CSE 466, Fall 2017: Project
(Cracking Win Vista/7 passwords with Ophcrack)
Due Date: Oct 5
end of class
Method of submission: Print out only
Projects to be done in groups of two (enforced)
(use discussion board or in-class interaction to find partners)
Warning: These instructions are meant to
provide you training with security issues. You are advised to implement this
project on your personal machines, or on Virtual Machines owned by you, or
provided through the class. Use these instructions to hack into accounts owned
by you, or get explicit permission from a friend to hack into their account.
Hacking a real accounts without permissions is a BAD idea it is a criminal offense. You may be even jailed for it.
These instructions are intended to train computer security professionals, not to help criminals.
Cracking Win 7 passwords with ophcrack. This project can be done on Vista, 7 and maybe 8. Win 10 does not work.
This project is a demo/learning experience on rainbow tables. Win 7 passwords are harder to crack than Win XP, the tables are smaller but XP is old, We will do the Win 7 cracking.
The summary of project:
Use a Win 7 machine, or install Win 7 in a virtual machine. See notes at end. Add a few accounts to it. Vary the passwords starting from empty, two four letters (no special characters or numbers), four ten letters (no numbers or special char), higher than 10 letters.
Getting the software:
Ophcrack is available as a live CD and as a .exe that runs under Win 7. Use the .exe, it is easier to use. You can download it from the location below. However, to save download bandwidth, please share with others.
Getting the tables:
With the EXE file and a table, it is easy to start it up and crack passwords. Note that password cracking on Win 7 is time intensive and may take hours or even days for large passwords.
Notes on Downloading
To install and play it use VMWARE Player. VirtualBox is fine, but it seems to be unable to access USB flash drives.
The Win 7 ISO and the Rainbow tables are VERY large files. If you choose to download the use a wired connection, and have many hours at disposal. However we would like to discourage you from downloading large files because:
1. Takes too much time
2. You may be on a data limited ISP plan or may run into some unknown data usage limits.
3. It makes the servers get loaded (especially when a class of students starts downloading files).
4. We do not want to get blacklisted by anyone.
So there are a few options.
1. Form a large group and get one person to download and the rest of you share the downloaded files.
2. Visit the graders during office hours with a laptop. They will have a USB flash drive with the software. Copy the files to your laptop. Do NOT attempt to copy to another USB drive, it will take hours.
3. Use discussion board to find people who have downloaded the stuff.
Submit: A 2-3 page summary of your observations (hard copy).