command and softwar...
 
Notifications
Clear all

command and software to crack windows user's password

22 Posts
6 Users
0 Reactions
5,516 Views
chinigami
(@chinigami)
Active Member
Joined: 18 years ago
Posts: 17
Topic starter  

just another thing,when i use bkhive i have always the same error message
error in opening hive file ? ?what can be the problem with hive file ?
and also i want to ask how can i use sam file(find in repair directory under win2000), it doesn't contain all the hashes of the passwords but only the default one of the system that have been created while unstalling the operating systemadministrator and guest.so how can i update the backup sam file in the repair directory to make it contain all the hashs of all users passwords?
thanks


   
ReplyQuote
azrael
(@azrael)
Honorable Member
Joined: 19 years ago
Posts: 656
 

but i want to ask how could a person crack an admin password without using a live cd(using only tools) ? ? and why pwdump2,samdump and bkhive aren't working under guest account ? ?
thanks

Going backwards … All of the utilities rely upon a certain level of access to the Windows system to extract the data, as a guest you don't have this pre-requisite level of access -(

The act of cracking the password is secondary, the thing that you need to concentrate on is getting sufficent access rights to be able to use any of the above utilities to extract the passwords to crack in the first place. In order to do this, on your target machine you will need to find a way to run any of the above as, for example, a user with administrative rights.

In order to do this, you will need to find a way of elevating the privledges that are granted to the Guest user. You are going to need to find an exploit that allows you to do this, and this could be any one of a great many depending on what software is installed, what patch level it is at, what protection is running etc. Try http//www.packetstormsecurity.org for a relatively up-to-date list of potential exploits.

You are either going to have to pretend to be a ScriptKiddie and download a pre-coded exploit ( can't help you on this one I'm afraid ) or code one up yourself. There are reasonable resources on the net that will help you to do either - that is the nature of it -).

You shouldn't have a problem compromising a machine using Metasploit and a virtual network though - so this might be a better solution for you. In my opinion ( and it is only my opinion - not backed up by anything really … ) this is the more likely scenario anyway - a remote hack, rather than a local.

I've never tried to see if you can run Metasploit against the machine that it is running on … I guess that there may be a theoretical chance that might work … Something to play with over the weekend there 😉


   
ReplyQuote
Page 3 / 3
Share: