Getting Started with Ophcrack: The Absolute Beginner

Competing in CTF competitions is helpful in identifying where your strengths and weaknesses are, as well as introduces you into new tools. They often challenge you to seek resources outside of your comfort zone. During the NCL competition I was reintroduced to a tool that I haven’t had much experience working with, Ophcrack. The issue I found myself in was not knowing how to import tables correctly to get it running. Here are some tips I wanted to put out there for anyone just getting started with this tool.

Article Objectives:

• Download tables
• Import tables into Ophcrack
• Crack LM hashed passwords

What is Ophcrack?

Ophcrack uses rainbow tables to brute-force thousands of combinations of Windows passwords each second by using LM hashes.

In this NCL challenge you were given a set of hashes to crack. Ophcrack was used on the basis that it is used specifically for LM hashed passwords.

If you’re not sure what type of hash value you’re dealing with, you can try using:

· hashid

· hash-identifier

Getting Started: Download tables

1. We need to download the tables that we want to add. Navigate to Sourceforge.

Shown: Navigating to Sourceforge Ophcrack page

2. Click on “Files”

Shown: Navigating to the “Files” tab

3. Select “tables”

Shown: Contents of “tables” folder

Select the table that you’re interested in. In my case I was after “XP special”. This is what the contents of that folder looks like:

Shown: Contents of XP special folder

Before you start downloading all the tables, I highly recommend creating a directory and name it after the tables that you’re downloading. In my case I created a directory named “XP special”

mkdir “XP special”

Then to make things a little more efficient, you can redirect your downloads to this folder to prevent needing to move all the files from your Downloads folder to your target folder. (Make sure to change this back to avoid a headache!)

Now we’re ready to load these tables into Ophcrack! Yay! If you’re working on Kali then you should already have this preinstalled. But if not here is the link where you can find both Linux and Windows downloads.

Loading tables into Ophcrack

1. Launch Ophcrack

Shown: Ophcrack after it has been launched. (NOTE: You will likely not see XP special showing in the bottom pane. I have already loaded my tables.)

2. Select “tables”

Shown: Click on “Tables”. (outlined in image)

3. A pop-up window will appear. (“Table Selection”). Tap “Install”

Shown: Tap “Install” and navigate to the folder you created for your tables.

If all went well it should look like this when you’re done:

Shown: Loaded tables (NOTE: table0-table3 are loaded)

Only enable one table at a time! Using multiple tables at the same time (from what I’ve read) is a waste of time and will slow down your PC by a lot! The rate at which it will complete will be dependent on the processing power and memory space of your PC or VM. Running one table slowed my machine down and I needed to wait for it to complete before I could do anything else on my Virtual Machine(VM).

If you have more than one type of table type loaded you can easily disable one table by selecting it and tapping the yellow circle icon. (shows in the legend as “disabled”)

Loading Passwords

Whoo Hoo! The home stretch! Time to load those passwords! We have a few different options here:

Shown: Options for loading passwords

• Single Hash
• PWDUMP file
• Session File
• Encrypted SAM

Since I only have experience with the first two options, those are the ones I’ll cover here.

Single Hash —

1. Tap “Load”
2. Tap “Single hash”
3. Paste the hash value that you want to crack into the pop-up menu that appears.

Shown: Loading a single hash

You can load as many hashes as you want individually. If you only have a couple then this may be the way to go.

PWDUMP file —

1. Create a text file (eg. hashes.txt)
2. Paste the LM hashes that you want to crack. One hash per line.
3. Tap “Load” in Ophcrack
4. Tap “PWDUMP file”
5. Navigate to the location of your text file that contains your hashes.

Now all of your passwords should be loaded! Time to crack those hashes!

Time for Cracking

When you’re ready just tap “Crack” and wait for the program to finish running. It may take some time for this to complete, so be patient. When it has finished running you should see something like this:

Shown: Cracked LM hashed password

The password in this case was 587-<C6

Troubleshooting

The first time I tried cracking hashes I noticed that only 2/5 of the passwords were cracked. I compared the contents of the “XP special” folder that was created to the folder that was on Sourceforge. I noticed that not all of the tables completed downloading. To fix this, I just downloaded the missing files and confirmed that the downloads completed.

Conclusion

These were some key takeaways that I gained during my experience with Ophcrack. I hope this helps someone who is just getting started!