Re: LophtCrack and SAM Passwd

From: killy (killfactory@gmail.com)
Date: Wed Dec 20 2006 - 22:38:35 EST

• Next message: kapil assudani: "Port 1443"
• Previous message: Adam: "How much entropy in a web app session ID?"
• In reply to: Justin Lintz: "Re: LophtCrack and SAM Passwd"
• Next in thread: Brendan Dolan-Gavitt: "Re: LophtCrack and SAM Passwd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I agree with Justin, try to use the offline registry editor and clear
the password.

It only takes a few minutes to crack an alphanumeric with Rainbow
tables, but it takes a while to generate the tables.

If ths system was compromised and the passwords were changed, they may
be stronger than alpha numeric.

It ounds like someone wan't trying to be to stealthy, if they changed
your passwords instead of creating a stealthy account.

What are you loking for that you cant find on the drive without logging in?

On 12/20/06, Justin Lintz <jlintz@gmail.com> wrote:
> Take a look at chntpw (http://home.eunet.no/pnordahl/ntpasswd/) and
> create a bootdisk with it on it. You can then just reset the pw and
> take a look around.
>
> On 12/20/06, Jerome Athias <jerome.athias@free.fr> wrote:
> > Hi,
> >
> > ophcrack is the faster (soft) way to do this
> > rainbowcrack is the second alternative (
> > http://www.freerainbowtables.com could help ;-))
> >
> > Good luck
> >
> > William Woodhams a écrit :
> > > I have a system that recently got hacked and the passwords on the
> > > machine were compromised. I want to get back into this system for
> > > forensic reasons. Unfortunately when I dumped the SAM file and tried
> > > cracking it with LophtCrack nothing worked. I ran it for a good 10
> > > hours with no success on any account. I was thinking maybe my word list
> > > was not big enough. So the questions are:
> > >
> > > A. Anyone have any good sources for large word lists?
> > > B. Any other application for cracking SAM's that I have not thought of?
> > > I have ran it through a couple smaller security apps (names escape me at
> > > the moment.)
> > >
> > > Thanks,
> > >
> > > Bill Woodhams
> > >
> > >
> > >
> >
>
>
> --
> - Justin Lintz
>

-- 
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

• Next message: kapil assudani: "Port 1443"
• Previous message: Adam: "How much entropy in a web app session ID?"
• In reply to: Justin Lintz: "Re: LophtCrack and SAM Passwd"
• Next in thread: Brendan Dolan-Gavitt: "Re: LophtCrack and SAM Passwd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:29 EDT