Skip to main content

Ophcrack review

A fantastic tool for cracking Windows passwords

Ophcrack's homepage
(Image: © Objectif Securite)

Our Verdict

Ophcrack isn’t the most accessible tool, but it’s a tried-and-true free method of recovering a forgotten Windows login password.

Pros

  • Can crack almost all Windows login passwords
  • Entirely free

Cons

  • Hard to use
  • Minimal support and documentation

Ophcrack is a password-cracking tool designed specifically for recovering Microsoft Windows login credentials. Developed by Swiss company Objectif Sécurité, Ophcrack can crack most Windows passwords in a matter of minutes.

The best password managers can help you keep track of all your online passwords, but they’re little help if you’ve forgotten your Windows login. Therefore, Ophcrack and other password recovery tools can be useful for all PC users.

Ophcrack: Plans and pricing

Ophcrack's webpage discussing its free downloads

You can download all rainbow tables for Ophcrack for free (Image credit: Objectif Sécurité)

Ophcrack is an open-source project. You can download and use it for free, and all the source code is available online.

Ophcrack deciphers passwords by using rainbow tables, which are like dictionary files. You must separately download at least one of these rainbow tables for Ophcrack to work. Until September 2019, the company charged users to download the largest rainbow tables, able to crack the most complex passwords. Now, these are also available for free.

Features

Ophcrack's Windows application in use

The Ophcrack Windows application can crack LM or NTLM passwords (Image credit: Objectif Sécurité)

In Windows, local user credentials are stored in LMHash or NTHash password hashes in what is known as the Security Account Manager (SAM). Essentially, hashes are obscured versions of your passwords. If your login password was ‘itproportal’, for example, it would be stored on a Windows Vista machine as ‘7c28442acd0bf217890362f2dcd1b6d2’.

You’ll typically need to use another program such as pwdump8 or samdump2 to extract these password hashes from your Windows installation. After you have the password hashes, you can use Ophcrack to decrypt them, revealing the original passwords. 

You can download a pre-built application version of Ophcrack for Windows, or you can run Ophcrack on Linux or macOS by compiling it from the source code.

Ophcrack running from a live CD

Ophcrack can also be run from a live CD (Image credit: Objectif Sécurité)

Alternatively, you can download a live CD version of Ophcrack, and burn it to a physical disc or put it on a USB drive. Then, you restart your computer and boot into the Ophcrack CD. This way, Ophcrack can decipher the passwords of a Windows PC you can’t log into at all. 

The live CD process automatically searches your computer’s hard drives for a Windows installation, finds the LM or NTLM password hashes from the SAM, and attempts to decrypt them.

Ophcrack's Windows interface in operation

You must download the right set of rainbow tables for the best results (Image credit: Objectif Sécurité)

Ophcrack uses rainbow tables to decrypt passwords. Without going into extensive detail here, rainbow tables are lists of password permutations that the program will run through to find a matching password. A small rainbow table will be fast, but won’t find complex passwords. A large rainbow table will be slower, but more likely to match longer, more complicated passwords.

Ophcrack offers 17 different rainbow tables for various scenarios. If you are attempting to crack a Windows XP password, you will need one of the six LMhash tables. The smallest rainbow table is 380MB in size, and covers all mixed alphanumeric passwords up to 14 characters. If your password contains special characters, you’ll also need another rainbow table that’s 8.7GB in size.

Operating systems from Windows Vista onward use NThash tables for encrypting passwords. Ophcrack has rainbow tables for NThash, which range from a 450MB dictionary-based table to a colossal 2TB table that includes all alphanumeric symbols in mixed case and all special characters.

Interface and in use

Ophcrack's CPU use options

You can put a throttle on Ophcrack’s CPU use so that it doesn’t use 100% of your CPU all the time  (Image credit: Objectif Sécurité)

Using Ophcrack requires a certain level of technical knowledge. It’s not a password recovery tool you can send to a friend or family member as a quick fix for them forgetting their details, as it requires at least a little understanding of how Windows passwords work. 

Besides downloading the software and optionally burning it to a live CD, you also need to download the correct rainbow tables for your requirements, and extract them into a folder. Then you need to get access to the password hashes Ophcrack will attempt to decrypt, which often requires downloading and running another program like pwdump8.

The live CD version of Ophcrack attempts to automate much of this process. If the password to be recovered is relatively simple, you should be able to pop in the live CD of Ophcrack and wait a few minutes for it to display the correct password. This doesn’t work when your password is more complex, though, as only a relatively small rainbow table is stored on the live CD.

There are a few other settings you can choose in the preferences menu. The most important choices here allow you to throttle Ophcrack’s use of your CPU and disk drives while it's attempting to crack passwords.

Support

Ophcrack's guidance window displaying a guide to using the software

Ophcrack includes a Help button that guides you through the program, but it expects some prior knowledge of cracking tool fundamentals (Image credit: Objectif Sécurité)

Ophcrack has very limited support. You’re expected to learn how to use the software yourself. There is, however, an FAQ page, a how-to document, and an inactive forum to help you.

The how-to document is well written, but it assumes you already know how to use third-party tools like phdump or fgdump to dump the SAM of a Windows system, so you may need to do some additional research.

The competition

Kon-Boot is an alternative to Ophcrack that’s a little easier to use. Instead of recovering the Windows password, it bypasses this altogether so you can gain access to your PC. It’s a commercial product that costs $25 for a personal license or $75 for a commercial license.

PassFab 4WinKey is another alternative product that lets you reset your Windows password. Again, it’s easier to use than Ophcrack, if all you want to do is access a Windows computer you don’t know the password for. However, it’s a paid product, starting at $19.95.

Final verdict

Ophcrack has long been one of the most popular Windows login-cracking tools, and for good reason. Its rainbow table approach means you can use it to crack simple passwords exceedingly quickly, or complex passwords over several hours.

It’s not a simple tool to get started with, as you’ll need to perform some additional steps to get it working. But once you’ve got a handle on how it works, it’ll remain a useful tool for any time you need to recover a Microsoft Windows login password.

The Verdict
3.5

out of 5

Ophcrack review

Ophcrack isn’t the most accessible tool, but it’s a tried-and-true free method of recovering a forgotten Windows login password.