Ophcrack (BSWR)

00:05

hello and welcome to another episode of breaking stuff with Robert today we're going to be going over off crack, which is a free Windows password cracking tool that utilizes rainbow tables. Now the great thing about the tool is that it uses a gooey,

00:20

has some terminal modes that you can run that in, and it's able to run on multiple platforms. It's used primarily for cracking.

00:28

Um, Microsoft Land Manager L M and N. T L M hashes. There is some limitation on the tool with respect to its use in Windows 10 and eight. But since we still have plenty of Windows seven systems running around,

00:41

and there is some use case for this tool as well. And let's be honest, there's still some even older systems out there, so there's always gonna be some relevance here.

00:50

Target audiences for this will be a network administrators looking to test passwords and to determine whether or not those passwords or weak exploitation analysts that want to recreate password attacks for review purposes and penetration testers that are looking to quickly test Password hash is against a known hash set, like with a rainbow table

01:08

Mel.

01:10

While these things are not required. Fundamental knowledge of brute force attacks is definitely something you'd like to have in your pocket. Some knowledge on hashing and rainbow tables and, of course, fundamental knowledge on Callie and the next command line utilization. So with these things in mind, let's go ahead and jump into our demo.

01:29

All right? So welcome to our Andy Dane, the SEC environment, where we're going to be going through a crack. So I wanted to go ahead and pull up the site real quick. A cz we can see here. This is the current tables that are available for of crack so

01:48

you can see that this is primarily like X p Vista Windows seven. And you know, the tables can get pretty large, depending on the character sets and the links of, um,

02:00

those character sets as far as the password links and the and the complexity of character sets. And so they've got a table is biggest two terabytes here, which is just ridiculous. But it's only up to eight characters with pretty much every combination of characters within that to make those hash is so for the sake of

02:20

using this tool and what you may use it for, um

02:23

you know, as you can see, this is primarily Windows seven invested. They don't have anything in here right now for a and, uh,

02:30

10. Now they say that you can try to use this tool for that, but you may have some alternatives that would be better suited. So if you go into an environment where they're still, you know, using maybe some weaker passwords and you want to try to throw those passwords if they're like, let's just eight letters,

02:46

you know, through this to try and crack some of those and you got the hashes than, you know, go for it. But there's probably some alternatives that you can use.

02:54

So with respect to the demo that we're doing today, I did Go ahead and you do have to use P W dump to actually download. Um, you know, hash is from a system from the like, same file. And so I did just generate

03:09

some hash. Is here that air in that format, and these are all less than eight characters. They're about seven. So this would be relevant. Maybe if you're in an environment where folks used very simple passwords like names and maybe an uppercase letter here, there, but nothing overly complex.

03:28

So toe open of crack, you just type it in. Here

03:30

in the terminal,

03:34

hit Internet brings up a gooey. So I've already downloaded the Windows X p free

03:40

small table, and that was one of the ones that was back on the page.

03:46

So I also want to go ahead and load. Those hash is and so I formatted. That is a P W dump file and you'll just goto load here

03:54

and you can go over to the desktop is where I had it

04:00

and we just loaded those up. Now, as you can see here, it's got that table's option. Each of these was represented in that website, and so I already installed. Um, this one was the free small

04:14

table that was on the sights I've already installed. And as you can see here, so it has. The pre generated hash is in that table,

04:20

and essentially what you're gonna do is once that's done and you've imported your hashes, you just tell it to crack at that point.

04:30

And so it goes ahead, and it immediately starts going through the password listing cracking those. And as you can see, this isn't taking too much time. But if you were using one of the bigger tables, that was a little more complex. This can take

04:42

hours and hours of time. We just, you know, generated these using ah, site to generate Ellen and NTL imp ashes. So there's nothing overly complex here. So again, the use case for this is likely that you go into an environment, you can get the hash file

04:59

and you know, the users aunt may be aware of how weak their passwords are. They don't really have concern for it, and then you can sit down

05:06

and actually show them just how quickly somebody could crack those credentials and have them available to them. But if you're in a more mature environment where they've got very complex passwords, this is likely not a tool that's going to be applicable to what you're trying to do. So in the amount of time it took us to,

05:24

I say all of that, it's gone ahead and actually cracked the passwords that were in that particular list.

05:30

So that's pretty much it for the demo. There's nothing overly complex about the tool aside. You know, maybe loading up the tables and getting the hash is imported, but otherwise it's pretty straightforward and easy to use. So with that in mind, let's go ahead and jump back over to our slides.

05:47

All right, so I hope you enjoyed that demo off crack. As you can see, it's pretty neat to be ableto crack those passwords so quickly we use, um, pre generated hashes alum and anti Ellen hashes. I didn't actually pull the hash values from my Windows 10 device. Like we said, some limitations here, but you can always find a use case for the tool.

06:08

So with that in mind, I want to thank you for your time today,