM HDD
    SuSE 9.3

    Single Run: 1164 seconds

    System 3:

    AMD XP 64 - 3400+
    1GB RAM
    2 SATA 120GB HDD (using High Point Controller)
    Windows XP

    Single Run: 174 seconds.

    Anyways... I'm going to do some more testing with a few other systems (1 with 256MB of RAM and maybe an old 350Mhz box just for humours sake... and a Pentium M 1.4 w/ 1GB of RAM).

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I have it running in my lab now. We own lics for L0pht and thus I was very interested to see the open source take.

    More or less, it's L0pht without the nifty reporting capabilities and the masking options while running the tool.

    I cracked a 10 character alpha password (no special chars) on a PII 233 with 256MB RAM running W2K in 217 minutes. Not so shabby.

    I also like that it comes with a few dump proggies such as pwdump2 & 4, samdump2, etc...

    What I want to test is the remote dump feature. I haven't had time so if anyone is ahead of me, I'd love to know if it works as designed.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I cant get the remote dump to work with Ophcrack, put it works fine with pwdump3 across the network.

  6. #6
    AO Łbergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    which table are you using testing with?

    SSTIC04-5k
    or
    SSTIC04-10k

    EDIT: I can't get the remote dump to work either... but I can maually use the pwdump4 remotely and just load the output file.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Same results here. The remote dump is broken. It does throw up an error message very quickly so I will have to capture that to see if it simply calls one of these pwdump proggies and just passes the parameters incorrectly or something. I'll post here when I figure it out.

    I used the remote feature in pwdump4 as well.

    I'm testing with the 5K (slower machine) table.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I've also had problems with the remote dump but that'll hopefully be resolved in future versions.


    TH13: Rerun the test with the 10K version of the tables on your 233. The file names are (in my opinion) backwards... the 5K is the bigger table meant for 500MB+ of RAM and the 10K tables are meant for less than 500MB of RAM.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •