“Every man-made security measure can and will be broken.” That’s my motto when I secure my car, my house, my belongings, my money, my computer, and – most importantly – my data. If God did not protect it, with enough time, it will be exploited.
A couple of weeks ago, my dad’s boss dug an old 2002 laptop out of his garage. It was a decent IBM ThinkPad with Windows XP. His only problem was that he did not remember the Administrator password. They went to various computer shops like Circuit City, Best Buy, and Goodwill Computer Works to get an estimate on the time and cost it would take to crack or just reset the master Windows password. To their dismay, the price quotes ran at least $50 and the required time would take at least 24 hours! My dad knew that I would be able to find a way to crack it in a short amount of time and at a cheaper cost. So, his boss hired me to do it instead.
Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.
Ophcrack is pretty useless if you have no access to any operating system (especially the one you are trying to crack). For that problem, the creators of Ophcrack released a Linux liveCD – much like Knoppix – that automatically cracks the Windows password without any questions, options, or promptings. Just boot from the CD/DVD drive before the BIOS attempts the hard drive and leave it for a couple of minutes (depending on the password complexity).
When I cracked the IBM ThinkPad, it was actually my first time using Ophcrack. I was surprised when it revealed the simple password in about 3 minutes! My dad told his boss the password and he was like, “Oh yeah … I remember now. I used my childhood nickname as my password!”
In the end, I earned some respect and $30 for about 3 minutes of work!