Embed Size (px)
Citation preview
“Dumping and Cracking SAM Hashes to Extract Plaintext Passwords”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
Lab - 1
“Dumping and Cracking SAM Hashes to Extract Plaintext Passwords”
Pwdump7 can be used to dump protected files. You can alwayscopy a used file by executing pwdump7.exe –d c:\lockedfile.datbackup-lockedfile.dat Ophcrack is a free open-source (GPLlicense) program that cracks Windows password by using LMhashes through rainbow tables.
Lab Scenario
The Security Account Manager (SAM) is a database file present onWindows machine that store user account and security decryptorsfor users on local computer. It store user’s password in a hashesformat (in LM hash and NTLM hash). Because a hashes function isone-way, this provide some measure of security for the storage ofthe passwords.
In a system hacking life cycle, attackers generally dumpoperating system password hashes immediately after acompromise a target machine. The password hashes enableattackers to launch a verity of attacks on system, includingpassword cracking, pass the hash, unauthorized access of other..
Lab Scenario
System using the same password, password analysis, and patternrecognition, in order to crack other passwords in the targetenvironment.
You need to have administrator access to dump the contentof the SAM file. Assessment of a password strength is criticalmilestone during your security assessment engagement. You willstart your password assessment with a simple SAM hash dump andrunning it with a hash decryptor to uncover the plaintextpassword.
Lab Objective
The objective of this lab is to help peoples to lean how to;
• Use the pwdump7 tool to extract password hashes.
• Use the Opcrack tool to crack the hash and obtain theplaintext password.
Overview of the Lab
Pwdump7 can be used to dump protected file. You can alwayscopy a used file executing the command pwdump7.exe –dc:\lockedfile.dat backup-lockedfile.dat. Rainbow table for LMhashes of alphanumeric passwords are provided free by thedevelopers. By default, Ophcrack is bundled with table that allowit to crack passwords not longer then 14 characters using onlyalphanumeric characters.
Lab Task 01:- Generate Hashes
• Open the command prompt, and navigate the location thepwdump7 folder. Alternatively you can navigate from the windowsexplorer to the pwdump7 folder and right-click and select openCmd Here.
• Now run the command pwdump7.exe, and press Enter. Thisdisplays all the
Lab Task 01:- Generate Hashes
password hashes as shown in the above screenshot.
• Now, save the hashes in a text file by issuing the commandpwdump.exe >d:\hashes.txt and press Enter, in this commandwe are saving the hashes in the hashes.txt file in the D:\ drive.
• Now, open the D:\ drive and locate the hashes.txt and double-click to open the
Lab Task 02:- Install Ophcrack
• Navigate to the directory you have saved the setup od Ophcrackand double-click on the ophcrack-win32-installer-3.6.0.exe,to install the Ophcrack. You can also download the Ophcrackfrom the www.Ophcrack.sourceforge.net.
• Ophcrack installation window opens, click next to install theapplication.
Lab Task 02:- Install Ophcrack
• In the choose components section, uncheck all the options,and click Next
Lab Task 03:- Task 03:- Crack the Password
• On completion the installationopen the application from theApps screen . The Ophcrackmain window appears as shownin the screenshot.
Lab Task 03:- Task 03:- Crack the Password
Click the Load menu and selectPWDUMP file. The Open PWDUMP filewindow appears. Browse the D:\ andselect the hashes.txt which has beencreated through Pwdump7, and clickOpen.
Lab Task 03:- Task 03:- Crack the Password
• The hashes are loaded in the Ophcrack under the NT Hashcolumn. Now, click on the Table menu, the Table Selectionwindow appear, select Vista free and click Install.
Note:- to install the Tables you need to download the tables from the internet,you can download the table from http://Ophcrack.sourceforge.net/tables.php.
• The Select the directory which contains the tables windowappears, brown the location where the table has beendownloaded or stored. Select the folder in which the tables arestored and click Select Folder.
Lab Task 03:- Task 03:- Crack the Password
This tables_vist_free is a pre-computed tables for reversingcryptographic hash functions andrecovering a plaintext password up toa certain length.
The selected table_vista_free isinstalled under the name Vista free,which is represented by a greencolored bullet. Select the table andclick OK.
Lab Task 03:- Task 03:- Crack the Password
• Click Crack on the menubar. Ophcrack begin tocrack the passwords.
• The cracked password aredisplayed in the plaintextas in the below screenshot.
Lab Analysis
We have analyze the password hashes gathered during this lab, andfigured out what the password was.
Tool/Utility Information Collected/Objectives Achieved
Pwdump7Ophcrack
IP Address Range/target:- Windows 8.1 machineScan Result:-
•Generate the user password Hashes
•Crack the password in the plaintext
Feedback
Thanks for reading this presentation
Please give us your feedback at
Your feedback is most valuable for us for improving the presentation
You can also suggest the topic on which you want the presentation
Website: www.prohackers.in
FB page: www.facebook.com/theprohackers2017
Join FB Group: www.facebook.com/groups/group.prohackers/
Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A
