Monday, May 30, 2011

Hacking?

It turns out that password cracking is far easier than anyone ever could of thought. As a project I decided to try to get a hold of my fathers password. Heading downstairs to the computer room I realized that I didn't have an administrative account on his computer. Well after ducking around with the command line for a little and with the help of some youtube videos I found a command to make a new Admin. I downloaded pwdump and fgdump along with johntheripper from openwall. Now what goes on with these programs are you use the programs to literally dump the password hashes into a file. Passwords are encrypted either by LM or NTLM hashes. LM if the password is 7 characters or less and NTLM if its over 7 characters. NTLM hashes are just the LM hash plus a NT hash and its generally easier to crack a NTLM hash than a LM. It could be easier to crack a NTLM hash if say your password was 'porkbean'  than if it were the LM hash for 'appless'. This is because you'd just crack both the NT and LM hash (respectively)  for 'pork' and 'bean' separately which is far easier than cracking 'appless' as a whole. Well after you dump the hashes into a file you can use a number of techniques to crack the hashes but i just navigated to the folder that had johntheripper in it, dragged the dump file into the run folder, then navigated  to the run folder on the command line and typed "john-386.exe {name of dumpfile}" and about an hour later i had my dads 9 character (4 numbers, 5 letters) password. Guess that means I get to use his fancy i7 quad-core laptop :)

39 comments:

  1. Evil son now commands the computer!

    ReplyDelete
  2. Is it really that easy? Or is it cleaning up the evidence the hard part? Neat stuff tho, following.

    ReplyDelete
  3. Very nice. Interesting. Makes me wanna try.

    ReplyDelete
  4. cool, my sister should be scared now.

    ReplyDelete
  5. nice, thnaks for the info! follow back

    ReplyDelete
  6. ofc its easy. too many people leave their computers open to hackers its not even funny

    ReplyDelete
  7. Ha ha, True sons break through their father's security to show just how weak it is! I hope you go white hat, if you ever decide to do this permanently.

    ReplyDelete
  8. Exposing such weaknesses makes people more aware of it. Thankfully. Obtaining someones' password might be very easy...

    ReplyDelete
  9. All my passwords are randomly generated.

    ReplyDelete
  10. in passwords the weakest link is allwas human error

    ReplyDelete
  11. Today the internet, tomorrow, the WORLD! :D

    ReplyDelete
  12. Wow that sounds pretty cool to be able to do that. Just don't piss him off too much!

    ReplyDelete
  13. I realized in XP, if you start up in safe mode, you can get to the REAL Administrator account since most people make a new account & set it to Admin when they install XP instead of using the ACTUAL administrator default.

    ReplyDelete
  14. ya have a neat blog mmm

    ReplyDelete
  15. i did this once when we forgot the password to the computer, i thought the world was over lol
    theres an easier way, there is a way to reset the password word, but Microsoft hides this information as they just recommend "wiping out the drive". found out step by step on a website

    ReplyDelete
  16. Interesting. Useful if I ever need to hack a laptop... don't know when that'll be, though.

    ReplyDelete
  17. This is some interesting stuff. I've got a few tricks up my sleeve too :P

    ReplyDelete
  18. LOLz, I'm not the only one who want to hack his dad's computer eh?! But then again, it'd be a waste of time anyway :P

    ReplyDelete
  19. I dear. Sounds dangerous and useful at the same time. A friend once told me that you can also boot up from this disk that bypasses that.

    ReplyDelete
  20. Wow thats pretty crazy, had no idea this was possible. Guess I'm not computer savvy enough haha. Thanks for the info, following.

    ReplyDelete
  21. It's really that easy? I'm glad I use a mac.

    ReplyDelete
  22. I don't like passwords. I'm more of a fingerprint kind of guy.

    ReplyDelete
  23. Haha. That's dirty. I agree with ^. Fingerprints are the passwords of the future.

    ReplyDelete
  24. I have to try it myself allways tought that brute force (i tried on rar files) takes hundreds of hours.

    ReplyDelete
  25. @kelly macs can be bypassed with simple commands at start up u just hold command s to get a command line

    ReplyDelete
  26. Might have to try this

    ReplyDelete
  27. thats really cool im going to try that sometime, followed too

    ReplyDelete
  28. hmmm, interesting stuff indeed. I always carry ophcrack and ubuntu-live on my thumb-drive, just in case :)

    ReplyDelete
  29. >=) I could benefit from this, nice post

    ReplyDelete
  30. Hmm, I'll keep this in mind, it will come in handy one day :P

    ReplyDelete
  31. haha that's funny but a bit naughty. followed for more :)

    ReplyDelete
  32. haha nice, interesting post + follow for more

    ReplyDelete
  33. Nice post.
    I do have some commentary to ask/comment, but I'm not very experienced with things of this sort so I could be completely wrong in bringing it up.
    OS matters in the subject of "password" has right.
    I've seen the issues where getting it from a PC/laptop that runs XP is easier than say.. Leopard or Windows 7. Vista is a matter of simply extracting it since it is stored somewhere in almost plain site where XP was attempting to code?
    I don't know, xD but.. something along those lines, i believe, but Nice post regardless, it's always nice to see these here and there.

    ReplyDelete
  34. Sounds a little complicated for me. When I was little, my parents had AOL and had me on one of those god forsaken kids accounts. Every god damn site was blocked soI installed a keylogger and found out his password. Good times.

    ReplyDelete
  35. @gbounds well i can tell you than windows 7 uses a more complex algorithm which is harder to crack, but not that much harder.

    ReplyDelete
  36. Youtube, hackers training ground!

    ReplyDelete