Results 1 to 7 of 7

Thread: Pulling the Administrator Password from a WinXP Machine

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    1

    Default Pulling the Administrator Password from a WinXP Machine

    Hello all!

    This is my first post here and I am looking for some suggestions to complete an assignment for my Ethical Hacking and Network Defense class.

    Our assignment is to retrieve the administrator password for a Windows XP machine on the local area network. Our instructor has suggested using a MITM attack. I am mostly clueless where to start, except that I've heard buzzwords about metasploit and various other white hat tools. If there is a good starter guide for using any of these tools, I am having some difficulty finding them.

    Can anyone provide some good links to use BT4 in this fashion? Or, is there a previous forum post that I should be looking in for this information (couldn't find it via searching). Thanks in advance all!

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Try here , and here . It might be a better idea to read some on pentesting methodologies, these will give you a better understanding of what you are trying to do and as such will save you time when researching the next problem.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Do your own homework. If you're clueless as to where to start, chances are, you haven't been paying attention previously in class.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Its been my experience having taken a number of IT classes over the years, that the tasks assigned to students usually cover skills taught during the course.

    Consequently, I'd suggest going over your course notes and re-reading any assigned texts. The answer should be there somewhere, and if it isn't, you can also find it by reading up on the related subjects (man in the middle attacks, windows password storage and transfer, etc) and then using your new found knowledge to perform Google searches to lead you to ever more relevant information until you find what you are after. This will be valuable experience, because one of the things that you will require to progress in any sort of advanced education is the ability to research a given topic.

    So in other words, do your own homework.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    5

    Default learn the sppof

    I suggest looking into ettercap and then looking into rainbow tables or dictionary attacks. Chances are that if it is a homework assignment that the password is under 7 char long. Any longer than that and it might go past the assignment due date to brute force. Remember most of these guys in here are pros and generaly tell you what to research than just give the answer to just a basic question. I suggest learn how ./arpspoof works which is very easy and get the basics of MITM attacks them move on to filtering traffic with ettercap. This will give you a good understanding of what is really going on. The knowledge is not in cracking the password but learning to find what you want on the line.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Rfinfotrader View Post
    I suggest looking into ettercap and then looking into rainbow tables or dictionary attacks. Chances are that if it is a homework assignment that the password is under 7 char long. Any longer than that and it might go past the assignment due date to brute force. Remember most of these guys in here are pros and generaly tell you what to research than just give the answer to just a basic question. I suggest learn how ./arpspoof works which is very easy and get the basics of MITM attacks them move on to filtering traffic with ettercap. This will give you a good understanding of what is really going on. The knowledge is not in cracking the password but learning to find what you want on the line.
    Which is another way of putting post's 2-4.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    9

    Default XP Administrator password recory

    google IRONGEEK and watch his videos, may help you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •