Government Security
Network Security Resources

Jump to content

Photo

Password Crackers

security hacking
  • Please log in to reply
22 replies to this topic

#1 goldeneye123454321

goldeneye123454321

    Private

  • Members
  • 8 posts

Posted 10 December 2009 - 07:39 PM

OK, im relitivly new to the whole hacking thing.
but i've been messing around with cain and able for some time now.
i need some help or advise

what are the best password crackers
what is the best method
and how would i make them portable?

thanks for helping this n00b
Posted Image

#2 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 10 December 2009 - 08:03 PM

First off lets assume you are testing the strengths of your own passwords here.

Secondly, I'll assume you are testing Windows passwords? More than likely XP up? So NTLM(1 and 2)

There are countless techniques and tools for this. I'll go over a few quick ones.

If you are logged on to the PC and have admin privileges, you could run FGDump - which will dump the passwod hashes to a file for you. You then import that into your favourite password cracker. (You would have to install FGDump though, or if you ran it remotely, would need administrator privileges)

John the ripper - one of the oldest and best password crackers. Has customizable dictionaries and bruteforce. Can get most simple passwords very quickly. Load the hash once obtained with FGDump (newest version of PWDump)

LopthCrack - Dictionaries, bruteforce (last i checked)

Cain - Can use dictionaries, bruteforce or rainbow tables.

Rainbow crack - Cracks only using rainbow tables

( Rainbow tables are pre-computed hashes. Makes cracking thousands of times faster.. but you need to obtain the right tables. You can learn more on them here http://en.wikipedia....i/Rainbow_table )

The tools mentioned above all crack Windows passwords. You just have to load the hashes. You want this to be portable. Perhaps you could install a Linux distro onto a USB stick (Like BackTrack and you could boot into these PCs and snatch the hashes and crack them later)

The tools above cover the PC once you are logged in. If you can't log in to the PC in question but have physical access then i'd recommend a bootkit. konboot will bypass all windows authentication. You can boot it up, log in with no password, run FGDump to get the password hashes then move on to cracking them with tools above. (There are numerous boot up disks with security tools, but the one i mentioned would probably be the easiest and quickest in this case... apart from)

opchrack http://ophcrack.sour...ge.net/ophcrack

ophcrack is a live linux distro, you boot off it, and it automatically loads all windows user accounts into a table, and automatically starts cracking them using built in dictionaries and rainbow tables. This will only crack simple passwords (or word combinations). But it will be very quick so usually good to start off with.

If you don't have physical access to the PC and want to crack their passwords remotely, you still need their password files. So the only way you can get on remotely is by exploiting a service on their box, 'hacking in' and getting their hashes.

There are many other ways of obtaining passwords - but you just asked about 'cracking them' so these are basically tools i know and use. Others may have different suggestions.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#3 goldeneye123454321

goldeneye123454321

    Private

  • Members
  • 8 posts

Posted 10 December 2009 - 08:09 PM

First off lets assume you are testing the strengths of your own passwords here.

Secondly, I'll assume you are testing Windows passwords? More than likely XP up? So NTLM(1 and 2)

There are countless techniques and tools for this. I'll go over a few quick ones.

If you are logged on to the PC and have admin privileges, you could run FGDump - which will dump the passwod hashes to a file for you. You then import that into your favourite password cracker. (You would have to install FGDump though, or if you ran it remotely, would need administrator privileges)

John the ripper - one of the oldest and best password crackers. Has customizable dictionaries and bruteforce. Can get most simple passwords very quickly. Load the hash once obtained with FGDump (predecessor of PWDump)

LopthCrack - Dictionaries, bruteforce (last i checked)

Cain - Can use dictionaries, bruteforce or rainbow tables.

Rainbow crack - Cracks only using rainbow tables

( Rainbow tables are pre-computed hashes. Makes cracking thousands of times faster.. but you need to obtain the right tables. You can learn more on them here http://en.wikipedia....i/Rainbow_table )

The tools mentioned above all crack Windows passwords. You just have to load the hashes. You want this to be portable. Perhaps you could install a Linux distro onto a USB stick (Like BackTrack and you could boot into these PCs and snatch the hashes and crack them later)

The tools above cover the PC once you are logged in. If you can't log in to the PC in question but have physical access then i'd recommend a bootkit. konboot will bypass all windows authentication. You can boot it up, log in with no password, run FGDump to get the password hashes then move on to cracking them with tools above. (There are numerous boot up disks with security tools, but the one i mentioned would probably be the easiest and quickest in this case... apart from)

opchrack http://ophcrack.sour...ge.net/ophcrack

ophcrack is a live linux distro, you boot off it, and it automatically loads all windows user accounts into a table, and automatically starts cracking them using built in dictionaries and rainbow tables. This will only crack simple passwords (or word combinations). But it will be very quick so usually good to start off with.

If you don't have physical access to the PC and want to crack their passwords remotely, you still need their password files. So the only way you can get on remotely is by exploiting a service on their box, 'hacking in' and getting their hashes.

There are many other ways of obtaining passwords - but you just asked about 'cracking them' so these are basically tools i know and use. Others may have different suggestions.

ok, lets say i need ways of obtaining the passwords.
so far cain works well when i do a dictionary & brute force on a lm hash.
my windows 7 only has ntls i believe its called
anyways once i get a hash, how would i hack or crack it using cain?
there is still a lot of stuff for me to learn and i would be happy if some one could teach me a bulk of the password obtaining/ cracking skill i need.

#4 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 10 December 2009 - 08:46 PM


First off lets assume you are testing the strengths of your own passwords here.

Secondly, I'll assume you are testing Windows passwords? More than likely XP up? So NTLM(1 and 2)

There are countless techniques and tools for this. I'll go over a few quick ones.

If you are logged on to the PC and have admin privileges, you could run FGDump - which will dump the passwod hashes to a file for you. You then import that into your favourite password cracker. (You would have to install FGDump though, or if you ran it remotely, would need administrator privileges)

John the ripper - one of the oldest and best password crackers. Has customizable dictionaries and bruteforce. Can get most simple passwords very quickly. Load the hash once obtained with FGDump (predecessor of PWDump)

LopthCrack - Dictionaries, bruteforce (last i checked)

Cain - Can use dictionaries, bruteforce or rainbow tables.

Rainbow crack - Cracks only using rainbow tables

( Rainbow tables are pre-computed hashes. Makes cracking thousands of times faster.. but you need to obtain the right tables. You can learn more on them here http://en.wikipedia....i/Rainbow_table )

The tools mentioned above all crack Windows passwords. You just have to load the hashes. You want this to be portable. Perhaps you could install a Linux distro onto a USB stick (Like BackTrack and you could boot into these PCs and snatch the hashes and crack them later)

The tools above cover the PC once you are logged in. If you can't log in to the PC in question but have physical access then i'd recommend a bootkit. konboot will bypass all windows authentication. You can boot it up, log in with no password, run FGDump to get the password hashes then move on to cracking them with tools above. (There are numerous boot up disks with security tools, but the one i mentioned would probably be the easiest and quickest in this case... apart from)

opchrack http://ophcrack.sour...ge.net/ophcrack

ophcrack is a live linux distro, you boot off it, and it automatically loads all windows user accounts into a table, and automatically starts cracking them using built in dictionaries and rainbow tables. This will only crack simple passwords (or word combinations). But it will be very quick so usually good to start off with.

If you don't have physical access to the PC and want to crack their passwords remotely, you still need their password files. So the only way you can get on remotely is by exploiting a service on their box, 'hacking in' and getting their hashes.

There are many other ways of obtaining passwords - but you just asked about 'cracking them' so these are basically tools i know and use. Others may have different suggestions.

ok, lets say i need ways of obtaining the passwords.
so far cain works well when i do a dictionary & brute force on a lm hash.
my windows 7 only has ntls i believe its called
anyways once i get a hash, how would i hack or crack it using cain?
there is still a lot of stuff for me to learn and i would be happy if some one could teach me a bulk of the password obtaining/ cracking skill i need.


To be honest i've never done anything with Windows 7. I thought it used the same authentication techniques as XP/Vista? NTLMv2? Someone may be able to clarify this. Perhaps they salt it or something, not sure. But I did read that ophcrack could load and crack Windows 7 passwords... if that is the case, wouldn't it be the same as XP and Vista, and if that is the case, any of the methods mentiomed above should work? (Again, never touched 7 so someone should clarify this for you). Either way, try running FGDump and see if yo ucan obtain the hashes - nothing to lose... (once you have obtained the hash, in Cain, go to 'cracker' > 'import' > and find the appropriate option for your hash - you should read the manual, we can't hold your hand all the way)

Some other methods for grabbing passwords if you have access to the PC would be to install a keylogger (software OR hardware)

Also, you should read up on Windows authentication and how it works so you get a better understanding of what you are doing. Makes things easier.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#5 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 14 December 2009 - 12:07 PM

Have you tried Cain & Abel ?

I have seen the updates in the official site (oxid.it) and it seems to work on Windows 7. Notice I have not yet tried but I guess you are able to crack passwords that are up to 14 chars long, more than that it becomes nearly impossible and it would be insanely ultra time consuming on a super computer.

Anyways I have just finished an article on recovering an unbootable Windows system, recovering data and user passwords without the need to touch any user account on the system. Also it describes an easy way to reset users passwords, offline (that means outside the operating system), I have also recommended some nice tools like file manager with NTFS read support & ability to load drivers to support keyboard, mouse, cd rom drive, USB, floppy, etc... and tools to recover deleted data/files. Besides that, for the ones on a big hurry I provided an easy way to make a pen drive, bootable, boot from it and save data from an NTFS partition with a single command line. This goes for any disk formatted with the NTFS file system not only Windows. If you are interested let me know because currently file upload has been disabled here so I have to upload for u somewhere else. I am providing not only the article itself but some files that will be needed upon creating bootable floppy / pen drive, including a needed floppy image as computers nowadays dont come with a floppy drive.
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!

