Say I have another PC in my house, I do not want to completely delete the PC's admin PW to set another one, i just want to find out what it is, I can use a linux boot disc to get to whatever files in windows I need to get to find the usernames and PW's.. I heard this is a secure protected file (a .SAM file?) that is encrypted.. any suggestions on how to unencrypt the PW or which file to look for in windows that contains the user and PW information for people for that PC? As far as I know it only uses one login and i know what it is, just need to recover the PW
any help is appriciated, thanks
Windows PW recovery question
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Ophcrack...
Uses Rainbow Tables for using a faster Cryptanalytic Time-Memory Trade-Off which out weighs the time of normal brute forces by miles away. The SAM file stands for I believe Security Account Manager or something like that.. the important thing is it stores the hashes for your account that you need to crack. Since windows session use the SAM file you need to burn ophcrack to load it up and crack it without booting into windows but a linux distrubtion. If the target OS is Windows XP Ophcrack starts cracking automatically... if Vista than you need to work a bit more to getting it.
More info on Sam Files and NT Password hashes:
-x0r
Code: Select all
http://elliottback.com/wp/cracking-windows-passwords-with-ophcrack-and-rainbow-tables/
More info on Sam Files and NT Password hashes:
Code: Select all
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=5721&mode=thread&order=0&thold=0
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
humm, ok I tried the live cd version of Ophcrack, and it could not find the password. To make sure i was useing it right i made a new user account with a real easy 6 digit number/letter PW, and it found the PW withint about 3 minutes. The other password contains symbols/letters/numbers mixture but it under 14 characters. Does Ophcrack not detect symbols in the PW?
So i am trying the latter.. i booted ubuntu and copied the sam file to a USB thumb drive for later cracking.. what is the best method to crack this hash? In the article it says JohnTheRipper is good, but doesnt that require a wordlist or something? or does it just go threw random number / letter / symbol combinations until it cracks the hash? thanks for all your help so far
So i am trying the latter.. i booted ubuntu and copied the sam file to a USB thumb drive for later cracking.. what is the best method to crack this hash? In the article it says JohnTheRipper is good, but doesnt that require a wordlist or something? or does it just go threw random number / letter / symbol combinations until it cracks the hash? thanks for all your help so far
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
I also tried this other hack where at the login screen you type control-alt-delete twice then it pops up another login menu where you can change the user name to administrator and leave the password blank and login as admin of the pc.
*didnt work* lol (know of any other work arounds that you dont have to delete or change the PW?) I heard of one but it brings you to DOS, i want access to the whole OS
I am downloading the SSTIC04-5k rainbow table now, im guessing ophcrack live cd does not offer the use of loading rainbow tables into it? I seen another rainbow table that was like 10GB also.. whats the diffrence? is a rainbow table like a huge wordlist or is it some kind of huge algorythm?
im getting tipsy myself , captian and coke lol
its friday and a full moon you know how that goes.. time for SAM cracking
*didnt work* lol (know of any other work arounds that you dont have to delete or change the PW?) I heard of one but it brings you to DOS, i want access to the whole OS
I am downloading the SSTIC04-5k rainbow table now, im guessing ophcrack live cd does not offer the use of loading rainbow tables into it? I seen another rainbow table that was like 10GB also.. whats the diffrence? is a rainbow table like a huge wordlist or is it some kind of huge algorythm?
im getting tipsy myself , captian and coke lol
its friday and a full moon you know how that goes.. time for SAM cracking
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
With Windows,if you have another root account on that machine you can overwrite the hash via command prompt.
Rainbow Tables is precomputed table of erm.. a lookup table offering a faster method than brute forcing. Some rainbow tables are small and only consit of small amount of hashes, some rainbow tables are up to as much as 100gb, and are probably used on super computers for cracking hashes all day. The bigger the table, the slower the crack will run, but the better chance you have in cracking the file.
-x0r
Rainbow Tables is precomputed table of erm.. a lookup table offering a faster method than brute forcing. Some rainbow tables are small and only consit of small amount of hashes, some rainbow tables are up to as much as 100gb, and are probably used on super computers for cracking hashes all day. The bigger the table, the slower the crack will run, but the better chance you have in cracking the file.
-x0r
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
If I overwrite the hash, wont that change the PW though?
I also noticed the sam file does not have a LM hash or NT hash that is readable like in ophcrack it may say something like "8H8chsjA7hBz00jdnHdhjkjs" or something.. but the sam file i have is like 240k bytes of this type of stuff like weird ansi characters and hollow square shapes, i tried opening in both notepad and wordpad, i just downloaded that one rainbow table which is about 1 gig, installed ophcrack on my pc and am going to do it like that, i dont care how long it takes as long as i get the PW
thanks
edit: i finally got the new rainbow table installed its about one gig, it was actully quicker then the preinstalled "xp free small" table.. still PW not found.. I also could not add a new table it seems like i had to edit an existing one to make it work .. what am i doing wrong?
i may need like a 100gb or very large rainbow table to do this one, could anyone please hook me up with a link for one eaither here or pm? thank you a million, i suspect the password is something crazy like "*^P4$5w0oRd::* or something crazy.. i need something to crack crazy PW like that it is under 14 characters , and i have all the time in the world to wait for it to crack
I also noticed the sam file does not have a LM hash or NT hash that is readable like in ophcrack it may say something like "8H8chsjA7hBz00jdnHdhjkjs" or something.. but the sam file i have is like 240k bytes of this type of stuff like weird ansi characters and hollow square shapes, i tried opening in both notepad and wordpad, i just downloaded that one rainbow table which is about 1 gig, installed ophcrack on my pc and am going to do it like that, i dont care how long it takes as long as i get the PW
thanks
edit: i finally got the new rainbow table installed its about one gig, it was actully quicker then the preinstalled "xp free small" table.. still PW not found.. I also could not add a new table it seems like i had to edit an existing one to make it work .. what am i doing wrong?
i may need like a 100gb or very large rainbow table to do this one, could anyone please hook me up with a link for one eaither here or pm? thank you a million, i suspect the password is something crazy like "*^P4$5w0oRd::* or something crazy.. i need something to crack crazy PW like that it is under 14 characters , and i have all the time in the world to wait for it to crack
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
in case anyone else needs them i found these tables on another site, have not tried them yet, have to format my pc
"Why reinvent the wheel?" is a popular phrase a friend of mine uses..
- http://passcracking.com/ (Register to increase your priority)
- http://www.md5crack.com
- http://www.hashchecker.com
- http://www.md5decrypter.com
- http://www.md5oogle.com
- http://md5-db.com (The database is approximately 70gb)
- http://md5.xpzone.de (Need Account)
- http://md5.rednoize.com(52,740,637)
- http://gdataonline.com/seekhash.php(1,133,757,582)
- http://www.tmto.org/?category=main&p...06.000.000.000)
- http://www.milw0rm.com/cracker/insert.php
- http://b-con.us/pages/md5.php (A javascript MD5 “live” calculator)
- http://blacklight.gotdns.org/cracker/crack.php (2,456,115)
- http://md5.benramsey.com
- http://plain-text.info
- http://www.hashchecker.com/?_sls=search_hash
- http://lasecwww.epfl.ch/%7Eoechslin/projects/ophcrack/
- http://www.md5lookup.com
- http://www.securitystats.com/tools/hashcrack.php
- http://schwett.com/md5/
- http://bokehman.com/cracker/
- http://darkc0de.com/database/md5lookup.html ( Include md5decrypter.com - passcracking.ru - milw0rm.com - gdataonline.com - md5.rednoize.com)
- http://md5.thekaine.de/ (Due to much traffic and problems with the performance i have decided to stop this service until i have the time to completly rewrite the system.)
"Why reinvent the wheel?" is a popular phrase a friend of mine uses..
- http://passcracking.com/ (Register to increase your priority)
- http://www.md5crack.com
- http://www.hashchecker.com
- http://www.md5decrypter.com
- http://www.md5oogle.com
- http://md5-db.com (The database is approximately 70gb)
- http://md5.xpzone.de (Need Account)
- http://md5.rednoize.com(52,740,637)
- http://gdataonline.com/seekhash.php(1,133,757,582)
- http://www.tmto.org/?category=main&p...06.000.000.000)
- http://www.milw0rm.com/cracker/insert.php
- http://b-con.us/pages/md5.php (A javascript MD5 “live” calculator)
- http://blacklight.gotdns.org/cracker/crack.php (2,456,115)
- http://md5.benramsey.com
- http://plain-text.info
- http://www.hashchecker.com/?_sls=search_hash
- http://lasecwww.epfl.ch/%7Eoechslin/projects/ophcrack/
- http://www.md5lookup.com
- http://www.securitystats.com/tools/hashcrack.php
- http://schwett.com/md5/
- http://bokehman.com/cracker/
- http://darkc0de.com/database/md5lookup.html ( Include md5decrypter.com - passcracking.ru - milw0rm.com - gdataonline.com - md5.rednoize.com)
- http://md5.thekaine.de/ (Due to much traffic and problems with the performance i have decided to stop this service until i have the time to completly rewrite the system.)