Ophcrack is a free and powerful Windows password recovery tool used by hundreds of thousands of users across the world. It empowers rainbow tables and LM hashes to crack login passwords for most versions of Windows, including latest Windows 10. Several such tables are already provided by the developers for the sake of user convenience, but you can also create or generate your own tables to use with Ophcrack. More about that later. Let's start at the beginning.
Windows has evolved a lot through the recent years, as well as its security standards. At the very frist stage, only local password is supported in older versions like Windows 98 and earlier, Microsoft used LM hashes, which were basically encrypted local passwords. The catch here was that password hashing is not a reversible process, which means you can't easily decipher the password from its corresponding hash by reverse engineering it. That said, it's not impossible to crack, which is why there are so many password-cracking utilities like Ophcrack. Specifically, LM hashes were increasingly considered to be weak and easily crack-able.
Besides local password, new password types are also available in latest version of Windows 10 such as Microsoft account, pattern, image, fingerprint. Those types of password are imposed with additional security so it is also impossible to recover or hack the password. So in this article, we solely talk about recovering password from Windows local account.
These two processes are distinct from each other. While recovery means actually retrieving the hashes from your SAM files and cracking them, password resetting is completely different. The password reset process is usually done instantly that removes the need to enter your password at login. Both processes require special software, and Ophcrack is one of the better-known ones for password recovery.
Ophcrack is a password cracking software for Windows login passwords. It does not remove the password; rather, it uses rainbow tables to match thousands or millions of password hashes against the one generated by your password. When a match is found, that means your original password has been recovered, and you can use it to log into your PC.
In order to work, the Ophcrack program, which is available as an ISO or disk image file, must first be burned on to a USB or a physical disk like a DVD or CD to create bootable media. This is called a Live CD or Live USB, and it can be used to boot a locked PC and recover the password. Obviously, if your computer is locked then it also means that the Live CD needs to be created on a different computer.
Ophcrack does all the heavy lifting for you, such as retrieving the hashes from the SAM files, using the built-in rainbow tables to get a hash match, and so on. There's really not much for you to do except create the recovery disk or Live CD and boot your PC off of it. The detailed process is explained later on in this article.
As mentioned earlier, rainbow tables are at the core of the password recovery process used by Ophcrack. The more and larger the tables, the more likely that Ophcrack will find a matching hash and thereby decipher the password. It's not that hard to generate your own tables, but Ophcrack comes with a pretty comprehensive set of tables included in the software.
The first step here is to download the correct ISO file for Ophcrack and burn it to a USB drive using an ISO burning utility. Something like UUByte ISO Editor is ideal for this. After the Live USB is created, you must boot your locked PC from the disk or drive. This is possible because Ophcrack contains its own operating system or PE (preinstallation environment) that allows you to boot from it. The PC will boot into the Ophcrack program, and you can begin recovering the password. Here is the process in a little more detail:
Step 1: If your PC is locked, download Ophcrack LiveCD ISO from the developer's website on a different PC with an admin account.
Step 2: Get a copy of UUByte ISO Editor and install it on that PC. Launch the program, select Ophcrack ISO file, then insert a USB drive and burn it to USB. After that, Ophcrack password recovery USB is created.
Step 3: You are now ready to boot the locked computer from Ophcrack USB. First, insert the drive into the PC and start it up. During the startup, you'll see a special key displayed (F2, etc.). Press it to get to the BIOS Setup Utility. Here, change the boot priority or boot order so the computer resumes booting from the Live USB instead of the native operating system on the PC. This is important, or else Ophcrack won't load. Save the changes and exit to resume the boot process.
Step 4: When the computer boots into Ophcrack, you'll see the main menu. Leave it on Automatic or Graphic Mode and hit Enter or let the countdown run down to 0. You should soon see a bunch of text, which means Ophcrack is loading and checking your partitions for the SAM files containing the password hashes for that computer.
Step 5: When the recovery process is over, you'll see a table containing the password and hash information. Look for the user whose account is locked, and the password for that will be found under the NTpwd column. You can note it down, then eject the Live USB and restart the computer. You will now be able to use the recovered password to log into the previously locked Windows account.
Ophcrack is a fantastic tool for recovering Windows password and has an amazing success rate for password less than 6 characters. However, for strong password, it takes weeks or months to break the password. And sometimes, Ophcrack doesn't work as expected on latest Windows 10 computers. So it is recommended using Ophcrack alternatives if it failed to work.
PassGeekr Windows Password Recovery is our first recommendation because it is quite effective to reset Windows password for all versions of Windows. It has a simple user interface with a built-in ISO burning feature so you don't have to install other apps to get it work. The process is much easier than Ophcrack as you will get screen prompt all the times in each step. It is the most user friendly programs for Windows password reset.
Another great alternative to Ophcrack is hastcat, which works the same way to recover Windows password. But it has much more rainbow tables to crack the password. It is a command line tool with a lot of advanced options. It is a nice try if you wished to recover the lost password instead of blanking it. Plus, it also supports recovering password from ZIP, RAR, Office and iTunes backup.
Although this is a fantastic tool for the most part, there's no special version for Windows 10. That means it may not work all the time. In some cases, the rainbow tables won't load or the tool might not be able to recover the password. If you've already spent a lot of time trying to get Ophcrack to work, it's better to look for other options like password reset tools. These are much quicker because they instantly remove the password, and the better ones in the market can be used to reset passwords for local user, guest and admin accounts, as well as Server admin and Microsoft account passwords. For the most part, however, if your password is fairly simple, then Ophcrack is more than capable of cracking the hash and recovering the forgotten or unknown password.