Ophcrack Getting the hashes The interface allows for three ways of dumping password hashes:
* encrypted SAM: dumps the hashes from the SAM and SYSTEM files retrieved from a Windows machine while booting on another disk. Note that in this case you do not need to know a Windows administrator password to get the hashes.
* local SAM (only for the Windows version of Ophcrack 2.3): dumps the hashes from the Windows machine the program is running on. You need to be administrator of your local machine for this to work.
* remote SAM (only for the Windows version of Ophcrack 2.3): dumps the hashes of a remote Windows machine, provided you know the username and password of an administrator and the name of a share.
Alternatively, you can also crack hashes that you have saved from a previous session or obtained with another tool. Cracking the hashes The launch button starts the cracking process. It can be interrupted and the results saved in a file, which can be loaded again at a later time.
Ophcrack Live CD The Ophcrack LiveCD is a bootable Linux CD-ROM containing ophcrack 2.3 and a set of tables (SSTIC04-10k). It allows for testing the strength of passwords on a Windows machine without having to install anything on it. Just put it into the CD-ROM drive, reboot and it will try to find a Windows partition, extract its SAM and start auditing the passwords.