Re: LophtCrack and SAM Passwd

From: Brendan Dolan-Gavitt (mooyix@gmail.com)
Date: Wed Dec 20 2006 - 09:37:05 EST


More specifically: the hashes were likely encrypted with syskey
(turned on by default in Win2k/XP IIRC). Go get bkhive and samdump2
(also available for linux!) to get the actual hashes, and then make
short work of them with ophcrack or RainbowCrack. If the passwords are
alphanumeric, you should be able to do this in about 5 minutes total,
including pulling the SYSTEM and SAM hives :)

On 12/20/06, Jerome Athias <jerome.athias@free.fr> wrote:
> Hi,
>
> ophcrack is the faster (soft) way to do this
> rainbowcrack is the second alternative (
> http://www.freerainbowtables.com could help ;-))
>
> Good luck
>
> William Woodhams a écrit :
> > I have a system that recently got hacked and the passwords on the
> > machine were compromised. I want to get back into this system for
> > forensic reasons. Unfortunately when I dumped the SAM file and tried
> > cracking it with LophtCrack nothing worked. I ran it for a good 10
> > hours with no success on any account. I was thinking maybe my word list
> > was not big enough. So the questions are:
> >
> > A. Anyone have any good sources for large word lists?
> > B. Any other application for cracking SAM's that I have not thought of?
> > I have ran it through a couple smaller security apps (names escape me at
> > the moment.)
> >
> > Thanks,
> >
> > Bill Woodhams
> >
> >
> >
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:29 EDT