Left: Download ophcrack-win32-installer-3.3.1.zip from http://ophcrack.sourceforge.net/
Right: unziped ophcrack-win32-installer-3.3.0.exe installation file



A screenshot of Ophcrack opening screen



Loading rainbow tables into Ophcrack



The table I have downloaded is XP free small, and I have loaded it into Ophcrack. ^_^



Screenshot http://www.objectif-securite.ch/en/products.php
I will be getting hash value of passwords from here.




Scroll to the bottom of Objectif Sécurité webpage and I get this XP Special Demo.
Enter a password, for example, 12345, and click on submit password.



I get a hash value for password of 12345 in return.



Load>Single Hash>Load Single Hash screen
I copied the hash value returned to Ophcrack.



Click on crack and it start cracking the hash value.
Time taken to crack 12345 is 13s


The picture below shows the result with the different passwords I tried with.

Password: 12345
Hash: aebd4de384c7ec43aad3b435b51404ee:7a21990fcd3d759941e45c490f143d5f
Time: 13s

Password: zxcv123
Hash: 84cf5065794faec1aad3b435b51404ee:aa6f4b6d557d69a9048d44a83054948d
Time: 5s

Password: Zxcv123
Hash: 84cf5065794faec1aad3b435b51404ee:80b9ff147bbf43518967a7bafe2c0031
Time: 6s

Password: Zxcv!@#456
Hash: 7768facc10e799b32ecdb8acb87b6d97:619c214a282ff2e0f58c1d21227f0851
Time: 1m50s

Password: 6812J-aHea*UkO
Hash: 8568e12c4bf323fd092546a3b896fce5:15ff49ef7c09044f6599321ffcac1a7f
Time: 4m

Reflection:
In this hands-on project, I downloaded and installed Ophcrack, which is an open-source password cracker program that uses rainbow tables. Rainbow tables is defined as an attack on a password that uses a large regenerated data set of hashes from nearly every possible password.

There are two steps to using rainbow tables. First, it requires creating the table itself. Next, that table is used to crack a password. However, for this practical, I do not need to create the tables myself; I download one that is already created. One advantage of using rainbow tables is that is it much faster than dictionary attacks, and the amount of memory needed on the attacking machine is greatly reduced. According to RamNet, Inc., while brute force took 1.6days to crack a 8-digit password of all letters, rainbow table takes only 28minutes. This shows rainbow table is more productive.
I tried to crack a password that is similar to my own password with rainbow table too.

Password: 6812J-aHea*UkO
Hash: 8568e12c4bf323fd092546a3b896fce5:15ff49ef7c09044f6599321ffcac1a7f

I created my passwords with a mix of letters, numbers and special symbols, and it is about 14 characters.  With reference to the last screenshot, the result shown is “not found”. Thus, I think my password is strong enough.