<H1>Table of Contents</H1><P>
<A href="#pref">Preferences tab</A><BR>
<A href="#load">Load button</A><BR>
<A href="#delete">Delete button</A><BR>
<A href="#save">Save button</A><BR>
<A href="#tables">Tables button</A><BR>
<A href="#crack">Crack button</A><BR>
<A href="#help">Help button</A><BR>
<A href="#exit">Exit button</A><BR>
<li>Number of threads: It allows you to set the number of threads the program will use and to enable or disable the brute force cracking. The number of threads should be set to the number of cores of the computer running ophcrack plus one. For example, for an old processor set the number of threads to 2, for a Core 2 Duo to 3 and for a Core 2 Quad to 5. If you change this value, you have to exit ophcrack and to restart it in order to save the change. If you don't exit and restart, the new number of threads will not be taken into account by the program.
<li>Number of hash/redux per task: Every work that ophcrack does is separated in smaller tasks. This setting enables you to specify the length of one task. Depending on your hardware, using a smaller or larger value can enhance performances a little bit.
<li>Max length of the disk queue: In order to reduce the I/O impact on performance, ophcrack precomputes more tasks than what the harddisk can handle normally (when tables are not loaded in RAM). Setting this value to 50 will make ophcrack wait more on the harddisk. You should usually let it to 500.
<li>Bruteforce: ophcrack cracks the hashes loaded using brute force up to 4 characters if this setting is enabled. It permits one to speed up the cracking process since small passwords won't be searched in rainbow tables but bruteforced. The bruteforce is executed at the same time as the preloading.
<li>Session file: You can specify a filename in this field by using the Choose button at the right of the field. If you enable the checkbox on the left, ophcrack will then automatically save the state of cracking in that file, every 30 seconds. If you later want to recover the status of your search, you can load your session file form the menu of the Load button and ophcrack will start the cracking in the same state in which you let it.
<li>Hide usernames: When sets to yes, Ophcrack will hide the user names you are going to crack. This option may be useful when the auditor want to do an anonymous password strength assessment.
<li>Audit mode: When sets to yes, the user name will be replaced by a number and the cracked password will not be showed. Furthermore, the time needed to crack this individual password, the password complexity and length will be showed in the Ophcrack main window.
<li>Default: This button resets the settings to their default value. Settings are automatically saved when ophcrack exits.
Use this button to load hashes into ophcrack. You can choose from :
<li>Single hash : To insert a single hash manually into ophcrack.
<li>PWDUMP file : To import hashes from a file generated by pwdump, fgdump or similar third party tools.
<li>Session file: To restore a previously recorded automatic session file.
<li>Encrypted SAM : To import hashes from the SYSTEM and SAM files located in the Windows system32/config directory. You can only access these files on a Windows partition from which Windows was NOT started.
<li>Local SAM : To automatically dump hashes from the local SAM. You MUST be logged in with the local administrator rights.
<li>Remote SAM : To automatically dump hashes from a remote computer. You MUST supply administrator credentials for the remote computer you want to dump the SAM.
<p>Use this button to delete the currently selected hash. You can also hit the key 'Delete' on your keyboard and make multiple selection by using the Ctrl or Shift keys. Ctrl-a will select every loaded hashes. Deleting the hashes you are not interested in (e.g the Guest account) will speed up the cracking process of the remaining hashes.
Use this button to save the cracking results. You can choose from :
<li>Save to file : Use this button to save the results of a cracking session to a file. The results are saved in a pwdump format and can then be reimported into ophcrack.
<li>Export to CSV : Use this button to export the results of a cracking session to a comma separated values file. The CSV file can then be imported into spreadsheet applications, but not into ophcrack.
This is where you install and select the sets of rainbow tables you want to use. You need to have a physical copy of the tables you want to install. The XP free fast, XP free small and Vista free tables sets could be freely downloaded from ophcrack website. The remaining tables sets are sold by Objectif Securite. The ophcrack tables homepage is at http://ophcrack.sourceforge.net. Keep in mind that storing the rainbow tables on a fast medium like a hard disk or flash drive will significantly speed up the cracking process. Avoid using your tables from CDROMs or DVDs.
To install a set of tables, click the install button, locate the tables set on your hard disk and then click the Choose button. If you provided a correct directory, there will be a green dot in front of the table name. Repeat the same process to install the others sets of tables you have.
Once installed, you can enable or disable a table set or even a single table. This is done by selecting the table set or the table you want to enable or disable and then clicking on the green or yellow button on the bottom left of the Table Selection pane.
When enabling multiple tables set, you can also change the order the tables sets will be used by ophcrack for cracking the loaded hashes. This is done by selecting the table set you want to change the order and then by clicking on the arrows on the bottom left of the Table Selection pane.
<p>The crack button starts the cracking process. You'll see the progress of the cracking process in the bottom boxes of the ophcrack window. When a password is found, it will be displayed in the NT Pwd field. You can then save the results of a cracking session at any time with the Save button. You can suspend a cracking session with the Stop button and resume it later by pushing the Crack button again.
<p>The Help button displays this help.
<p>Use this button to exit ophcrack.