my friend had told me that if i will give him an access to a computer in a network he could take out the passwords and users from that computer and scan with them the whole network for different vurlnbilties with what he got in first time... is it possible?!
dmg
Jan 6 2004, 08:44 PM
I think your friend wants to run pwdump2 on one PC in the network and crack the passwords with L0phtcrack.
If all the PC's in the network have the same Administrator password he can use dameware/psexec.exe to hack them all.
This is called Network hack
GhostCow
Jan 6 2004, 08:56 PM
with what encryption are the passwords encrypted and how long does it take for l0pht to crack em usually?
dmg
Jan 6 2004, 09:06 PM
may take a long time (days) but usually no longer then a few hours. What encryption i don't know, L0phtcrack checks the NT password hashes.
You have to be very lucky to find a network where this hack works thought. Sharing has to be enabled.
Thom
Jan 6 2004, 09:09 PM
its md5 i belive? crack it with that LC4 appie, used it sometime with the dic in it and it took like 3secs and it cracked around 20% of all passes, which is good.
UnDeRTaKeR
Jan 6 2004, 09:57 PM
10q all! and my friend.. ill kill him! hehe
LoCaliSe
Jan 7 2004, 03:05 AM
anyone know the command rcp whith dos ?
How i can Hack a lan whith that ?
Uniter
Jan 7 2004, 04:22 AM
not MD5, it uses its own proprietary hashing called LM hashes..... its quite easy to do....
Yorn
Jan 7 2004, 04:52 AM
I can crack 99% of LM hashes (Windows NT passwords) for an alpha numeric password in under 3 minutes. It's with a utility called rcrack (rainbow crack, rainbow tables, etc.) I pull the hash with a "pwdump2.exe >> file.txt" then I take the file.txt and run rcrack to crack the passwords. The tool is priceless.
The idea is you pregenerate all the possible passwords then crack them when you have the time. It requires weeks to precompute the tables, but most crackers/hackers will already have them. So it's a good idea to use MORE than just alpha-numeric.
I generated the table to see if I could find a 1% password in alpha-numeric that couldn't be cracked using this utility. It is hard to find one that is easy to remember though. The auditing possibilities are pretty straightforward. If you want to get a password that cannot be cracked with this utility, then the only way to find one is to get this utility.
Another thing it will do is find partial passwords (to some extent) and from there you're on your own. I don't think there is anywhere where you can download the tables pregenerated. I think I had 5 of them and they are all like 1.2 gig in size (600 meg compressed).
Eventually though, I could see people selling bootable DVDs that could boot up, pull the SAM with pw2dump.exe and then crack the password on a machine. Which would be pretty crazy. I've also heard that there are some sites out there that will let you submit the .txt output from pwdump2 and will email you the cracked passwords. I was actually thinking about making a web utility like this myself, for myself.
With the latest version of rainbow crack, you can pre-compute md5 hashes. This might take longer and require more HD space, but the possibilities are then endless. I might take this project on as my next big one.
dmg
Jan 7 2004, 07:49 AM
Yorn, SecureIT.co.il is doing a rainbow crack project. Members are asked to crunch one or more charset's (distributed computing) untill all charset's are done (I believe a total of 119GB). When this is all done you can submit your LM Hashes and get the passwords in less then a few minutes.
Yorn
Jan 7 2004, 09:41 PM
Wow, that's pretty crazy of them. I'm going to check it out. I don't know how they intend to store all that data. Maybe they are going to compress it. I think the MD5 all would be more useful than the lmhash anyway.
Actually, that's more than crazy. That's just downright INSANE. There's no reason to do more than alphanumeric or alphanumeric14 (the next one). "All" is just plan stupid.
zero-maitimax
Jan 8 2004, 07:32 AM
i think he just wanne scan with a exploit scanner...
jogo
Jan 8 2004, 09:21 AM
okay this is really n00bish i know but i'm sure its probobly easy to do, ok my roommate doesn't think i can hack into his computer its the same model as mine and our computers are connected on wireless p2p network, i know his username and password and ip so i could just get on it but i wanna do it sneaky like, file sharing is disabled on c drive so is there a way i can get around that? i was reading on somewhere about using telenet to ftp or something, help would be great!
