- Windows Password Encryption Method:
Windows uses the following two algorithms to encrypt user names and passwords:
LanManager (LM) and NTLM, respectively. lm can store only hash passwords of less than or equal to 14 characters. If there are more than 14 passwords, Windows will automatically use NTLM to encrypt them, generally, the hash exported using PWDump or some other hash export tools (such as Cain) have the corresponding LM and NTLM values, that is, the number of digits of the password <= 14, if it is greater than 14 bits, only the corresponding NTLM hash is available, and lm also has a value, but it is useless for us. We cannot rely on it to query the LM rainbow table.
- Operating System:
For XP, Win2k, and win2k3, lm is used for encryption by default (or set to NTLM). lm is disabled in later win2008, win7, and Vista, and NTLM is used by default, therefore, do not use the rainbow table generated by LM to find the NTLM hash value, but in turn, because lm-based encryption usually has a corresponding NTLM Hash (if the number of digits of the password is less than or equal to 14, the system uses NTLM to encrypt the password and store the NTLM hash ), in this case, the NTLM table of ophcrack is used to search for the NTLM hash instead of the LM hash.
- Rainbow table:
Algorithm
Rainbow tables correspond to algorithms, such as MD5 generation, lm generation, NTLM, and Sha generation. Therefore, pay attention to the hash type you get when using them, it is a waste of time to crack the table by using the corresponding rainbow table instead of Zhang guanli Dai. It is a waste of time to crack the table using the LM rainbow table instead of making an MD5 hash.
Use of ophcrack
If you use ophcrack to crack the Windows Password, you can only use the rainbow table provided on his official website. It seems that he has performed special compression on these tables, A table of the same character set is much smaller than a table generated by itself. Therefore, if you use ophcrack, those generated on the Internet or by yourself cannot be used.
How to generate
You can use winrtgen/winrtgen.exe and rainbowcrack under Cain and find them online.
Where to download
This is a free rainbow table download site http://www.freerainbowtables.com
How to select a rainbow table to crack windows passwords
Generally, rainbow tables on the ophcrack official website are generated using lm encryption algorithms for XP, 2000, and 2003, and are generated using NTLM encryption algorithms for Vista, 2008, and win7.
- Prevention and Security:
Security issues have never been clearly explained. Here, we only discuss how to take security measures when using ophcrack and rainbow table to crack windows passwords.
1. Use more character sets
Try to use 33 special characters in the password ,! "# $ % & '() * +,-./:; <=> [Email protected] [/] ^ _' {| }~ (Including spaces). In fact, only one character can be used to achieve the effect. Most rainbow tables contain these 33 special characters. If they are included, they will not only contain one of them. Therefore, using a rainbow table is the same as using all the rainbow tables. As long as the attacker's rainbow table contains this character set, it will be broken, but it is only a matter of time, if the rainbow table does not contain these special characters, you cannot crack your password. For example, free XP free small only supports 26 uppercase and lowercase letters and numbers, and does not contain spaces or other characters. Therefore, if your password contains a space or other symbols, even if the password is a space or a special symbol, it cannot be cracked by this table.
2. Increase the password length (at least> = 15)
If you use a password of more than 15 characters, XP free small cannot be run, because it is generated based on LM algorithm, LM algorithm can only support a maximum of 14 key hash, if you need to crack this password, you need to change it to the NTLM rainbow table, such as Vista free or Vista special (8.0 GB)
3. Change the encryption method
For XP, 2000, 2003, and, the default lm encryption mode of the operating system is changed to NTLM. There are many ways to handle this problem online.
- Rainbow table details on the ophcrack official website and their character set support
From: http://ophcrack.sourceforge.net/tables.php
XP free small (380 MB)
Formerly known as SSTIC04-10k
Success rate: 99.9%
Charset: 0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
Md5sum: 17cfa3fc613e275236c1f23eb241bc86
XP free fast (703 MB)
Formerly known as SSTIC04-5k
Success rate: 99.9%
Charset: 0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
XP special (7.5 GB)// Crack the LM password with <= 14 characters including the following characters
Formerly known as WS-20k
Success rate: 96%
Charset: 0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz! "# $ % & '() * +,-./:; <=> [Email protected] [/] ^ _' {| }~ (Including the space character)
Vista free (461 MB)
Success rate: 99%
Charset: based on a dictionary with variations (hybrid mode)
Md5sum: 403cf58178d7272a48819b47ca8b2e6b
Vista special (8.0 GB)
Formerly known as nthash
Success rate: 99%
Passwords of length 6 or less
Charset: 0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz! "# $ % & '() * +,-./:; <=> [Email protected] [/] ^ _' {| }~ (Including the space character)
Passwords of length 7
Charset: 0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
Passwords of length 8
Charset: 0123456789 abcdefghijklmnopqrstuvwxyz
According to the character set supported by the rainbow table above, XP special (7.5 GB) and Vista special (8.0 GB) can crack most Windows operating system passwords, the two tables on the official website do not provide free download, but BT seeds appear in foreign countries...
