Results 1 to 2 of 2

Thread: Having unusual issues with Windows XP password recovery!

  1. #1
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Default Having unusual issues with Windows XP password recovery!

    ***********PROBLEM SOLVED************

    Hello Forum,

    So I am trying to recover a password for a local administrator account. I've done this several times before, but for some reason I am running into a really unusual issue with this one. The LM hash value for all user accounts is calculated to be aad3b435b51404eeaad3b435b51404ee, which as some of you might know off the top of your head is the "blank password" hash value.

    However, I know for a fact that the password value is NOT blank. I figured maybe it was something I was doing in BT4 that was different from BT3, but I tried on BT3 as well and got the same problem.

    Below are the steps I took:

    - Booted to BackTrack4
    - Mounted the Windows XP FS on sda1 to /mnt/sda1
    - Navigated to the "C:\WINDOWS\system32\config" folder
    - Executed "bkhive system keyfile" command
    - ATTEMPTED "samdump2 SAM keyfile > /tmp/hashlist.txt"
    - I got some weird registry read error when I cat'ed "hashlist.txt" so I did some research and found out that the process was slightly different for BT4 than what I was used to (I guess), so I went back and did the following...
    - Deleted "keyfile" and "hashlist.txt"
    - Executed "samdump2 system SAM > /tmp/hashlist.txt" instead
    - Now, when I cat'ed "hashlist.txt" it showed all the accounts with the same LM hash value (ad3b435b51404eeaad3b435b51404ee, aka "blank password").
    - For happy-times and giggles, I ran JTR against the value to make sure I wasn't going insane, and sure enough, it returned.. BLANK.

    Furthermore, to make sure I wasn't REALLY going insane I tried to log in to the admin account using a blank password, but to no avail.

    Any help with this issue would be really appreciated, gentlemen.

    Thanks,
    sipher
    Last edited by sipher; 06-29-2010 at 08:04 PM.

  2. #2
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    3

    Default Re: Having unusual issues with Windows XP password recovery!

    Figured it out. Turns out I'm dumb and forgot that the values go LM:NTLM. LM is disabled on host machine, making it appear as a "blank hash". The NTLM values are different, and appear to be long and strong.

    Thanks!

Similar Threads

  1. BT4 VM - Password Recovery? :/
    By Big-Blue in forum Beginners Forum
    Replies: 4
    Last Post: 02-14-2010, 07:09 AM
  2. Server 2008 Domain Admin Password Recovery
    By Dudeman02379 in forum OLD General IT Discussion
    Replies: 19
    Last Post: 11-02-2008, 06:59 PM
  3. Windows Xp Admin Password Recovery
    By ibrahim52 in forum OLD General IT Discussion
    Replies: 67
    Last Post: 06-18-2008, 08:24 AM
  4. New Password Recovery Technique Uses CPU and GPU Together
    By thorin in forum OLD General IT Discussion
    Replies: 2
    Last Post: 10-23-2007, 05:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •