Elliott C. Back: Internet & Technology

Cracking Windows Passwords with Ophcrack and Rainbow Tables

Posted in Computers & Technology, Cracking, Hacking, Hashes, Microsoft, Password Hashes, Passwords, Security, Windows, XP by Elliott Back on April 26th, 2006.

This is a guide for cracking passwords in Windows under XP, 2000, 98, and 95, all of which use roughly the same architecture. As you know, passwords are stored in windows in a weak hash form, the first kind of which is called the LM (Lan Manager) Hash. Passwords longer than 7 characters are broken up into 7-character chunks, made uppercase, and then hashed with DES. This means there are only about 237 8-bit hashes instead of 283 16-bit hashes; a good thing for an attacker looking to break a password.

The tool we’ll be using is called Ophcrack, an open-source password cracker. The technology it uses to break Windows passwords is called “rainbow tables” and was described by Philippe Oechslin in Making a Faster Cryptanalytic Time-Memory Trade-Off. A rough way to describe this technique is to say that tables of possible hashes are precomputed so that you can iteratively compare the windows hashes to precomputed bits and piece together the hash and its value more quickly than brute-force guessing.

Please note that federal law prohibits the possession of unauthorized access codes to computer systems. If you want to try cracking passwords, please obtain hashes from your own machine, or use the example hashes I provide here.

1) Setting up shop

The first thing you need is the software and rainbow table sets. You can download Ophcrack 2.2 from Sourceforge, and then browse to LASEC to download the SSTIC04-5k rainbow table. You’ll need a significant amount of memory to load this rainbow table. If you have less than 1 GB of RAM, try the smaller table.

The installation of Ophcrack 2.2 should go smoothly. Make sure you choose to download the tables seperately:


You’ll notice a lot of GTK* files being installed–that’s nothing to worry about. GTK is the Graphical Tool Kit, a way for linux programs to create graphical interfaces.

2) Dude, where’s my hash?

Now that you’ve got Ophcrack and rainbow tables installed, you’ll need hashes. There are three places to find them on Windows XP:

  • In the folder C:\windows\system32\config. This folder is locked to all accounts (including an Administrator account) while running, except the special System account.
  • In a SAM file from C:\windows\repair if rdisk has ever run
  • In the registry, under HKEY_LOCAL_MACHINESAM, which is locked to all accounts

This doesn’t look good for retreiving the windows hashes! Well, to work around the built-in windows protections, we can recover hashes by the following techniques:

  • Boot to linux and copy the file directly from C:\windows\system32\config. This is probably too troublesome for most users, but with a liveCD it’s trivial.
  • Run pwdump2, including in Ophcrack, to trick out the registry values. If you didn’t change any settings, it should be installed in C:\Program Files\ophcrack\win32_tools. Here’s an example session from the command line (start, run, type “cmd” and hit enter):

C:\Documents and Settings\Elliott Back>cd “C:\Program Files\ophcrack\win32_tools”
C:\Program Files\ophcrack\win32_tools>pwdump2
Elliott Back:234:aabbcc:3311dd:::
C:\Program Files\ophcrack\win32_tools>

Naturally, I’ve censored the hashes and the number of users. If you’d like some hashes to play with, here are hashes for users with passwords varying from length from 1 to 7 characters long: test-hashes.txt.

3) Let’s get cracking!

Hashes in hand, start up Ophcrack:


Then click “load, PWDump file,” and select either the hashes you got from pwdump2, my sample hash file, or some other source of SAM hashes:


The last thing we need to do is load our rainbow tables. Click “Tables” and select the location and type of rainbow hash table you’re using, in our case the 5k tables:


Now you can click the big “Launch” button and wait. It will first load the tables (0-3 in my case) into memory, a process that takes several minutes. When this is complete, it will begin trying passwords:


The final screen gives a breakdown on how long it takes to actually find these passwords–some of which are quite hard:


All in all, it took 178 seconds on average to crack a windows password–only 3 minutes per hash! In the process it performed 89,030,630 hash-redux calculations and 199,548 fseek operations. It also couldn’t find the password for one of the hashes, which is to be expected. Rainbow tables are non-deterministic and won’t always work. Still, our success rate of 6/7 or 86% is high.


Now you know how to crack windows passwords. When is this a good idea?

  1. When you buy a computer on Ebay and the owner forgets to give you an Admin account
  2. When you forget your password
  3. When a friend forgets their password
  4. When the security of the country is in danger

When is this a bad idea?

  1. When you buy a computer from government surpluss and want to find its secrets
  2. When you want to hack up your friends
  3. When your little sister’s account is too tempting
  4. When you go visit your girlfriend’s dorm room

Another problem with releasing a tool like Ophcrack is that it becomes usable by anyone. In fact, this guide or tutorial to cracking windows passwords even makes it easier. Pretty much anyone can crack any windows password now, which could be a problem if used the wrong way. However, windows passwords are by nature insecure; there are dozens of other tools to crack windows passwords. Ophcrack is just the fastest.

This entry was posted on Wednesday, April 26th, 2006 at 5:28 pm and is tagged with . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.

125 Responses to “Cracking Windows Passwords with Ophcrack and Rainbow Tables”

  1. underlaw says:

    Your opcrak is to0 old i need the tutorial of ophcrack3.4.0

  2. eli says:

    i want to get into real hacking but i don’t know the basics so if you can help me i will be happy

  3. Mandom says:

    Just download the Windows Password Key and burn it to a CD or USB drive, then insert the disk to your locked computer, reboot, press the button it says on the screen. then it will auto reset the password in minutes.

  4. philip says:

    hi.how can get the software for cracking windows 7

  5. steven says:

    Last month, i lost my windows vista administrator password. I solved my problem with the help of the Winlogon Password Reset. It not only supports Windows Vista, I have personally tested it with Windows 7. It worked perfectly to reset any local user account to a blank password.

  6. help777 says:

    k can somebody please show me where i can get pwdump2 n **** that works with vista

  7. Tony says:

    When my last company went out of business I got a PC, but have been unable to log onto Windows because I did not know the admin password.
    It’s been sitting around for months. Reset Windows Password 1.3 has helped me reset the Admin password to blank and I can now log on.

  8. john says:

    I am trying to crack the password on me windows 7 laptop. Downloaded the vista live cd, burnt it to cd with .iso burner, and I put the disk in and restarted the machine. I set it to boot from DVD drive and it starts to boot does all of the ……………………………………………………………………………………………………….and then goes to the setup screen and then goes to start ophcrack but doesnot it just starts windows normally. please help me.

    • Jabber says:

      If you are using Windows 7 you have been royally screwed. :( I’m pretty sure you can’t crack Windows 7 yet cause they don’t have tables for it. I could be wrong, and if I am please let me know. If there is a way email me at Jesbyler@hotmail.com. I need find a way in 2 weeks or I lose 20 bucks on a bet.

      • Roy says:

        You actually can crack windows 7 passwords with it. I was able to do it several times. It doesn’t matter if you use the windows vista or the windows xp LiveCD. Just make sure you have both of the table sets installed;)
        Use an USB or external HD. Just put windows xp live cd on it, or the vista just pick one.
        Here is the howto:
        1Download a Ophcrack Vista or XP Live CD ISO
        2.Insert your USB Flash Drive
        3.Download and run tazusb.exe then follow the onscreen instructions
        4.Reboot your PC and set your BIOS boot menu to boot from the USB device

        You’re welcome :)

  9. ROHITH says:

    when i press load local SAM a message comes saying
    “”cannot dump local SAM with pwdump”"
    wat should i do??/

  10. Colm says:

    Hi i was just wondering b4 i use this, does it reset the password or change it?
    Or does it just tell you what it is so you can type it in yourself?

  11. ftruly says:

    Get the windows password recovery tool,and use it to bypass windows password http://www.anypasswordrecovery.com/ .No need to reformat windows os,just for ours forgotten windows password.

  12. mike says:

    Need to understand this:
    1) I am confused about the Live CD: Which character set does it use: Only letters and numbers or the entire character set?
    2) Why is ophcrack non-deterministic? I understand the authors have tried ALL combinations from 1 to the maximum (15) character passwords of the entire character set, hashed them through the same hash function used by Windows and stored the results in the rainbow tables. So if you have this entire table,you have all combinations and the reverse hash
    is all you need. Just index the reverse hash(via some tree structure) to seacrh for the hashes found in the system.
    3) Why does not it work with NLTM2? What is the difference from NLTM?

  13. Elite says:

    Sometimes you’ll get some hardware compatibillity problems with ophcrack. Elcomsoft system recovery boot disc is windows PE based.. If the password is weak, this boot disc can recover it pretty fast. Also you can use any bootdisc, preferably
    windows PE based, like “Active boot disc”. Then copy SAM and SYSTEM files from C:\windows\system32\config
    Grab a copy of elcomsoft proactive password auditor and install on a machine you have admin access to. This will crack the password(s) in no time, also if your password is strong (Even in trial mode). If you are using file encryption, you DO NOT want to reset the password, because you’ll get trouble accessing those files.
    In case you already did that, Elcomsoft got a solution for that problem as well, but you must register the application in order to recover your files.

  14. serene says:

    I have a question. I tried using Ophcrack with my Dell desktop that runs on vista. I’m sure the program is functional because i have retrieved one my passwords before, but now when i repeat the same process, ophcrack is unable to crack it and it just says “not found” in red letters under the NT pw column. Any suggestions?

    • mike says:

      The Live CD does not include non-alphanumeric passwords. That is, it will crack alphanumeric passwords, but not something like hello!_1#2
      If you want that, it costs some 999$….

  15. eliva says:

    Last time, I used Advanced Windows Password Recovery to reset my lost windows password. It worked great for me, quickly and no data loss.
    Have a look:

  16. Mike says:

    You can reset windows user account password in safe mode(F8 when booting up). But if you forgot administrator password, you must reinstall windows OS or use windows password recovery disk. http://www.windowsloginrecovery.com

    • Apple says:

      hello there.
      I don’t know why but safe mode doesn’t show an account called administrator, it only shows the normal users!!!

  17. Chris says:

    i will reinstall windows if i forgot my password

  18. John says:

    You can recover your password but you need some big rainbow tables.
    I bought 1TB of rainbow tables and now i can easily find a lot of password..
    take a look on ebay!

  19. Brigette says:

    No matter what I do, my desk top is stuck at the windows 2000 professional nt log in screen. I have run the ophcrack with the hashes and still nothing. I can’t get by the main screen. Is there anything I can to save this very usable computer?

  20. Louie says:

    I can’t find the password for my admin account. Whenever i do it, the password for the admin account comes up as “empty”, please help, is it that ophcrack can’t crack admin passwords or what? please email me at xChineseNinjax@gmail.com

  21. MC says:

    Hey there, I am trying to use ophcrack but it doesn’t work. I’ve burned the CD and ran it onto the computer i want the password from. It starts but says ‘no partition with hashes found’ (or smthg like that). I downloaded the LiveCD from the official website but i didn’t add any tables or looked for different files. What should i do? Computers and I don’t get along very well but if someone gives me a good explanation I am sure I can do it. Thank you in advance. Does anyone know any other program to get the password without changing it?

  22. JAYRO says:

    Hi I have booted up from the ophcrack livecd but the admin password comes up as EMPTY. When I try to log in with no password it doesn’t work.
    I am rubbish with computers but really need to access my account to retrieve some important files forwork!!
    Please help

  23. kevin says:

    I have downloaded windows password key 8.0. It is a very quick and useful utility for resetting passwords. It not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password.
    Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/

  24. Thanks Elliott, it worked perfectly for me.


  25. Rick says:

    I just want everyone to know that this software is purely ****! I have wasted lots of time and money on this so called junk I would not advise nobody to download this product unless you are bored and just want to waste time and money because that is all you’re going to do! Take that to the bank OPHCRACK!

  26. happykaka says:

    Forgot windows password?Lost admin password? Have been locked out of computer?
    Lost computer login passwords, which is a common problem for the computer users. So there are many solutions. One of the popular solutions is as following,

    1.log on a computer that is linked to internet.
    2. Free download windows password unlocker from http://sn.im/wpu
    3.Burn the downloaded .ISO file onto a blank CD
    4.Insert newly created CD into the locked computer and then reboot it
    5.select the account you wanna reset the password.

  27. Curita says:

    Soo… I cant use the pwdump file.. whenever i use it it says
    “Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item”…

  28. raymond says:

    Long time ago , I was confronted with the password problem. Finally , my friend Jane introduce the Windows password Reset.It help me access windows. It’s great!

  29. rick says:

    hi, does ophcrack work with Vista home premium??
    tried all sorts with no luck……(

    • Mike says:

      It does but I would recomend Trinity Rescue Kit. Trinity has a 100% sucsess rate vs ophcrack which might not be able to crack your password (like for me). My password was too strong. I used Trinity which makes a new admin account. From your new account you change your locked out account’s password to anything or remove parental controls (that was my issue).

  30. sam says:

    I need help, when i open and load it from my usb, it say something like ” cannot (dont remember what it said here) pwdumpfile 06″ or something

    can anyone help me

  31. Zaljaa says:

    I have a netbook with no cd drive. Can I use a portable burner and run Ophcrack in safe mode?

  32. Brandon says:

    Can someone help explain step 2 to me. I understand the rest, but running the pwdump on command prompt is not go smoothly for me.

  33. vicky says:


    I want to know ophcack works on windows 2003 server i have tested ophcack in xp it works nice.

  34. fan of ur says:

    it was wonderful but needed some more progress.

  35. Pit says:

    ophcrack-livecd works like a charm !

  36. YO says:

    he perdido el control de mi cuenta como administrador solo puedo acceder a mi pc como otro usuario y eso no me agrada porfa ¿podria alguien ayudarme?

  37. chris says:

    lol just friggen type
    'control userpasswords2'
    into run

    • Daniel says:

      Dude… I think that requires admin… And oh yeah. AN ACCOUNT ON THE COMPUTER YOU’RE CRACKING BECAUSE YOU CANT ACCESS IT!

  38. MtL says:

    Problems with XP Professional x64 edition:

    I've tried the latest Ophcrack LiveCD to crack accounts on Windows XP Professional x64, without success (for now). It's a bit difficult to load SYSTEM and SAM (you don't have …system32config, but …sysWOW64config on XP x64): so you have to manually set this. Then the program identifies my accounts correctly, but the brute force attack doesn't find the passwords. It only finds the password “0″ for my computer Admin. It does not find my own account password. Why? Why doesn't Brute Force work? Do I need to install the tables?

  39. chris says:

    i need help im trying to crack a pass on this web nanny program on my pc can any 1 help me

  40. allan says:

    hi tried ophcrack on 2 xp computers 1 great worked like a dream the next one was working ok then froze with the message “frequency out of range” any ideas please would be greatly appreciated thanking you in advance

  41. Arnie says:

    How to use this i cannot boot into the whole windows because i got no pass so how the heck can i get my pass back if i cant install anything :S

  42. SUPERNerd ;) says:

    Wow thanks alot dude. It pisses me off that my dad got me my own PC but set user pwasswords so I’d have to ask whenever I wanna go online, just to control me. Now I’ve got all the damn passwords. I’m not talking about abuse here. it’s just better for me: say I quickly wanna check my mails and login to MSN or whatever chat and now I don’t have to wait till my parents are home (i’m like at least 6 hours alone a day) anymore.
    Really thanks. I’m still debatting on removing the password though.
    still great programm!!! gonna try out the CD version too, hope its as easy as this was!!!

  43. jon says:

    Hi all.
    Is there a way i can procure rainbow tables or special characters, for ophcrack for free?
    And once I do get them, do i load it the same method as the one demonstrated here?
    Help would be greatly appreciated.

  44. steve says:

    please friends.
    can one give direct on how to get hacking material for ATM CARD.

  45. coyee says:

    Icant open our windows xp because it was reseted but the old password is not recognize what could be the best way to open it again?

    waiting for prompt reply thanks,

  46. praveen says:

    i did not find the way of downloading all of the stuff.

    • syonxu says:

      Recommend you two most popular password recovery tools.The average person will use it first and many case proved that they can perfectly reset the windows 7 password.


      Ophcrack is one of the most popular free Windows password cracker based on rainbow tables. It can help you reset Windows password less than 14 characters. Once you forgot Windows 7 password, it is a good choice to download the version compatible with Window 7. However, many Windows users failed to recover Windows password as its large ISO file which is more than 496MB,and it just can recover no more than 14 charactors password.I also failed to use this tool.You can try it by yourself.

      Free download here:http://ophcrack.sourceforge.net/download.php

      Windows Password Rescuer(34.3M)

      Windows Password Rescuer is a highly appreciated Windows password recovery toolkit, especially designed for novice or new beginners. With this tool, you can get instant access to locked computer without the old password and computer skills. Prepare a bootable CD/DVD or USB flash drive and follow these 4 steps with less than 5 minutes.
      Step 1: Download Windows Password Rescuer Professional and install it in any available computer
      Step 2: Burn a bootable CD/DVD or USB flash drive
      Step 3: BIOS settings of your locked computer to make it boot from CD/DVD or USB flash drive
      Step 4: Reset Windows 7 password successfully
      You can refer to this article:http://www.daossoft.com/documents/quick-start-guide-for-using-windows-password-rescuer.html

  47. Joe Morgan says:

    I’m having a major problem getting the hash files for any of the accounts on my computer. Running the test hashes that this guy provides worked perfectly, but I cant get any real ones to work with… I already know all the passwords, I’m just running this so I know how, in case I ever need it (I have before). I have Ubuntu dual booted on my comp, so I tried going from there into the system32, but there is one folder and two files named “config,” none containing anything that looks like a hash. From windows the PWdump wont work, or I cant figure out how to use it… I tried running it from the command prompt, no luck, gives me a syntax error or nonixistant file. Please help, anyone?

  48. zion says:

    Can i use this aplication to find out users passwords from active directory?
    I have domain administrator account.

  49. [...] NB : Cara lain menggunakan ophcrack di Windows dapat dilihat disini [...]

  50. _haxxo_ says:

    Hy all … one problem : i can’t download the 5k tables from the main website…
    http://lasecwww.epfl.ch/SSTIC04-5k.zip cause…it’s broken…after 156 Mb it stops..I’ve searched google for torrents but no luck they are out of leeches/seeds …. can anyone tell me a working link ? cheers all out there :)

  51. [...] The following is a description of an attack to crack the user passwords of windows accounts (up to XP), and implemented in a near-perfect way by ophcrack. If interested, do make sure to check this tutorial, it’s quite fascinating and yet unbelievably scary. [...]

  52. [...] I want my passwords in the cloud because at work because I use a locked-down Windows XP machine in an enterprise environment (I say “locked-down” in the sense that I can just rainbow table the Lan Manager but something tells me that hacking my enterprise is a ticket to new work opportunities… with other businesses.) At home I use a Macbook (OS X Leopard), thus, I need something cross-platform, fairly elegant, secure, and preferably cheap/free (and since open source is the only security software that can be really trusted, assuming someone has taken the time to look, it must be open source too). [...]

  53. Nick Xatzis says:

    Anyone HELP plz….!!!

  54. Nick Xatzis says:

    I used before months OPH 1.1.3 and i cracked some password with 100%success! I try to do this again… and for home user it finds me the code : GEORG21 in LMPASSWD1 but it’s non valid when i write him to login in! In NTpasswd wrote not found! What is the problem???
    Thx a lot!

  55. johnny says:

    ComputerWizard said:
    on November 24th, 2007 at 10:02 pm

    It works perfectly fine. Does anyone know how to crack the passwords in a network?



    I don’t know it so much, but I think that you have to click LOAD/From remote SAM and type the IP address. I wish that it will be useful to you.

    Please answer me on johnnyprimavera@hotmail.com or in this forum.


  56. johnny says:

    just what I was looking for…
    This guide is brilliant.

  57. [...] NB : Cara lain menggunakan ophcrack di Windows dapat dilihat disini [...]

  58. It works perfectly fine. Does anyone know how to crack the passwords in a network?


  59. Dago says:

    Not to support the “Troll” but hey, I have to agree with Sad. You guys are pathetic! Fortunately, it’s things like this that keep professionals like us gainfully employed.

    Hack on friends, break your computers and come grovelling to us for the remedy.

  60. Sad says:

    The author of this should really go and read up on cryptoanalysis and how windows passwords work before publishing anything (repeating misinformation from other sites)

    BTW it should be “Become a Cryptanalyst at Home” not “Become a Cryptanalysis at Home”, and that document wouldn’t get you into crypto kindergarten (and wouldn’t have way back in 1990 (or even 1970))

    As for the rest of you you are not really fit to own a computer of any form and confirms why there are so many zombie machines on the internet.

    I really don’t mean to be a troll but it truely saddens me to see such lack of knowledge, and for it to be represented as expertese.

  61. Jo says:

    Sheesh am I bogg eyed! Any help appreciated.

    What the heck did I do?…I don’t know, but it was me Gulp.

    On restarting the laptop, I find I only have a limited user account. Strange, I thought I had admin account. Some progs that were previously working dont so I have gone through various efforts to establish administrator account but since I am only able to log in on limited account, I have no ability to change anything.

    The laptop is running Xp Sp 2

    Have tried to get ‘into’ pc by various means using Control Panel/Users/Etc
    cmd line h/Key local etc, even thru regedit etc, but at the end of this attempt i cannot find or even create an administrator value.

    Have tired safe mode too.

    On startup the screen says cannot log you in, but it says ok and it does anyway?

    Have tried cmd User accounts but get message that I am logged on as xxxxxxxxx\xxxxxxxxx and this account not a member of the Administrator’s group.

    Asks me to enter user name an password of administrator – which I cannot – blah blah blah,

    have also tried safe mode pressing control alt delete twice but nothing seems to be helping.

    Just ran the Ophcrack thingy, (I mean put the disk in sat back and turned the pc on) and the only password I can see is for remote assistance, all others say EMPTY or remain blank.

    Any ideas please.


  62. richie says:

    sorry for double posting…
    i apologize for the lines 5 and 8…

    line 5:
    his computer (admin account, and there are no other accounts on that

    line 8:
    employee! thank you Ophcrack! you will live in my heart forever man! whoooo!

    i apologize for the errors…
    again thank you and rock on!

  63. richie says:

    before, in my networking class, my instructor where telling us about a pretty story about the hero ” Ophcrack” and how he/she/it saved him from total electronic doom… i wanted to meet the hero, but my training came first… i soon frgot about ophcrack. now im working in a company, and my boss forgot his password to his computer (admin account, and there is now other accounts on that computer). i remembered ophcrack! after much laughter (trying to figure out how to use ophcrack properly), and mugs of coffee, i am now my boss’s favorite employee! thank you Ophcrack! you will live im\n my heart forever man! whoooo! rock on guys! hahaha

  64. lockwhiz says:

    …this is a real charmer …. luv’n it.

  65. X-MASTER says:

    Tell me plz how to get those .hash files , plzz

  66. Chris says:

    is this ophcrack only to crack window password?
    pls someone tell me what tools of password cracking to crack website’s user password ?pls tell me

  67. kkmkmk says:

    I downloaded the ophcrack and inserted to my sister’s mac its a compaq presario and it was working then it reads “Input Signal Out of Range Change Settings to 1280×1024-60Hz” How can I do that and is that even correct? My sister forgot her admin password. Need all the help I can get. Maybe I downloaded the wrong thing or what? THanks.

  68. Julesnye says:

    Tried running the pwdump2 on my XP laptop and it comes up with an error message:-

    failed to open lsass: 5

    What does this mean and can you give me some guidelines\help?

  69. Hashmere says:

    On one of the computers i was using this on, after booting up, the terminal states that no hashs were found on any partions.

    Two of the accounts were password protected so i am not sure why it said that no hashs could be found.

    Can anyone help?

  70. muztaba says:

    Boot to linux and copy the file directly from C:\windows\system32\config. This is probably too troublesome for most users, but with a liveCD it’s trivial.

    copy which file i cant get it. can you explain this to me?

  71. muztaba says:

    hello i can not understand the second step. please clear that to me again. easily describe the matter.

    thank you

  72. [...] Cracking Windows passwords with Ophcrack and rainbow tables  [...]

  73. bsod says:

    this page is to take win pass not any other pswrd the hashes man the ashes
    so you could start using other cracker like jtr etc…

  74. kaman says:

    ok good !

  75. C0d3boy says:

    Syntax of pwdump6 is :


    of if u want to dump the hashes to a file say myfile.txt the syntax would be :

    pwdump6 -o myfile.txt where u substitute with the name of ur computer or with

    Hope this helps :)

  76. Johhny says:

    I’ve tried to getting a hash on one of my own XP installations, but if I go to cmd and I’m in “win32_tools” and run “pwdump2″ it says the file doesn’t exist, which it doesn’t.

    But there’s a “pwdump6″, but when I try to run that I get a “logon to \\username\IPC$ failed: error 53″. I’ve been trying to Google it, but without luck. What’s the matter?

  77. david says:

    um…How do I do this on another passowrd like if I forgot my Email Masword or if Im logged in as administrator but I forgot the password to my Firewall or something like that?

  78. Simplexie says:

    How do i break an msword opening password

  79. matt says:

    hey bud there is a glitch n the program im a programmer i can fix the glitch in it send your live cd to me i can reburn it with the right programs and send it back to you my address is 6427 malvern ave philadelphia PA 19151
    ive had to fix my friends copy of it theres a bug a on it that when it starts up it will not run all i have to do is go in and remove it its a very hard to find program more like a plugin but its running by its self causing it to not work on pcs because theres a program on all computers pcs that make it run with your computer it depends on the place you downloaded it from some places dont have the bug its a part of a virus on the web site send it to me and i will remove it and send it back to you double time send it to me and i will have it back the following day.

  80. Mizu says:

    The tables worked well for the LM hashes.. Very thanks, it takes like 30 sec~ for a password(athlon x2 4600+ and 2gb ram).. And i am having some fun with the school server’s since i got the passwords, maybe i’ll tell them later.. but for now i’m just going to use MSN and the youtube at school.. And here are no laws for “possession of unauthorized access codes to computer systems”.. Thanks for this. The only problem is the antivirus, i just want something that protects me from the virus/spywares, no that abusive software… Symantec corporate blocks all the “security tools” like ophcrack, cain, and some packet tools…

  81. FD7 says:

    no you need a program called john the ripper gi give me a email adrres and i will send the stuff you nneed and instructions

  82. Mizu says:

    i found a backup file on the FTP of my school.. And i want to “decrypt” some hashes like this:
    sambaNTPassword: CB5F7761D36F1E7F28903FDDFC869ADE
    sambaLMPassword: 5B2544A3C68A3A65AAD3B435B51404EE
    is it possible with this rainbow tables?

    (sorry for my bad english)

  83. Help says:

    Go download Hirens boot cd or UBCD4Win. They both have several password tools that allow to change the admin password

  84. just_me says:

    hello everyone,

    i’m currently taking classes toward a MCSE certificate and one of our assignments is to hack into the teacher’s computer and either get or replace the Admin password. the Ophcrack solution sounds a bit too complicated for a novice like me, so I was wondering whether someone could point me to a similar, but easier to implement, solution. The only requirement from the teacher is that it has to be a free software (obviously he doesn’t want us to buy the solution…).

    any hints will help a lot!

    many thanks!