UnDeRTaKeR
Jan 9 2004, 08:24 PM
Can anyone please give me his tables? i cant do such a big table lake 1.2GB... its to big and long... any chance to get one? BTW i still didnt got the idea(there are some stupid peoples, yes) after i got the password uncoded and the user name what can i do with them to test the vurlnblities of the network? can you please be more specified? 10x 4 all the helpers
zero-maitimax
Jan 12 2004, 09:25 AM
QUOTE (jogo @ Jan 8 2004, 09:21 AM)
okay this is really n00bish i know but i'm sure its probobly easy to do, ok my roommate doesn't think i can hack into his computer its the same model as mine and our computers are connected on wireless p2p network, i know his username and password and ip so i could just get on it but i wanna do it sneaky like, file sharing is disabled on c drive so is there a way i can get around that? i was reading on somewhere about using telenet to ftp or something, help would be great!
you could trai this.. maybe it will work
computer ->manage ->action>connect to other computer> name:ip>oke goto shared folders>shares ->>newshare c:\ C$
chris105
Jan 12 2004, 09:01 PM
[B]RCP[/U] Just runs dos commands on a remote computer
The syntax is : rcp computer username password command
zero-maitimax
Jan 13 2004, 08:45 AM
QUOTE (chris105 @ Jan 12 2004, 09:01 PM)
[B]RCP[/U] Just runs dos commands on a remote computer
The syntax is : rcp computer username password command
i think he will notice it
Faceless Master
Jan 13 2004, 10:51 AM
Here is another method related to LAN
QUOTE
In computers of most schools, colleges, cyber-cafés, workplaces and Information Institutions running Windows 2000 and XP, we often get a limited account to work with.
This is areally frustrating since we are deprived of those administrative options which could do the many things we wanted to.
Recently, I had written on 'how to hack into XP and Win 200 administrotor accounts through DOS (using CHNTPW.EXE). But this requires a system restart which might not be possible in the presence of your supervisor.
So, here I am going to discuss the benefits of a utility, I recently encountered on the net (thanks to nulldevice).
There are 2 different utilities available for this hack.
'Getad.exe' for Windows 2000. 'Getad2.exe' for Windows XP.
Download the one you require.
Now, log on to a limited or Guest account and execute the utility.
This will open Command Prompt, but with all administrative options. Now, to make things simpler, at the command line type:
control userpasswords2
User accounts information dialog opens. Select the account you're using and click 'Properties' then 'Group Membership'. It displays to which Group your account belongs... it might be 'Standard Users', 'Guests' or something like that. Change it to 'Administrators'. Press 'Apply' then 'Ok'. You may require to log off and re-logon.
Do it... and enjoy being the administrator.
Have Fun Regards ~Faceless Master
nolimit
Feb 1 2004, 06:58 PM
QUOTE (Yorn @ Jan 7 2004, 09:41 PM)
Actually, that's more than crazy. That's just downright INSANE. There's no reason to do more than alphanumeric or alphanumeric14 (the next one). "All" is just plan stupid.
Incorrect. Most good admins know the standard charset, and use chars not in it, only in ALL. I know thats what I do , to escape people like you
GhostCow
Feb 1 2004, 09:16 PM
chris thanks for the info! this command looks very intresting
GhostCow
Feb 1 2004, 09:19 PM
doesn't windows convert all passwords to upper case when encrypted? thus making lower case table generation obsolete.
p.s: i just picked it up here, ill check it out with my computer if my pass is case sensitive...
nulladd
Feb 2 2004, 12:34 AM
QUOTE (nolimit @ Feb 2 2004, 05:58 AM)
QUOTE (Yorn @ Jan 7 2004, 09:41 PM)
Actually, that's more than crazy. That's just downright INSANE. There's no reason to do more than alphanumeric or alphanumeric14 (the next one). "All" is just plan stupid.
Incorrect. Most good admins know the standard charset, and use chars not in it, only in ALL. I know thats what I do , to escape people like you
haha i agree. i could have µ (alt+230) as a password and i am immune from these rainbow tables
yarma
Feb 2 2004, 12:10 PM
QUOTE
The idea is you pregenerate all the possible passwords then crack them
a search group of the EPFL (in switerland) had may a such tools. it take only 5a few seconds to crack an NT hash. and they say "We are also able to crack passwords built with 78 characters (mixed case letters, numbers and 16 others characters) in 30 seconds"!!!
that site is old and they have taken the project offline
QUOTE
I've also heard that there are some sites out there that will let you submit the .txt output from pwdump2 and will email you the cracked passwords. I was actually thinking about making a web utility like this myself, for myself.
theres an experimental one at www.nulladd.tk for MD5 only (results are good but slow to arrive)
globe7
Feb 2 2004, 11:08 PM
u can diagnoz the Encrypted password's with LC4.
Krogoth
Feb 6 2004, 09:23 AM
no luck for me when trying psexec on remote so i will give a try as suggested by chris105. thank you chris105.
ST.
Feb 6 2004, 10:41 AM
more links for arguments, guys
ST.
Feb 6 2004, 10:42 AM
hmm.. Is it possible to crack the passwords from MYSQL which are encrypted??? What progs should I use?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
