Sunday, January 14

ophcrack LiveCD - a nerd story

Password cracking is nothing new. Ophcrack and Ophcrack LiveCD have been all over Digg, Lifehacker, and the rest of the net.

I read a couple of posts on Digg about the tool, but never had reason to test the tool. Working in NetSec, there are always new and exciting things that appear on our radar. In short, we had some vendor supplied (and supported) servers and they either lost or misplaced the local admin password.

I made a quick visit to the ophcrack page for the ISO and also downloaded the Windows Server Resource Kit tools for cdburn.exe to burn the iso.

The admin password was cracked in about 10 minutes. The entire list of 10 accounts (including IUSR and IWAM) were cracked in maybe 25 minutes -- I wasn't keeping an exact count.

Two things:
  1. The tool just worked. It boots up and goes. No real work involved.
  2. This is a great way to audit local password strength. We learned the vendor-selected passwords were pretty weak.
I had a small assignment in one of my classes at Capitol College using John the Ripper. It worked well, but it was not the most expedient process.

Rainbow tables obviously speed things up. Thanks ophcrack.

This tool is obviously not hard to use. Might it change the way you manage (or think about managing) your workstations? Privilege escalation anyone? Do you know who might be on your outsourced overnight cleaning staff?

Good thing people don't store files locally on their workstations ... I mean, uh.
Here comes full drive encryption.

2 comments:

Didier Stevens said...

I like the rainbow crack idea.
I'm seeing tables popup here and there, all free for download.

On one of my VMware machines, I generated a 20+ gig LM hash table, it took several months, and since it was in VMware, I could pause it whenever I wanted.

perimeter security said...

im new here and Im interested with all the topics specially cracking passwords. thanks