  85. Osiris says:

    How do you retrieve the hash using the pwdump2 file mentioned above. can somebody please explain this, is the process as easy as burning Ophcrack and the tables onto disc and then loading disc into target machine.

    Many thanks

  86. <strong>Crack Windows password with Ophcrack Live CD…</strong>

    Here is the situation. You just changed your Windows admin password. The next morning when you boot your PC, you can&#8217;t remember the password to login to your Windows. You got nervous and don&#8217;t know what to do. Every passwords you entered we…

  87. fd7 says:

    i am not sure what is going on with your computer if i were you i would get a version of linux and copy all your imortant file to some sort of media then reformat the comp

  88. problems says:

    i installed ophcrack and dl the rainbow tables and now the only thing i need is the password hash files. the problem is that i don’t know how to run pwdump6 on my computer, i did what the instructions above tell me to but in the cmd window it says its now reconized and i can’t open the pwdump6 exe

  89. Joe Bloggs says:

    Download Ultimate Boot CD for Windows (UBCD4Win) build a boot CD,run "Password renew", create new administrator account.

  90. help pls says:

    update for those who care: i tried the nt prgm again and it worked. i noticed something funky though. i had changed the password. (sort of reverted to the original phrase without the additional characters). this morning, i seemed to have been locked out of it again! so now i’m in and left it without a password. i’m wondering if this is going to happen each time i put in a password or if it only happened b/c it was similar to the previous one? any ideas?

  91. help pls says:

    ok, so i really don’t know what to do. i tried the nt offline password program and it didn’t do anything either. at first it just showed the admin and my account to be locked and disabled. everytime i tried it, it still took me back to the log in screen expecting me to remember the password even though i had selected to blank it (which only showed the guest account to be blanked but not accessible on the log in screen)

    i really don’t know what to do. i am the administrator. i think my laptop just doesn’t like me anymore. which other programs or suggestions would you advise? ophcrack sure didn’t work. i want to be able to log in in such a way without having to reformat it. is this possible?

  92. fd7 says:

    if i were you i would use a brute force password cracker i downloaded one but it is on a dvd and i do not have access to a dvd reader but when u do get one remember to look in the options and ensure it is going to test all characters (on the one i got u could enter in the characters u wanted it to test for) also i would look for a program that resest the password i am not sure if they only reset admin passwords.
    also if when you log in you click on a picture and enter in the password then to get looked in as the admin give it the old ctrl+alt+del twice over then a box should come up and for the login type administrator (make sure u spell it correct i am not sure if that is correct) and now just press enter with no password and u should be in create a new account and if u can being the adimin copy all your important files over to the new account and delete your old one (i don’t know how to delete a account and if u cant delet the files from that account but u will have to work out for your self how to get the programs over if u need to) if the admin acount does not have rights to your old account then boot with Linux like i said above and copy the files into another place ie thumb drive or maybe onto a different part on the hd that your new account has accesses to

  93. help pls says:

    so i actually used the live cd for ophcrack, however, my original password was revealed and not the updated one which had additional characters to it. my question is what do i need to do for the entire phrase to show up? b/c it’s not showing the additional characters which i have forgotten. help?! thanks!

  94. fd7 says:

    it is easy to crack the password with the oph crack but getting the hashes to crack are the hard bit. A easy way to work around this is to download linux at this site http://www.slax.org/download.php then the image to a cd using your fav cd burner e.g. nero. once the cd is ready make sure u have a usb drive handy go find your target computer if on insert cd and restart the Computer if not on turn on comp and very quickly put the cd in. the comp should no start booting with linux if it does not go into the bios and tell the computer to boot from cd before the hard disk. once the computer is booting from cd. only type in stuff when it tells you to it will ask for a login and password wich if you look at the top of the screen it tells you what to type in there then type in startx and then press enter. linux will load into a nice gui that is similar to what windows lookes like. now insert your thumb drive and then clik on the icon that looks like my computer then click storge and then go into the harddisk wich has wibdows installed on it (usually c:\) no go into windows then system32. once you have done this open another window and go in to storage and select ur usb drive. now go back to the other window and find config and drag it into the other window a menu will pop-up and select copy here DO NOT SELECT MOVE OR THE COMPUTER MAY NOT START UP BACK INTO WINDOWS. safly eject your thumb drive then put back in comp, and have a look in to see if the folder config copied by going into usb drive then open config folder and i down the bottom it says somthing like “total files 20mb” it copied correctly if it says 0kb it did not work and try and copy again.
    now press the restart button and get the cd back out
    now go to another comp u have access to and start using ophcrack when u press load select “from encrypted SAM” and select the config folder onm your usb drive now load tables and press luanch and what till the password is cracked if it fails download this cracking programe from http://www.lcpsoft.com/english/index.htm and this will use bruit force so it can take hours or even days but probably will crack it

