So, forgot your password eh? Sure you could reset it, but why not crack it, it can be just as fast.
This tutorial will enable you to create a USB Pen drive with Ubuntu on it along with tools for cracking windows passwords.
Step 1: Download Ubuntu from http://www.ubuntu.com/getubuntu/download (Get version 8.10 - it includes a tool for creating USB bootable versions of Ubuntu).
Step 2: Burn the ISO to a CD/DVD.
Step 3: Reboot your computer with the burned CD/DVD in and boot from it (May require configuration of your BIOS to boot from the CD/DVD)
Step 4: Plug in your USB pen drive (1GB+)
Step 5: System > Administration > Create a USB startup disk
Step 6: Fill in all the crap to your liking.
Step 7: Hit "Make Startup Disk"
Step 8: Reboot, when prompted remove the CD but not the pen drive.
Step 9: You should of now booted into Ubuntu from the pen drive, if not, insure the configuration of the BIOS allows booting from "USB-HDD" or it may be listed as a hard drive in itself.
Step 10: Download ophcrack and table(s) from http://ophcrack.sourceforge.net/ Depending on how much space you have and what OS you are intending on cracking you may want to select one or multiple tables. I am assuming you have downloaded it to your ubuntu desktop.
Step 11: Extract the ophcrack files. Double click on the file you just downloaded to the desktop and extract the files to the desktop. Additionally extract the table(s) you downloaded to the desktop.
Step 12: Install GNU Make. This is requires to compile the source code. Goto System > Administration > Synaptic Package Manager. In the search box type "make" and scroll down a bit until you find the package called, simply, make and click the check box next to it and select mark for installation. Hit the apply button and the top and agree to any dependency installation, etc.
Step 12: Compile ophcrack (Easier to compile it without a GUI):
Applications > Accessories > Terminal
Type the following commands:
cd Desktop
cd ophcrack-3.0.1 (At the time of writing this was the latest version of ophcrack)
sudo su
./configure --disable-gui
make
make install
Step 13: You're ready to go!
Cracking passwords
Insert the USB stick into thevictimscomputer and start her up. Most PCs should just boot from the USB stick automatically. If not look for a option to enter the boot menu and select the USB stick from there. Failing that enter the BIOS and configure it to boot from the USB stick.
Click Places > Computer and on the left hand side select the hard drive of the actual computer (NTFS is supported by default). Goto: Windows -> system32 and copy the contents of the config folder to the desktop.
Now, at this point you have a number of options. If time is running short and you want to do the cracking at another computer and come back at a later date you can shutdown and take the stick with you. However, if you have a few minutes to spare you can do the cracking on the PC you are trying to recover the passwords of.
Fire up a terminal window: Applications > Accessories > Terminal.
Type the following command:
ophcrack -g -d /home/ubuntu/Desktop -t tables_xp_free_small -w /home/ubuntu/Desktop/config -n 4
Explanation of command:
-g
This starts it without a GUI (We don't have it installed so...)
-d /home/ubuntu/Desktop
We are telling ophcrack that the tables we have downloaded are located on the desktop
-t tables_xp_free_small
The name of the table(s) we wish to use. To add more, separate their names with a colon (The name is just the name of the folder)
-w /home/ubuntu/Desktop/config
This is just the location of something called the SAM file that we copied over earlier. In this folder are the hashed passwords.
-n 4
We are telling the software to use all 4 tables here. More tables = Higher success rate. Less tables = Faster cracking time.
Result (Last password gives you an idea of how complex of passwords it can crack):
This was done on a live Windows XP Professional system using the small XP tables.
Results 1 to 10 of 10
-
HOWTO: Crack Windows Passwords [Educational Use Only]
-
Haha just as I was explaining to mum that Windows passwords aren't secure
:8
Originally Posted by Chippiewill
-
Sweet. At last I can get on my brother's computer to install SP3..
-
10-11-2008, 02:31 AM #4
Or with XP (this has always worked for me, it may not work depending on what version you have, or whether or not Administrator has a password) when booting press F8 and go into safe mode, the administrator account will be on the welcome screen.
I'm not crazy, ask my toaster.
-
You can login to the administrator account without going into safe mode and if you use the welcome screen. At the welcome screen press ctrl+alt+del and you get the normal login prompt where you can login as administrator.
Since the administrator account should always have a password or be disabled then this is not a viable alternative and it not in the scope of this thread.
Originally Posted by HotelUser
-
10-11-2008, 11:28 AM #6
It's not always the case where the administrator account is disabled or password protected. Many people wont bother doing either. I already said it's not a guarantee, but it's a lot faster then downloading and burning Ubuntu. Originally Posted by Tomm
I'm not crazy, ask my toaster.
-
Vista has a password reset option is you forget your password, also most people wont know about the administrator account, making it very easy to gain control of any computer.
the downloading ubuntu thing would take ages
-
The reset password feature in Vista needs a password disk.
:8 Originally Posted by Chippiewill
-
Additionally resetting the password alerts the user that their system has been compromised when they find that they can't login
-
10-11-2008, 07:05 PM #10
HOWTO: Crack Windows Passwords [Educational Use Only] Originally Posted by Tomm
Additionally resetting the password alerts the user that their system has been compromised when they find that they can't login
I'm not crazy, ask my toaster.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts