|
Hacking windows 2000 and XP passwords is really easy... All
ya need is the right tools and the knowledge to use them...
Terms
Used:
Hash: Encrypted passwords that windows uses
DOS: Also reffered as command prompt.. To open go to run
and type command
Sam: The File That contains the passwords in encrypted form
Tools
needed:
Minimum requirements
Computer-- Yeah Du
Understanding on how to use DOS
John The Ripper ( Can be found at any good hacking site )
Pwdump2 ( Same as Above. )
Maximum Requirements
Computer
L0phtcrack 3.0 or above ( Runs about $100+. Not Really good
for a hacker on a budget)
Quick
Overview Of Tools
L0phtcrack: A nice GUI windows 2000-XP cracker made by
l0pht. ( Costs $$)
John The Ripper: A command prompt tool used to crack
passwords. (Free)
Pwdump2: A tool used to extract hashes from the protected
sam file. ( Free )
Using
Pwdump2
Pwdump2 is a hash retrieval program that runs in DOS. The
sam file is normally protected by windows and will not
allow you to copy it or open it under any circumstance.
Pwdump2 provides a quick and easy way to obtain the hashes.
Some other ways of obtaining the hashes is to boot to a
separate operating system and recover them..
Below is a simulation of what you should do.. We are
assuming the pwdump2 is in the c: drive and the folder. It
is also taken place in the DOS ( Command Prompt ).
First We Go To The Folder
c:cd pwdump2
Now We Are In The Folder
c:pwdump2
Now we are going to run the program and see the print out.
c:pwdump2pwdump2
Administrator:500:f22487de2f1sdaw0aad3b435b51404ee:d0c3985a7dsawq190d8b04c061c3e:::
Guest:501:aad3b435b51404eeaad3asdwb51404ee:31d6cfsdaw16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:158dbeae7e5dasf9a2515e837c97827:9cfec91asdwdb011860fa38166da9eaa1:::
You:1003:8c96188dd805daf3aaddas251404ee:96ce08a2c2dsa0296c8e673506d763d9:::
These Are Not Actual Hashes.
We see in the first part the name of the user ( Username )
Then followed by the hashes and other information. ( Ya
dont need to know anything about this. )
Now we will save the sam file to the c: direcotry as a
regular text file.
c:pwdump2pwdump2 > c:Pass.txt
c:pwdump2
It will not print out anything but it will save the file as
pass.txt to the c: directory.
Using
John The Ripper
John the Ripper will also be used in the command prompt.
John the Ripper is a cracker that can either use brute for
or dictionary attacks.
I will now show you how to use John The Ripper. We assume
that John the Ripper is located in c:John and that the
hashes from pwdump2 are located on the c: drive with the
filename pass.txt. At the end of this section there is a
list of options you can use with John the Ripper.
We First Go From the c: to the john folder where John The
Ripper is located.
c:cd john
c:john
Now we run the program in brute force mode.
c:johnjohn.exe -i:all c:pass.txt
Loaded 3 passwords with no different salts <NT LM DES
[24/32 4K]>
The hashes are loaded and it is now cracking them..
If ya get bored and would like to see the progress then
just hit esc key and it will print out something like this.
guesses: 0 time: 0:00:00:30 c/s: 218534 trying: LYLB - BMWH
Hitting esc again lets you view the status of the crack.
Options
All options can be put at the end of the exe with a -
proceding them.
-i: = Incremental.. This can be used with the following
commands..
alpha: Letters only..
digits: Digits Only
all: All characters
Example: c:John.exe -i:digits c:pass.txt
To View All Options just hit john.exe with no options or
passwords loaded and it will list them all out.
Using
L0phtcrack
This will not be a complete detailed tutorial of L0phtcrack
but it will let you understand the basics. I will be using
L0phtcrack 2.52 since i dont have the money to purchase the
new one.. Got this one about a year ago and I still think
you can purchase it.
First off this program is really much like john the ripper
but with some added features and a nice gui interface.
The
added features are:
SMB capture ( Captures Hashes over a network )
Registry Dump ( Dumps hashes from registry )
Ability to completly hide it from the desktop
Importing hashes from a file
Ok lets start with the previous hashes we got from pwdump2.
First we go to file then import passwords from file.. Then
select the file with the password hashes.
File>Open Passwords From File>c:>pass.txt>Open
Now you should see the hashes in the windows below. To
crack press F4 or hit tools and run crack.
Dump passwords from registry
Go to tools then dump passwords from registry.
Tools>Dump Passwords From Registry>
SMB Capture
Go to tools and select SMB capture. It will now monitor the
network for hashes being sent for remote login or other
password req. services.
Tools>SMB Capture>
When it finds on it will be listed. ( It wont work with my
network card so I cant help you with anything past that )
Options
Go to tools then options at the bottom.
There are a couple of options.
Lanman and Ntlm are the hashes you want the dictionary
attack to take place against.
Brute Force lets you turn it off or on by selecting or
deselecting the enabled button.
The character set allows you to select the characters to
use when brute force.
Last
Words:
Thank you for reading my tutorial written by me. I give you
full permission to distribute this tutorial to anyone you
wish as long as the credits and body of the tutorial stay
unchanged and intact. Any questions you have should be
voiced on forums like blackcode.com etc.. and i will review
them.. My codenames are -=Moses=- ( Blackcode and some
video games) 13110 ( Code Name for some sites ) and Clash..
Remeber that people might Remembero be me ( Have No Idea
Why But Ive Seen It Happen Maybe 2 Times )
Disclaimer:
I do not promote hacking or cracking. I do not also claim
responsibility for the way any of the programs act. I also
do not claim them to be my own. L0phtcrack is owned by L0pht
and is avalible for purchase fromavaliableom. Pwdump2 and
John the Ripper are avalible for download on tavaliablenet.
TRY GOOGLE.COM, BLACKCODE.COM.
Credits
Created June 17 2002 By -=Moses=-
Well this is where i am supposed to give credits to anyone
who helped me..
Me: For Writting the Tutorial
Blackcode.com: For entertaining me when i was bored
Astalavista.com: For Providing a wealth of tutorials. |