A quick and dirty Windows password recovery
Boot the Backtrack CD.
Change dir to your Windows mount point:
# cd /mnt/hda2/WINDOWS/system32/config
Copy the SAM and the system Registry hive to the temp dir:
# cp SAM /tmp
# cp system /tmp
Prepare our wordlist:
# cd /pentest/password/dictionaries/
# gunzip -c wordlist.txt.Z > /tmp/words.txt
# cd /tmp
As the Windows hashes (in the SAM file) are encrypted, we need this key (called bootkey) to decrypt the SAM hashes:
# bkhive system key
Now we can dump the password hashes out of the SAM file:
# samdump2 SAM key > /tmp/hashes.txt
Lets crack those hashes... the easiest way would be, if the password is in the wordlist, we use john for this case:
# john -w=words.txt -f=NT hashes.txt
No luck? Lets use the brute force method:
# john --incremental:all -f=NT hashes.txt
If this takes too long you could use ophcrack. This tool uses rainbow tables and should crack your hashes in a few seconds, but you need to download those rainbow tables (350mb or 700mb or you can generate them yourself) which are not included on the Backtrack cd (for a obvious reason...). Or you can use the oph online cracker, which should be quite fast.
Twits
- I think that my neighbor speaks super loud on the phone so she can get an office. can I get earplugs? 4 days ago
- Waiting... (@ Toronto East General Hospital) http://t.co/F6JUyNig 1 week ago
- Not sure I like the noisy and crowdy ambiance but the food and service is just awesome... I must go ahead but not o... http://t.co/4u31XOfT 1 week ago
- Not sure why it used to be much better...it was not what we order trying to make veal as beef?! Services was not ev... http://t.co/vQIijnPi 1 week ago
- I'm at Future Bakery & Café (483 Bloor St W, at Brunswick Ave., Toronto) http://t.co/0IwmUxyF 1 week ago
ING Direct Referal
Blogroll
Follow me
Jp
- ののちゃんのDO科学
- dictionnaire-japonais
- Jetaa Toronto
- Nihongo Juku
- Pera Pera Penguin
- SmartImports
- SpeedAnki
- WhiteRabbit
- 大人の漢字クイズ
KitKatNeko