#6 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 14 December 2009 - 12:12 PM

...so just to make it clear...

you do not need to crack an user account password to gain admin privileges over the system and upon having admin privileges you can reset any user password using eg. computer management console without knowing the password. so unless you really want the password or need because of eg. files encrypted with the Windows EFS (which I think u can access with the NT AUTHORITY\SYSTEM and *theoretically* with a new account that has the same name of the user account u used for encrypting the files plus the exact same SID).
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!

#7 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 14 December 2009 - 08:09 PM

Edu - When will you release this paper you keep speaking of?? :P But on the topic, I have an inkling suspicion he doesn't want to reset passwords, he wants to crack them... for the purposes of good of course!
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#8 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 15 December 2009 - 12:16 PM

Hmm file uploads are temporarily disabled. I can post on rapidshit with a password and give you or send it to your e-mail, whatever you prefer. just let me know. It is a zip archive with the article in RTF format + some required files.

cheers.
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!

#9 goldeneye123454321

goldeneye123454321

    Private

  • Members
  • 8 posts

Posted 07 January 2010 - 11:02 AM

Yeah guys, I need to crack not reset. People come to me to have their passwords recovered and what not. The same goes for the encrypted files.
and Edu, what is the zip you are talking about?

#10 Marts McFly

Marts McFly

    Global Moderator

  • Colonel
  • 591 posts

Posted 07 January 2010 - 01:01 PM

Yeah guys, I need to crack not reset. People come to me to have their passwords recovered and what not. The same goes for the encrypted files.
and Edu, what is the zip you are talking about?


Then use one of the methods we mentioned. You need to obtain the hashes from a PC first, then run them through a cracking program (unless you use a bootdisk). You can't crack passwords from the Login In screen.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#11 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 08 January 2010 - 09:48 AM

Yeah guys, I need to crack not reset. People come to me to have their passwords recovered and what not. The same goes for the encrypted files.
and Edu, what is the zip you are talking about?

Also when you're getting the hashes from the SAM, be sure to check if there are LM hashes. They are far more easier to crack. If you need to do this frequently rainbowtables are the way to go.
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#12 Juno

Juno

    Specialist

  • Sergeant Major
  • 142 posts

Posted 31 March 2010 - 07:26 AM

NTPasswd does work pretty well, but as the OP mentioned, it sounds like he's only interested in cracking passwords, not resetting them.

The techniques Trajik posted are pretty good - try those. I'd prefer to boot off a linux liveCD (such as backtrack), mount the filesystem, and copy the SAM file onto a thumbdrive. From there, you're halfway done. Pick any number of password cracking programs, and go to town (though for speed, I'd recommend using rainbowtables first before trying to bruteforce the hashes).

-J
Hacking The Everyday - My blog blabberings about life, computer security, and everything in-between.
Don't forget to Read the Rules before you post!

#13 infiltrator

infiltrator

    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 26 April 2010 - 11:54 PM

Yeah guys, I need to crack not reset. People come to me to have their passwords recovered and what not. The same goes for the encrypted files.
and Edu, what is the zip you are talking about?


First off use PwDump to extract the hashes out of your windows machine.
Secondly once you have extracted the hashes, you could use a program like Rcrack.exe to crack the hash.
Be aware that Rcrack.exe uses rainbow tables, so you will need to download the tables from http://www.freerainbowtables.com/ or you could generate your own tables using Winrtgen.

If you want something simple and easy to use, you could head over to http://ophcrack.sour....net/tables.php and download the live CD of OPHCrack.

#14 netcomm

netcomm

    Specialist

  • Members
  • 121 posts

Posted 30 July 2010 - 04:53 PM

I recall some time ago there were a few rainbow table frontend webpages kicking around, that obviously were just scripts that ran the tables on a remote box.. very handy as there is no need to take up room and download..

Know if there are still any?

In terms of physical access i use to use SAMdump with a usb *nix distro in conjunction with the online table, which is basicly the same method mentioned above.

And remotly, i use to Ipcscan.exe(netbios) and dameware once the admin password was cracked which is basicly redundant.

FYI bt4 = g0d!

Peace

#15 Juno

Juno

    Specialist

  • Sergeant Major
  • 142 posts

Posted 02 August 2010 - 05:40 AM

These may be able to offer what you're looking for:

http://www.plain-text.info/index/
http://www.lmcrack.com/
http://www.freerainbowtables.com/

Cheers,
-J
Hacking The Everyday - My blog blabberings about life, computer security, and everything in-between.
Don't forget to Read the Rules before you post!





Also tagged with one or more of these keywords: security, hacking