Cracking Passwords Version 1.1

Only available on StudyMode
  • Topic: Password, LM hash, Floppy disk
  • Pages : 40 (15485 words )
  • Download(s) : 158
  • Published : September 20, 2012
Open Document
Text Preview
Cracking Passwords Version 1.1

file:///D:/password10.html

Cracking Passwords Version 1.1
by: J. Dravet
February 15, 2010 Abstract
This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I did not want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, RaginRob, stasik, and Solar Designer. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum. I will cover both getting the SAM from inside windows and from the BackTrack CD, DVD, or USB flash drive. The SAM is the Security Accounts Manager database where local usernames and passwords are stored. For legal purposes I am using my own system for this article. The first step is to get a copy of pwdump. You can choose one from http://en.wikipedia.org/wiki/Pwdump. Update: I used to use pwdump7 to dump my passwords, however I have come across a new utility called fgdump from http://www.foofus.net/fizzgig/fgdump/ This new utility will dump passwords from clients and Active Directory (Windows 2000 and 2003 for sure, not sure about Windows 2008) where pwdump7 only dumps client passwords. I have included a sample hash.txt that has simple passwords and should be cracked very easily. NOTE: Some anti-virus software packages flag pwdump* and fgdump as trojan horse programs or some other unwanted program. If necessary, you can add an exclusion for fgdump and/or pwdump to your anti-virus package so it won't flag them. However it is better for the community if you contact your anti-virus vendor and ask them to not flag the tool as a virus/malware/trojan horse. You can find the latest version of this document at http://www.backtrack-linux.org/

Contents
1 LM vs. NTLM 2 Syskey 3 Cracking Windows Passwords 3.1 Extracting the hashes from the Windows SAM 3.1.1 Using BackTrack Tools 3.1.1.1 Using bkhive and samdump v1.1.1 (BT2 and BT3) 3.1.1.2 Using samdump2 v2.0.1 (BT4) 3.1.1.3 Cached Credentials 3.1.2 Using Windows Tools 3.1.2.1 Using fgdump 3.1.2.2 Using gsecdump 1 of 45

2/15/2010 3:48 PM

Cracking Passwords Version 1.1

file:///D:/password10.html

3.1.2.3 Using pwdump7 3.1.2.4 Cached Credentials 3.2 Extracting the hashes from the Windows SAM remotely 3.2.1 Using BackTrack Tools 3.2.1.1 ettercap 3.2.2 Using Windows Tools 3.2.2.1 Using fgdump 3.3 Cracking Windows Passwords 3.3.1 Using BackTrack Tools 3.3.1.1 John the Ripper BT3 and BT4 3.3.1.1.1 Cracking the LM hash 3.3.1.1.2 Cracking the NTLM hash 3.3.1.1.3 Cracking the NTLM using the cracked LM hash 3.3.1.1.4 Cracking cached credentials 3.3.1.2 John the Ripper - current 3.3.1.2.1 Get and Compile 3.3.1.2.2 Cracking the LM hash 3.3.1.2.3 Cracking the LM hash using known letter(s) in known location(s) (knownforce) 3.3.1.2.4 Cracking the NTLM hash 3.3.1.2.5 Cracking the NTLM hash using the cracked LM hash (dumbforce) 3.3.1.2.6 Cracking cached credentials 3.3.1.3 Using MDCrack 3.3.1.3.1 Cracking the LM hash 3.3.1.3.2 Cracking the NTLM hash 3.3.1.3.3 Cracking the NTLM hash using the cracked LM hash 3.3.1.4 Using Ophcrack 3.3.1.4.1 Cracking the LM hash 3.3.1.4.2 Cracking the NTLM hash 3.3.1.4.3 Cracking the NTLM hash using the cracked LM hash 3.3.2 Using Windows Tools 3.3.2.1 John the Ripper 3.3.2.1.1 Cracking the LM hash 3.3.2.1.2 Cracking the NTLM hash 3.3.2.1.3 Cracking the NTLM hash using the cracked LM hash 3.3.2.1.4 Cracking cached credentials 3.3.2.2 Using MDCrack 3.3.2.2.1 Cracking the LM hash 3.3.2.2.2 Cracking the NTLM hash 3.3.2.2.3 Cracking the NTLM hash using...
tracking img