I read a couple of posts on Digg about the tool, but never had reason to test the tool. Working in NetSec, there are always new and exciting things that appear on our radar. In short, we had some vendor supplied (and supported) servers and they either lost or misplaced the local admin password.
I made a quick visit to the ophcrack page for the ISO and also downloaded the Windows Server Resource Kit tools for cdburn.exe to burn the iso.
The admin password was cracked in about 10 minutes. The entire list of 10 accounts (including IUSR and IWAM) were cracked in maybe 25 minutes -- I wasn't keeping an exact count.
- The tool just worked. It boots up and goes. No real work involved.
- This is a great way to audit local password strength. We learned the vendor-selected passwords were pretty weak.
Rainbow tables obviously speed things up. Thanks ophcrack.
This tool is obviously not hard to use. Might it change the way you manage (or think about managing) your workstations? Privilege escalation anyone? Do you know who might be on your outsourced overnight cleaning staff?
Good thing people don't store files locally on their workstations ... I mean, uh.
Here comes full drive encryption.