PaulSpoerry.com

This article has gotten a lot of traffic from Stumbleupon. If you’re coming here from Stumbleupon, the URL to this article has changed (used to be paulspoerry.com/index.php/…. and now the index.php has been removed. If you could, please hit your “I like it!” button and give me a thumbs up.Thanx.

The free, open source Ophcrack Live CD is a Windows account password cracking tool designed to help you recover lost Windows passwords.

After you download the 462mb .iso and burn it to a CD, just restart your computer and boot up the Live CD. Once the CD boots, blamo… Ophcrack automatically loads and is on its way to cracking your password.

(screenshot of ophcrack on Linux cracking Windows passwords)

Features:

• Runs on Windows, Linux and Mac OS X (intel).
• Cracks LM and NTLM hashes.
• Free tables available for alphanumeric LM hashes.
• Loads hashes from local SAM, remote SAM.
• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.

I’ve yet to try this live bootable version, but I used l0phtcrack (now LC5 and no longer produced since the company that made it was bought by Symantec) a few years ago and retrieved 99% of the passwords off a backup domain controller in something like 12 hours (using a not-so-powerful desktop to do the cracking).

Get ophcrack Live CD. FYI - you can still get l0phtcrack (aka LC5) from mirrors like sectools.org.

STUMBLEUPON UPDATE:

A couple people have asked if this really works. I just want to re-iterate that this DOES work. It requires physical access to the machine, but if you have physical access you can literally crack every password on a machine in a very short time. As I said above, I used it on a backup domain controller and in about 12 hours cracked every single password on the BDC.