Ophcrack Vista special nthash table. torrent
Ophcrack XP special tables. torrent
- Related links:
Http://hi.baidu.com/puddingrrlife/blog/item/9cc02a01e63f7cd2267fb5f2.html
Use a combination of rainbow tables and ophcrack to crack windows passwords
Http://sourceforge.net/apps/mediawiki/ophcrack/index.php? Title = frequently_asked_questions
Ophcrack FAQs
Http://www.freerainbowtables.com
Downloads, rainbowcrack, and so on, but it has been proved that the download time is much less than the time you generated, unless you have a bunch of high-performance servers
Http://ophcrack.sourceforge.net
Ophcrack is on the SourceForge official website. Here you can download the source code, binary program, some free rainbow tables, and Linux-based livecd of ophcrack, the livecd contains free rainbow tables for XP and Vista, which can crack some common passwords. The character sets of these two rainbow tables support 26 uppercase/lowercase letters and 10 numbers, space is attached to Vista, but 32 other special symbols are not included.
Livecd allows you to start and crack the Windows Password on a CD without entering the Windows system... Nonsense. You don't need to break it in. :). It's slow and slow... The theme we have been advocating is "how to restore the lost Windows Password", rather than "how to crack the Windows Password... If you think that the rainbow table included in the CD is not enough, you can download XP special (7.5 GB) or Vista special (8.0 GB) and burn it to the DVD, so that you have more character set support, these two tables can basically deal with most Windows passwords. Note: The livecd on the official website is a Linux system that can be run on a CD, without installation.
For ease of use, you can also use winpe to install ophcrack and load the System of the required rainbow table into windows livecd:
1. Install a clean windows and ophcrack on the Virtual Machine. Assume that the installation directory is C:/program files/ophcrack/tables.
2. Copy the required rainbow table to the directory c:/program files/ophcrack/tables to form the following sub-directories/Tables/xp_fast/AND/Tables/vista_free
3. Install the two copied tables in ophcrack.
4. Burn livecd to a Windows environment,
In this way, you can crack the Windows Password installed on the hard disk on the Windows Server started on the CD.
If you still need to use it in Linux, you can also use utraliso to unbind livecd and put the required rainbow table under H:/tables, in this way, after livecd is started, find the corresponding directory to install the rainbow table (/mnt/sr0/Tables, folder "sr0" depends on the actual situation) and then crack it. So that XP and Vista can be carved one by one!
Again, if you often use bt3 and do not want to burn the livecd of ophcrack separately, you can also install ophcrack in bt3 and burn it, in this way, you have both bt3 and ophcrack livecd .... I seem to have gotten into a dial: (speak nonsense)
In short, you can use your favorite operating system to install ophcrack and load the required rainbow table to customize your own livecd.
- Problems:
When a Linux boot disk contains more than two rainbow tables, after ophcrack is started, the two tables are loaded to start cracking. That is, it will waste some time,
If you are using XP, 2 K, and 2K3 systems, it is enough to use the xp_free_fast table. Otherwise, another table is used, so you only need to have one table
Load, so after you enter the Linux system and start ophcrack to load the Windows user password, you can click "stop" when loading two tables in ophcrack ", disable the table you do not need in the tables column, and then click "crack" to save loading time for another table. It is only recommended that you do not have to. After entering the system, ophcrack will run it on its own, load Windows user password information, load all the rainbow tables that should be loaded, and then crack them. If there is no interference, it will start from the beginning to the end, and you do not have to worry about what will happen, it will take a few minutes at most. :)
- Ophcrack and OS version Problems
Worker manually extracts the Sam information to the dump file, and then imports the Sam information to the ophcrack using the ophcrack import dump file function.
Enter pwdump7.exe> sam.txt in the command line to extract the system's sam.txt information to the file sam.txt.
- Loiloway
When livecd is used in a virtual machine, I cannot find the disk fdisk-L in windows. I can only see the content in my CDROM. The real environment is okay. I don't know if it is a virtual machine configuration problem, in short, the results are useless, and they are only experimental. In actual situations, they are not virtual machines, so they are not used in depth.
Lm & NTLM & ophcrack & rainbow table