  95. sexypink29 says:

    Ok I did everything i possibly could, now tom will not answer my emails at all, I keep having someone hack into my myspace account and it is truely getting on my nerves, and he will not help me, i tried and tried to creat something complex enough where they cant get it but simple enough for me to remember it, i sent or clicked the i forgot my password thingy and it was suppose to email it to me can someone help me get my password without messing with my fan numbers? i know this is like totally way out , on the limb of trust but you guys have no reason to delete my account or mess with my number can someone help me my signing is care26t@aol.com and this is on myspace, please help before i loose my friggen mind!!!!!!!!!!!!!!!!!!!!!!!!!!!!! you can email me at sexypink29@yahoo.com

  96. moo says:

    Paolo, you have no idea what you’re talking about. you can’t get an hash of a hotmail password and this page is not about that kind of cracking.

  97. atlamit says:

    I copyer sam file from c:\windows\system32\config to a separate dir, using a bootable ntfsdos floppy ( freeware write on floppies) but I CAN’T GET my hashes. What soft to use for this? I not have admin rights and pwdump2 NOT work . I need help. I can provide sam file ( 262 kb ).

  98. Paolo says:

    I am searching for somebody can help me to get password of the following hotmail account


    Nobody can help me?
    This is a vital loving reason

    Thank you

  99. TexasDolly says:

    I don’t think you can use other Rainbow tables like lm_all_1-7_5_J_ATHIAS_all.rt with ophcrack because the tables made for ophcrack are perfect rainbow tables which are way faster in the cracking process than regular ones. Starting from version 2.3 Ophcrack also supports NTLM hash.

  100. big4guy says:

    How good is Ophcrack as against other password cracking software. Probably a comparison would help.

  101. Pyrofool says:

    I have one question, Let’s say i forget my AOL password can u find that password file and crack that?

  102. jaybee says:

    One question, using ophtcrack can I use other rianbow tables. I’ve doenloaded a set of 6 tables including special chars. How can I use these with ophtcrack, or does it only work with the specifed char sets? Basically I’ve got 6 2GB tables:
    etc to

    but can I get the buggers loaded?

    Any help ratefully recieved.


  103. Aaron says:

    To Bo Chen,
    The reason linux won’t work on your computer is that it is a Compaq, and everyone knows that they are ****.

    • chunkydrunky says:

      Sure, Compaq’s are low-end…
      … but if you think it’s that simple, you’re one of the skiddies that the last paragraph of this article laments.

  104. ChandraShekhar says:

    i have net , i can see some systems in network neighbour hood,
    how can i get in to them

  105. pranza says:

    Blazing fast, works good on Windows server 2003!
    It is also possible to avoid downloading rainbow tables separately, by choosing “Download alphanumeric tables from Internet” while installing ophcrack – works flawlessly too.

  106. Bo Chen says:


    I saw your cracking tutorial on http://elliottback.com/wp/archives/2006/04/26/cracking-windows-passwords-with-ophcrack-and-rainbow-tables/ and I downloaded
    live CD and burned it CORRECTLY as an ISO image and wanted to test it on my desktop. I went into the BIOS and set to start from CD ROM and it loaded the
    LIVE CD interface and then it said something like Uncompressing Linux,… Ok,

    and it would FREEZE right there and DO NOTHING for half an hour. I tested it (the same CD) on my laptop and it worked PERFECTLY!

    My Desktop system is Compaq Presario Windows XP Home Edition Version 2002 Service Pack 2, AMD Sempron Processor, 3200+, 1.79GHz and 960MB RAM,

    Can you please tell me why the Live CD will not boot up and work on my Desktop?

    My laptop is a DELL and it works perfectly on it.


  107. jerkbeast says:

    Lots of (free, even) apps will simply reset an admin password and let you log in. This is relatively trivial. However, EFS encrypted folders, etc will be lost. This is where you would want to recover the current passwords, or you’d basically lose all hope of ever accessing said folders. Or how about for intrusion .. the user would be alerted because the password was changed.

  108. Alex Le says:

    Or use Winternal ERDCommander (400 bucks I believe) to change the admin password in no time. So MS does have a backdoor for “trusted” parties to get into windows. Doesn’t matter, I have my stuff on GDrive but will probably move it off somewhere if the china gov start asking google like they did with Yahoo.

Leave a Reply

Powered by WP Hashcash