Ophcrack is an evergreen tool to retrieve forgotten Windows OS passwords. As versions of Windows keep improving security, the retrieval of forgotten passwords using Ohpcrack in becoming increasingly difficult. But still Ohpcrack can be used as one of the option to be used to hit paydirt.
Ohpcrack can be downloaded for the following URL.
This is a link to the homepage of the software, from which you can navigate to the Downloads page.
Downloads is primarily available in two options, one is an EXE file which can be installed on the Windows PC from which the passwords need to be retrieved. This option can be used in case you are able to login into the PC and install the EXE file. Otherwise the next option is to run the live CD which will boot into its own OS.
For the purpose of this article we will select the live CD option for Windows XP OS.
Running Ohpcrack live cd for Windows XP
Burn the ISO image on a CD and boot from CD. This will give the following boot screen.
Live CD boots automatically with the default option and loads the Ohpcrack OS.
Once boot is complete, Ophcrack automatically starts running and retrieving passwords. The process can take as long as twenty minutes plus.
On completion all passwords of users are displayed including Administrator password.
As one can see from the above that ohpcrack has managed to retrieve some of the passwords. Not a 100% effective tool, but can be used to find out something where there is no hope.
Incase the BIOS is password protected, you can open the PC cabinet and remove the CMOS battery to reset the BIOS and remove the password. Now you will be able to boot from the Live CD. You can also use Hiren Boot CD to clear Windows passwords which we will see in the next article.