Ophcrack is a popular Windows password tool for unlocking Windows computer if you ever get locked out of your PC. Using something called Rainbow Tables, Ophcrack works by retrieving the hashes from local SAM files and matching them against the hashes of thousands or millions of common passwords combinations.
It does have its drawbacks because it is essentially a command-line utility, which means you need some level of experience or at least familiarity with the whole process of password hashing, dumping the hash files, and cracking the NTLM password in Windows. However, if you use the Ophcrack Live CD method of cracking Windows local passwords, it's a lot easier even without any experience.
Ophcrack is useless if no tables come with it. Ophcrack uses rainbow tables to crack password on Windows PC. Essentially, a rainbow table is a file containing the hashes of a large number of possible passwords. These hashes are used to match the hash value of the original password. When a match is found, the password corresponding to that hash value will be your recovered password. Although it seems like a time-consuming process, it is much faster than a brute-force attack, where a hash value is calculated for every possible combination of letters, numerals, and special characters.
Ophcrack works by employing built-in or uploaded rainbow tables to help crack your Windows password. The actual process is described in the following section.
It has been ten years since the first version of Ophcrack was released, which aimed to help user recover lost password from Windows XP. After that, Ophcrack added more support for later Windows versions, including Windows Vista, Windows 7, Windows 8 and Windows 8.1. You can find the Live CD for old Windows versions except Windows 10. For sure, Ophcrack does have good support for Windows 7. No question about it.
Does Ophcrack support Windows 10? It depends. Ophcrack portable version can run directly on Windows 10, meaning you still have access to that computer. You can use Ophcrack to crack password for local users. However, if the password was forgotten, then there is no way to recover Windows 10 password. Why? Because there is no Live CD version for Windows 10. Only Windows XP, Windows Vista and Windows 7 are available. You have to use Ophcrack alternative suggested in below sections to reset forgotten password on Windows 10.
Live CD is a new form of installation media and usually ends with .iso or .img. It is a compressed archive and can be used to run OS directly from USB drive without installing the OS on hard drive. Ophcrack built its own Live CD in version 3.3.0 on June 2, 2009. Unfortunately, Ophcrack Live CD is only available for Windows 7, Windows Vista and Windows XP.
After downloading Ophcrack Live CD (ISO image file), you have to burn Ophcrack ISO to USB to make it bootable so it can be used to boot from locked Windows computer. If you don't know how to do this, please visit this ISO burning guide to complete the process. Once it is finished, you can now use Ophcrack bootable USB to recover forgotten or lost Windows password.
Step 1: Insert Ophcrack USB into locked computer and start it up. To boot from Ophcrack USB instead of native Windows OS, hit the special key (e.g. F2, Esc, etc.) that takes you to BIOS Setup Utility menu. You can now change the boot order and exit after saving your changes.
Step 2: The computer should now boot up into Ophcrack. You will see the program interface and click on 'Ophcrack Graphics Mode Automati'. From here, everything is automated.
Step 3 : Once Ophcrack being loaded on the screen, you will see a list of user accounts. Please remove unrelated accounts by using the Delete button and only leave the account you are going to crack the password.
Step 4: Click 'Load' tab to import the downloaded rainbow tables into the program. Now click 'Crack' button to start the password recovery process. Wait for the result and if successful, your password will be displayed under the NT Pwd column against that user name, as shown in the screenshot below:
As you can see, the process is fairly straightforward. However, it could take up a lot of your time because rainbow tables are usually very large. In addition, the time taken depends on the complexity of your password. If you feel that you don't have the time or the patience to wait it out, you can consider these two fantastic ophcrack alternatives showcased below.
PassGeeker for Windows is an award-winning Windows password reset tool that allows you to instantly blank out any local or network password using a password reset disk created on another computer. It works by using a preinstallation environment similar to Ophcrack, but the major difference is that the password is reset instantly instead of being recovered. You don't need to wait for any time even it is a complex password.
The software is super-easy to use and it only takes a few minutes to create. Once you have the disk, you can unlock any Windows PC in a matter of seconds. After the password is cleared, remove the disk and reboot your computer; you can now log in without the need to enter a password.
The other piece of software is formally known as the Offline NT Password & Registry Editor but is often referred to as the 'chntpw' tool. As with most other tools, you'll need to create a bootable USB drive or DVD/CD on a different PC; however, the chntpw tool also allows you to run the program directly from a USB drive.
Just make sure you download the right version. Essentially, you boot your locked PC off this media and then choose a few command line options to either reset the password to blank or change it to a new password. There's no automated version. Though it is more complicated than PassGeeker for Windows, it takes much less time than Ophcrack without the Live CD method. Recommend for users who are familiar with commands.
Ophcrack is a powerful tool for password recovery but most users prefer to simply erase the old password without the risk of losing data. For that purpose, PassGeeker for Windows comes highly recommended because it doesn't touch any of the data on the locked computer. In addition, it is a completely self-contained tool so you don't need to do any command-line work or worry about needing a separate disk authoring application to create your bootable USB.