It turns out that password cracking is far easier than anyone ever could of thought. As a project I decided to try to get a hold of my fathers password. Heading downstairs to the computer room I realized that I didn't have an administrative account on his computer. Well after ducking around with the command line for a little and with the help of some youtube videos I found a command to make a new Admin. I downloaded pwdump and fgdump along with johntheripper from openwall. Now what goes on with these programs are you use the programs to literally dump the password hashes into a file. Passwords are encrypted either by LM or NTLM hashes. LM if the password is 7 characters or less and NTLM if its over 7 characters. NTLM hashes are just the LM hash plus a NT hash and its generally easier to crack a NTLM hash than a LM. It could be easier to crack a NTLM hash if say your password was 'porkbean' than if it were the LM hash for 'appless'. This is because you'd just crack both the NT and LM hash (respectively) for 'pork' and 'bean' separately which is far easier than cracking 'appless' as a whole. Well after you dump the hashes into a file you can use a number of techniques to crack the hashes but i just navigated to the folder that had johntheripper in it, dragged the dump file into the run folder, then navigated to the run folder on the command line and typed "john-386.exe {name of dumpfile}" and about an hour later i had my dads 9 character (4 numbers, 5 letters) password. Guess that means I get to use his fancy i7 quad-core laptop :)
Evil son now commands the computer!
ReplyDeleteIs it really that easy? Or is it cleaning up the evidence the hard part? Neat stuff tho, following.
ReplyDeleteBad boy! ^.^
ReplyDeleteVery nice. Interesting. Makes me wanna try.
ReplyDeletecool, my sister should be scared now.
ReplyDeletethat's pretty cool
ReplyDeletenice, thnaks for the info! follow back
ReplyDeleteofc its easy. too many people leave their computers open to hackers its not even funny
ReplyDeleteHa ha, True sons break through their father's security to show just how weak it is! I hope you go white hat, if you ever decide to do this permanently.
ReplyDeleteExposing such weaknesses makes people more aware of it. Thankfully. Obtaining someones' password might be very easy...
ReplyDeleteAll my passwords are randomly generated.
ReplyDeletein passwords the weakest link is allwas human error
ReplyDeleteToday the internet, tomorrow, the WORLD! :D
ReplyDeleteWow that sounds pretty cool to be able to do that. Just don't piss him off too much!
ReplyDeleteI realized in XP, if you start up in safe mode, you can get to the REAL Administrator account since most people make a new account & set it to Admin when they install XP instead of using the ACTUAL administrator default.
ReplyDeleteya have a neat blog mmm
ReplyDeletei did this once when we forgot the password to the computer, i thought the world was over lol
ReplyDeletetheres an easier way, there is a way to reset the password word, but Microsoft hides this information as they just recommend "wiping out the drive". found out step by step on a website
Interesting. Useful if I ever need to hack a laptop... don't know when that'll be, though.
ReplyDeleteThis is some interesting stuff. I've got a few tricks up my sleeve too :P
ReplyDeleteLOLz, I'm not the only one who want to hack his dad's computer eh?! But then again, it'd be a waste of time anyway :P
ReplyDeleteI dear. Sounds dangerous and useful at the same time. A friend once told me that you can also boot up from this disk that bypasses that.
ReplyDeleteWow thats pretty crazy, had no idea this was possible. Guess I'm not computer savvy enough haha. Thanks for the info, following.
ReplyDeleteIt's really that easy? I'm glad I use a mac.
ReplyDeleteI don't like passwords. I'm more of a fingerprint kind of guy.
ReplyDeleteHaha. That's dirty. I agree with ^. Fingerprints are the passwords of the future.
ReplyDeleteI have to try it myself allways tought that brute force (i tried on rar files) takes hundreds of hours.
ReplyDelete@kelly macs can be bypassed with simple commands at start up u just hold command s to get a command line
ReplyDeleteMight have to try this
ReplyDeletethats really cool im going to try that sometime, followed too
ReplyDeletehmmm, interesting stuff indeed. I always carry ophcrack and ubuntu-live on my thumb-drive, just in case :)
ReplyDelete>=) I could benefit from this, nice post
ReplyDeleteHmm, I'll keep this in mind, it will come in handy one day :P
ReplyDeletehaha that's funny but a bit naughty. followed for more :)
ReplyDeleteWay to go!
ReplyDeletehaha nice, interesting post + follow for more
ReplyDeleteNice post.
ReplyDeleteI do have some commentary to ask/comment, but I'm not very experienced with things of this sort so I could be completely wrong in bringing it up.
OS matters in the subject of "password" has right.
I've seen the issues where getting it from a PC/laptop that runs XP is easier than say.. Leopard or Windows 7. Vista is a matter of simply extracting it since it is stored somewhere in almost plain site where XP was attempting to code?
I don't know, xD but.. something along those lines, i believe, but Nice post regardless, it's always nice to see these here and there.
Sounds a little complicated for me. When I was little, my parents had AOL and had me on one of those god forsaken kids accounts. Every god damn site was blocked soI installed a keylogger and found out his password. Good times.
ReplyDelete@gbounds well i can tell you than windows 7 uses a more complex algorithm which is harder to crack, but not that much harder.
ReplyDeleteYoutube, hackers training ground!
ReplyDelete