Method 1.
Hack or Crack a Windows XP Administrator Password Using OphCrack
he tool we’ll be using is called Ophcrack, an open-source password cracker. The technology it uses to break Windows passwords is called “rainbow tables” and was described by Philippe Oechslin in Making a Faster Cryptanalytic Time-Memory Trade-Off. A rough way to describe this technique is to say that tables of possible hashes are precomputed so that you can iteratively compare the windows hashes to precomputed bits and piece together the hash and its value more quickly than brute-force guessing. Please note that federal law prohibits the possession of unauthorized access codes to computer systems. If you want to try cracking passwords, please obtain hashes from your own machine, or use the example hashes I provide here.1) Setting up shop
The first thing you need is the software and rainbow table sets. You can download Ophcrack 2.2 from Sourceforge, and then browse to LASEC to download the SSTIC04-5k rainbow table. You’ll need a significant amount of memory to load this rainbow table. If you have less than 1 GB of RAM, try the smaller table.
The installation of Ophcrack 2.2 should go smoothly. Make sure you choose to download the tables seperately:
You’ll notice a lot of GTK* files being installed–that’s nothing to worry about. GTK is the Graphical Tool Kit, a way for linux programs to create graphical interfaces.
2) Dude, where’s my hash?
Now that you’ve got Ophcrack and rainbow tables installed, you’ll need hashes. There are three places to find them on Windows XP:
- In the folder C:\windows\system32\config. This folder is locked to all accounts (including an Administrator account) while running, except the special System account.
- In a SAM file from C:\windows\repair if rdisk has ever run
- In the registry, under HKEY_LOCAL_MACHINESAM, which is locked to all accounts
- Boot to linux and copy the file directly from C:\windows\system32\config. This is probably too troublesome for most users, but with a liveCD it’s trivial.
- Run pwdump2, including in Ophcrack, to trick out the registry values. If you didn’t change any settings, it should be installed in C:\Program Files\ophcrack\win32_tools. Here’s an example session from the command line (start, run, type “cmd” and hit enter):
C:\Documents and Settings\Elliott Back>cd “C:\Program Files\ophcrack\win32_tools”Naturally, I’ve censored the hashes and the number of users. If you’d like some hashes to play with, here are hashes for users with passwords varying from length from 1 to 7 characters long: test-hashes.txt.
C:\Program Files\ophcrack\win32_tools>pwdump2
Administrator:499:aabbcc:3311dd:::
Elliott Back:234:aabbcc:3311dd:::
C:\Program Files\ophcrack\win32_tools>
3) Let’s get cracking!
Hashes in hand, start up Ophcrack:
Then click “load, PWDump file,” and select either the hashes you got from pwdump2, my sample hash file, or some other source of SAM hashes:
The last thing we need to do is load our rainbow tables. Click “Tables” and select the location and type of rainbow hash table you’re using, in our case the 5k tables:
Now you can click the big “Launch” button and wait. It will first load the tables (0-3 in my case) into memory, a process that takes several minutes. When this is complete, it will begin trying passwords:
The final screen gives a breakdown on how long it takes to actually find these passwords–some of which are quite hard:
All in all, it took 178 seconds on average to crack a windows password–only 3 minutes per hash! In the process it performed 89,030,630 hash-redux calculations and 199,548 fseek operations. It also couldn’t find the password for one of the hashes, which is to be expected. Rainbow tables are non-deterministic and won’t always work. Still, our success rate of 6/7 or 86% is high.
Conclusion
Now you know how to crack windows passwords. When is this a good idea?
- When you buy a computer on Ebay and the owner forgets to give you an Admin account
- When you forget your password
- When a friend forgets their password
- When the security of the country is in danger
- When you buy a computer from government surpluss and want to find its secrets
- When you want to hack up your friends
- When your little sister’s account is too tempting
- When you go visit your girlfriend’s dorm room
CLICK HERE TO DOWNLOAD
Method 2.
Recover All Windows Password including Vista with Login Recovery
Login Recovery is a Online service that can help you to recover your Windows Password including Windows Vista.There are three steps Involved
- Download the Login Recovery Software extraction program to create a bootable floppy disk to read the password file.
(click here for a CD version) - Insert the disk into the computer you wish to recover passwords from and boot the computer to extract the encrypted passwords to the disk.
- Put the disk into an Internet enabled computer, and upload the encrypted password file for decryption. (see uploads page)
No comments:
Post a Comment