Ophcrack is a password-cracking tool designed specifically for recovering Microsoft Windows login credentials. Developed by Swiss company Objectif Sécurité, Ophcrack can crack most Windows passwords in a matter of minutes.
The best password managers can help you keep track of all your online passwords, but they’re little help if you’ve forgotten your Windows login. Therefore, Ophcrack and other password recovery tools can be useful for all PC users.
Ophcrack: Plans and pricing
Ophcrack is an open-source project. You can download and use it for free, and all the source code is available online.
Ophcrack deciphers passwords by using rainbow tables, which are like dictionary files. You must separately download at least one of these rainbow tables for Ophcrack to work. Until September 2019, the company charged users to download the largest rainbow tables, able to crack the most complex passwords. Now, these are also available for free.
In Windows, local user credentials are stored in LMHash or NTHash password hashes in what is known as the Security Account Manager (SAM). Essentially, hashes are obscured versions of your passwords. If your login password was ‘itproportal’, for example, it would be stored on a Windows Vista machine as ‘7c28442acd0bf217890362f2dcd1b6d2’.
You’ll typically need to use another program such as pwdump8 or samdump2 to extract these password hashes from your Windows installation. After you have the password hashes, you can use Ophcrack to decrypt them, revealing the original passwords.
You can download a pre-built application version of Ophcrack for Windows, or you can run Ophcrack on Linux or macOS by compiling it from the source code.
Alternatively, you can download a live CD version of Ophcrack, and burn it to a physical disc or put it on a USB drive. Then, you restart your computer and boot into the Ophcrack CD. This way, Ophcrack can decipher the passwords of a Windows PC you can’t log into at all.
The live CD process automatically searches your computer’s hard drives for a Windows installation, finds the LM or NTLM password hashes from the SAM, and attempts to decrypt them.
Ophcrack uses rainbow tables to decrypt passwords. Without going into extensive detail here, rainbow tables are lists of password permutations that the program will run through to find a matching password. A small rainbow table will be fast, but won’t find complex passwords. A large rainbow table will be slower, but more likely to match longer, more complicated passwords.
Ophcrack offers 17 different rainbow tables for various scenarios. If you are attempting to crack a Windows XP password, you will need one of the six LMhash tables. The smallest rainbow table is 380MB in size, and covers all mixed alphanumeric passwords up to 14 characters. If your password contains special characters, you’ll also need another rainbow table that’s 8.7GB in size.
Operating systems from Windows Vista onward use NThash tables for encrypting passwords. Ophcrack has rainbow tables for NThash, which range from a 450MB dictionary-based table to a colossal 2TB table that includes all alphanumeric symbols in mixed case and all special characters.
Interface and in use
Using Ophcrack requires a certain level of technical knowledge. It’s not a password recovery tool you can send to a friend or family member as a quick fix for them forgetting their details, as it requires at least a little understanding of how Windows passwords work.
Besides downloading the software and optionally burning it to a live CD, you also need to download the correct rainbow tables for your requirements, and extract them into a folder. Then you need to get access to the password hashes Ophcrack will attempt to decrypt, which often requires downloading and running another program like pwdump8.
The live CD version of Ophcrack attempts to automate much of this process. If the password to be recovered is relatively simple, you should be able to pop in the live CD of Ophcrack and wait a few minutes for it to display the correct password. This doesn’t work when your password is more complex, though, as only a relatively small rainbow table is stored on the live CD.
There are a few other settings you can choose in the preferences menu. The most important choices here allow you to throttle Ophcrack’s use of your CPU and disk drives while it's attempting to crack passwords.
Ophcrack has very limited support. You’re expected to learn how to use the software yourself. There is, however, an FAQ page, a how-to document, and an inactive forum to help you.
The how-to document is well written, but it assumes you already know how to use third-party tools like phdump or fgdump to dump the SAM of a Windows system, so you may need to do some additional research.
Kon-Boot is an alternative to Ophcrack that’s a little easier to use. Instead of recovering the Windows password, it bypasses this altogether so you can gain access to your PC. It’s a commercial product that costs $25 for a personal license or $75 for a commercial license.
PassFab 4WinKey is another alternative product that lets you reset your Windows password. Again, it’s easier to use than Ophcrack, if all you want to do is access a Windows computer you don’t know the password for. However, it’s a paid product, starting at $19.95.
Ophcrack has long been one of the most popular Windows login-cracking tools, and for good reason. Its rainbow table approach means you can use it to crack simple passwords exceedingly quickly, or complex passwords over several hours.
It’s not a simple tool to get started with, as you’ll need to perform some additional steps to get it working. But once you’ve got a handle on how it works, it’ll remain a useful tool for any time you need to recover a Microsoft Windows login password.