yuriPP Posted February 10, 2009 Posted February 10, 2009 Hi I used the ophcrack live CD to crack my computer but I can't crack the password, on the NT Hash space, on the administrator appear 4dc86cf2ebcac3d5dafe2e3e15561c16. Anyone can teach me how do I crack this pass? Tnx a lot Quote
stingwray Posted February 10, 2009 Posted February 10, 2009 If its a live CD then you won't have a very large rainbow table on it. Given that its your first post and you really don't seem to know what your doing I'll explain. The rainbow table is a table which matches password to its hash. The crack the password, it takes the hash and checks it against all of its hashes, if a match is found then you get the password. Problem is there are loads of pairs, which take up quite a bit of room. Which means a CD will only hold a limited number (in fact a DVD doesn't do much more). We are talking in the >100GBs of tables here. So the first thing you need to do is see what rainbow table you have. A good table will say what it includes, such as upper/lower case, numbers and special characters, plus the number of characters used. If you haven't been able to crack the hash then it isn't in that subset you have got. To almost guarantee cracking, you'll need the biggest rainbow table you can get your hands on, and run Ophcrack against it, or your favorite cracking software. Quote
yuriPP Posted February 11, 2009 Author Posted February 11, 2009 If its a live CD then you won't have a very large rainbow table on it. Given that its your first post and you really don't seem to know what your doing I'll explain. The rainbow table is a table which matches password to its hash. The crack the password, it takes the hash and checks it against all of its hashes, if a match is found then you get the password. Problem is there are loads of pairs, which take up quite a bit of room. Which means a CD will only hold a limited number (in fact a DVD doesn't do much more). We are talking in the >100GBs of tables here. So the first thing you need to do is see what rainbow table you have. A good table will say what it includes, such as upper/lower case, numbers and special characters, plus the number of characters used. If you haven't been able to crack the hash then it isn't in that subset you have got. To almost guarantee cracking, you'll need the biggest rainbow table you can get your hands on, and run Ophcrack against it, or your favorite cracking software. But I have to use a table for NT right? Quote
stingwray Posted February 11, 2009 Posted February 11, 2009 You have to use the table which is for that hash. You'll have to find out what hashing algorithm was used yourself. Quote
sablefoxx Posted February 11, 2009 Posted February 11, 2009 How did you get the hash? I'm guessing pwdump? When you load up ophcrack and import the dump file and/or hash it should tell you if its an NTLM or LM hash (hopefully its an LM hash, they're weaker). You can also try submitting the hash to a place like www.plain-text.info to see if it's already been cracked by them. btw, MD5 and NTLM hashes are the same thing: http://en.wikipedia.org/wiki/NTLM Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.