Hacking Windows 2000 and XP Passwords
Hacking windows 2000 and XP passwords is really easy... All ya
need is the
right tools and the knowledge to use them...
Terms Used:
Hash: Encrypted passwords that windows uses
DOS: Also reffered as command prompt.. To open go to run and type
command
Sam: The File That contains the passwords in encrypted form
Tools needed:
Minimum requirements
Computer-- Yeah Du
Understanding on how to use DOS
John The Ripper ( Can be found at any good hacking site )
Pwdump2 ( Same as Above. )
Maximum Requirements
Computer
L0phtcrack 3.0 or above ( Runs about $100+. Not Really good for
a hacker on
a budget)
Quick Overview Of Tools
L0phtcrack: A nice GUI windows 2000-XP cracker made by l0pht. (
Costs $$)
John The Ripper: A command prompt tool used to crack passwords.
(Free)
Pwdump2: A tool used to extract hashes from the protected sam file.
( Free )
Using Pwdump2
Pwdump2 is a hash retrieval program that runs in DOS. The sam file
is
normally protected by windows and will not allow you to copy it
or open it
under any circumstance. Pwdump2 provides a quick and easy way to
obtain the
hashes. Some other ways of obtaining the hashes is to boot to a
separate
operating system and recover them..
Below is a simulation of what you should do.. We are assuming the
pwdump2 is
in the c: drive and the folder. It is also taken place in the DOS
( Command
Prompt ).
First We Go To The Folder
c:cd pwdump2
Now We Are In The Folder
c:pwdump2
Now we are going to run the program and see the print out.
c:pwdump2pwdump2
Administrator:500:f22487de2f1sdaw0aad3b435b51404ee:d0c3985a7dsawq190d8b04c06
1c3e:::
Guest:501:aad3b435b51404eeaad3asdwb51404ee:31d6cfsdaw16ae931b73c59d7e0c089c0
:::
HelpAssistant:1000:158dbeae7e5dasf9a2515e837c97827:9cfec91asdwdb011860fa3816
6da9eaa1:::
You:1003:8c96188dd805daf3aaddas251404ee:96ce08a2c2dsa0296c8e673506d763d9:::
These Are Not Actual Hashes.
We see in the first part the name of the user ( Username )
Then followed by the hashes and other information. ( Ya dont need
to know
anything about this. )
Now we will save the sam file to the c: direcotry as a regular
text file.
c:pwdump2pwdump2 > c:Pass.txt
c:pwdump2
It will not print out anything but it will save the file as pass.txt
to the
c: directory.
Using John The Ripper
John the Ripper will also be used in the command prompt.
John the Ripper is a cracker that can either use brute for or dictionary
attacks.
I will now show you how to use John The Ripper. We assume that
John the
Ripper is located in c:John and that the hashes from pwdump2 are
located on
the c: drive with the filename pass.txt. At the end of this section
there is
a list of options you can use with John the Ripper.
We First Go From the c: to the john folder where John The Ripper
is located.
c:cd john
c:john
Now we run the program in brute force mode.
c:johnjohn.exe -i:all c:pass.txt
Loaded 3 passwords with no different salts <NT LM DES [24/32
4K]>
The hashes are loaded and it is now cracking them..
If ya get bored and would like to see the progress then just hit
esc key and
it will print out something like this.
guesses: 0 time: 0:00:00:30 c/s: 218534 trying: LYLB - BMWH
Hitting esc again lets you view the status of the crack.
Options
All options can be put at the end of the exe with a - proceding
them.
-i: = Incremental.. This can be used with the following commands..
alpha: Letters only..
digits: Digits Only
all: All characters
Example: c:John.exe -i:digits c:pass.txt
To View All Options just hit john.exe with no options or passwords
loaded
and it will list them all out.
Using L0phtcrack
This will not be a complete detailed tutorial of L0phtcrack but
it will let
you understand the basics. I will be using L0phtcrack 2.52 since
i dont have
the money to purchase the new one.. Got this one about a year ago
and i
still think you can purchase it.
First off this program is really much like john the ripper but
with some
added features and a nice gui interface.
The added features are:
SMB capture ( Captures Hashes over a network )
Registry Dump ( Dumps hashes from registry )
Ability to completly hide it from the desktop
Importing hashes from a file
Ok lets start with the previous hashes we got from pwdump2. First
we go to
file then import passwords from file.. Then select the file with
the
password hashes.
File>Open Passwords From File>c:>pass.txt>Open
Now you should see the hashes in the windows below. To crack press
F4 or hit
tools and run crack.
Dump passwords from registry
Go to tools then dump passwords from registry.
Tools>Dump Passwords From Registry>
SMB Capture
Go to tools and select SMB capture. It will now monitor the network
for
hashes being sent for remote login or other password req. services.
Tools>SMB Capture>
When it finds on it will be listed. ( It wont work with my network
card so i
cant help you with anything past that )
Options
Go to tools then options at the bottom.
There are a couple of options.
Lanman and Ntlm are the hashes you want the dictionary attack to
take place
against.
Brute Force lets you turn it off or on by selecting or deselecting
the
enabled button.
The character set allows you to select the characters to use when
brute
force.
Last Words:
Thank you for reading my tutorial written by me. I give you full
permission
to distribute this tutorial to anyone you wish as long as the credits
and
body of the tutorial stay unchanged and intact. Any questions you
have
should be voiced on forums like blackcode.com etc.. and i will review
them..
My codenames are -=Moses=- ( Blackcode and some video games) 13110
( Code
Name for some sites ) and Clash.. Remeber that people might Remembero
be me
( Have No Idea Why But Ive Seen It Happen Maybe 2 Times )
Disclaimer:
I do not promote hacking or cracking. I do not also claim responsibility
for
the way any of the programs act. I also do not claim them to be
my own.
L0phtcrack is owned by L0pht and is avalible for purchase fromavaliableom.
Pwdump2 and John the Ripper are avalible for download on tavaliablenet.
TRY
GOOGLE.COM, BLACKCODE.COM.
|