Windows Vista Passw...
 
Notifications
Clear all

Windows Vista Password Recovery  

  RSS
workneverends
(@workneverends)
Junior Member

I am doing a forensic exam using EnCase and trying to recover user's password for Windows Vista. Can anybody send me in the right direction please? Thanks.

Quote
Posted : 16/12/2010 9:06 pm
HexDrugsRockNRoll
(@hexdrugsrocknroll)
Member

Here's a great guide

http//thedigitalstandard.blogspot.com/2010/05/crack-lacka.html

You'll need to download some free tables (with the opportunity to purchase more comprehensive ones - however the freebies have worked 95% of the time for me), and a couple of programs, but then you're ready to rock and roll.

Hope this helps.

ReplyQuote
Posted : 16/12/2010 9:17 pm
dan0841
(@dan0841)
Member

It depends on the complexity of the passwords. 2 tools which are free

1)Oph Crack - Just extract the SAM and SYSTEM hive files and run OphCrack - some of the tables are free.

http//ophcrack.sourceforge.net/

If the password is more complex use Ophcrack to get the NT Hash and use

2)rcrack - You'll need to download the NTLM rainbow tables though.

http//www.freerainbowtables.com/en/download/

ReplyQuote
Posted : 16/12/2010 9:18 pm
jgarcia
(@jgarcia)
Junior Member

You could just download and run the Ophcrack LiveCD for Win Vista & boot the machine from the CD. Then follow the onscreen instructions.

Good Luck!

ReplyQuote
Posted : 17/12/2010 3:48 am
DangerMouse
(@dangermouse)
New Member

You could just download and run the Ophcrack LiveCD for Win Vista & boot the machine from the CD. Then follow the onscreen instructions.

+1. Did this the other day at work and it worked well. Also works for Win7

ReplyQuote
Posted : 17/12/2010 5:57 am
Xennith
(@xennith)
Active Member

My tool of choice at the moment is Cain (http//www.oxid.it/cain.html) and a dictionary file. Theres a load of other great crackers out there like John the ripper, etc so find one you like.

Most rainbow tables only cover part of the search space, you cant rely on just them to get everything for you, you need to learn how to apply a brute force or dictionary attack when its called for, and how to get hints about what the password is likely to be. Saved passwords on the machine are great for this kind of thing, does the user tend to use his birthyear at the end of a dictionary word? That kind of thing.

ReplyQuote
Posted : 17/12/2010 4:30 pm
Share: