Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Cracking Passwords Guide

Cracking Passwords Guide



|Views: 108,825|Likes:
Published by Korben

More info:

Published by: Korben on Jul 12, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Cracking Passwords Version 1.1
by: J. Dravet
February 15, 2010Abstract
This document is for people who want to learn to the how and why of password cracking. There isa lot of information being presented and you should READ IT ALL BEFORE you attempteddoing anything documented here. I do my best to provide step by step instructions along with thereasons for doing it this way. Other times I will point to a particular website where you find theinformation. In those cases someone else has done what I attempting and did a good or great joband I did not want to steal their hard work. These instructions have several excerpts from acombination of posts from pureh@te, granger53, irongeek, PrairieFire, RaginRob, stasik, andSolar Designer. I would also like to thank each of them and others for the help they have providedme on the BackTrack forum.I will cover both getting the SAM from inside windows and from the BackTrack CD, DVD, or USB flash drive. The SAM is the Security Accounts Manager database where local usernames and passwords are stored. For legal purposes I am using my own system for this article. The first stepis to get a copy of pwdump. You can choose one fromhttp://en.wikipedia.org/wiki/Pwdump.Update: I used to use pwdump7 to dump my passwords, however I have come across a new utilitycalled fgdump fromhttp://www.foofus.net/fizzgig/fgdump/This new utility will dump passwordsfrom clients and Active Directory (Windows 2000 and 2003 for sure, not sure about Windows2008) where pwdump7 only dumps client passwords. I have included a sample hash.txt that hassimple passwords and should be cracked very easily. NOTE: Some anti-virus software packagesflag pwdump* and fgdump as trojan horse programs or some other unwanted program. If necessary, you can add an exclusion for fgdump and/or pwdump to your anti-virus package so itwon't flag them. However it is better for the community if you contact your anti-virus vendor andask them to not flag the tool as a virus/malware/trojan horse.You can find the latest version of this document athttp://www.backtrack-linux.org/
1LM vs. NTLM2Syskey3Cracking Windows Passwords3.1Extracting the hashes from the Windows SAM3.1.1Using BackTrack Tools3.1.1.1Using bkhive and samdump v1.1.1 (BT2 and BT3) samdump2 v2.0.1 (BT4) Credentials3.1.2Using Windows Tools3.1.2.1Using fgdump3.1.2.2Using gsecdump
Cracking Passwords Version 1.1file:///D:/password10.html1 of 452/15/2010 3:48 PM pwdump73.1.2.4Cached Credentials3.2Extracting the hashes from the Windows SAM remotely3.2.1Using BackTrack Tools3.2.1.1ettercap3.2.2Using Windows Tools3.2.2.1Using fgdump3.3Cracking Windows Passwords3.3.1Using BackTrack Tools3.3.1.1John the Ripper BT3 and BT43. the LM hash3. the NTLM hash3. the NTLM using the cracked LM hash3. cached credentials3.3.1.2John the Ripper - current3. and Compile3. the LM hash3. the LM hash using known letter(s) in known location(s) (knownforce) the NTLM hash3. the NTLM hash using the cracked LM hash (dumbforce) cached credentials3.3.1.3Using MDCrack the LM hash3. the NTLM hash3. the NTLM hash using the cracked LM hash3.3.1.4Using Ophcrack the LM hash3. the NTLM hash3. the NTLM hash using the cracked LM hash3.3.2Using Windows Tools3.3.2.1John the Ripper the LM hash3. the NTLM hash3. the NTLM hash using the cracked LM hash3. cached credentials3.3.2.2Using MDCrack the LM hash3. the NTLM hash3. the NTLM hash using the cracked LM hash3.3.2.3Using Ophcrack the LM hash3. the NTLM hash3. the NTLM hash using the cracked LM hash3.3.2.4Using Cain and Abel3.3.3Using a Live CD3.3.3.1Ophcrack 4.Changing Windows Passwords4.1Changing Local User Passwords4.1.1Using BackTrack Tools4.1.1.1chntpw4.1.2Using a Live CD
Cracking Passwords Version 1.1file:///D:/password10.html2 of 452/15/2010 3:48 PM Rescue CD4.2Changing Active Directory Passwords5 plain-text.info6Cracking Novell NetWare Passwords7Cracking Linux/Unix Passwords8Cracking networking equipment passwords8.1Using BackTrack tools8.1.1Using Hydra8.1.2Using Xhydra8.1.3Using Medusa8.1.4Using John the Ripper to crack a Cisco hash8.2Using Windows tools8.2.1Using Brutus9Cracking Applications9.1Cracking Oracle 11g (sha1)9.2Cracking Oracle passwords over the wire9.3Cracking Office passwords9.4Cracking tar passwords9.5Cracking zip passwords9.6Cracking pdf passwords10Wordlists aka Dictionary attack 10.1Using John the Ripper to generate a wordlist10.2Configuring John the Ripper to use a wordlist10.3Using crunch to generate a wordlist10.4Generate a wordlist from a textfile or website10.5Using premade wordlists10.6Other wordlist generators10.7Manipulating your wordlist11Rainbow Tables11.1What are they?11.2Generating your own11.2.1rcrack - obsolete but works11.2.2rcracki11.2.3rcracki - boinc client11.2.4Generating a rainbow table11.3WEP cracking11.4WPA-PSK 11.4.1airolib11.4.2 pyrit12Distributed Password cracking12.1 john12.2medussa (not a typo this is not medusa)13using a GPU13.1cuda - nvidia13.2stream - ati14example hash.txt
1 LM vs. NTLM
The LM hash is the old style hash used in MS operating systems before NT 3.1. It converts the password to
Cracking Passwords Version 1.1file:///D:/password10.html3 of 452/15/2010 3:48 PM

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->