Page 1 of 16 12311 ... LastLast
Results 1 to 10 of 158

Thread: Password Cracking Guide

  1. #1
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default Password Cracking Guide

    The goal is to unify all of the good information found in various bits and pieces into 1 large document. This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I didn’t want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, and stasik. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum.

    I had to compress the document so I could attach it. The document as it stands now is 127K. Please let me know if what I have is wrong, or if there is a better way to do something, or if I am missing something. I am planning on making enhancements as people make me aware of them.

    Here is the table of contents
    Code:
    1 LM vs. NTLM
    2 Syskey
    3 Cracking Windows Passwords
       3.1 Extracting the hashes from the Windows SAM
          3.1.1 Using BackTrack Tools
             3.1.1.1 Using bkhive and samdump v1.1.1 (BT2 and BT3)
             3.1.1.2 Using samdump2 v2.0.1 (BT4)
             3.1.1.3 Cached Credentials
          3.1.2 Using Windows Tools
             3.1.2.1 Using fgdump
             3.1.2.2 Using gsecdump
             3.1.2.3 Using pwdump7
             3.1.2.4 Cached Credentials
       3.2 Extracting the hashes from the Windows SAM remotely
          3.2.1 Using BackTrack Tools
             3.2.1.1 ettercap
          3.2.2 Using Windows Tools
             3.2.2.1 Using fgdump
       3.3 Cracking Windows Passwords
          3.3.1 Using BackTrack Tools
             3.3.1.1 John the Ripper BT3 and BT4
                3.3.1.1.1 Cracking the LM hash
                3.3.1.1.2 Cracking the NTLM hash
                3.3.1.1.3 Cracking the NTLM using the cracked LM hash
                3.3.1.1.4 Cracking cached credentials
             3.3.1.2 John the Ripper - current
                3.3.1.2.1 Get and Compile
                3.3.1.2.2 Cracking the LM hash
                3.3.1.2.3 Cracking the LM hash using known letter(s) in known location(s) (knownforce)
                3.3.1.2.4 Cracking the NTLM hash
                3.3.1.2.5 Cracking the NTLM hash using the cracked LM hash (dumbforce)
                3.3.1.2.6 Cracking cached credentials
             3.3.1.3 Using MDCrack
                3.3.1.3.1 Cracking the LM hash
                3.3.1.3.2 Cracking the NTLM hash
                3.3.1.3.3 Cracking the NTLM hash using the cracked LM hash
             3.3.1.4 Using Ophcrack
                3.3.1.4.1 Cracking the LM hash
                3.3.1.4.2 Cracking the NTLM hash
                3.3.1.4.3 Cracking the NTLM hash using the cracked LM hash
          3.3.2 Using Windows Tools
             3.3.2.1 John the Ripper
                3.3.2.1.1 Cracking the LM hash
                3.3.2.1.2 Cracking the NTLM hash
                3.3.2.1.3 Cracking the NTLM hash using the cracked LM hash
                3.3.2.1.4 Cracking cached credentials
             3.3.2.2 Using MDCrack
                3.3.2.2.1 Cracking the LM hash
                3.3.2.2.2 Cracking the NTLM hash
                3.3.2.2.3 Cracking the NTLM hash using the cracked LM hash
             3.3.2.3 Using Ophcrack
                3.3.2.3.1 Cracking the LM hash
                3.3.2.3.2 Cracking the NTLM hash
                3.3.2.3.3 Cracking the NTLM hash using the cracked LM hash
             3.3.2.4 Using Cain and Abel
          3.3.3 Using a Live CD
             3.3.3.1 Ophcrack
    4. Changing Windows Passwords
       4.1 Changing Local User Passwords
          4.1.1 Using BackTrack Tools
             4.1.1.1 chntpw
          4.1.2 Using a Live CD
             4.1.2.1 chntpw
             4.1.2.2 System Rescue CD
       4.2 Changing Active Directory Passwords
    5 plain-text.info
    6 Cracking Novell NetWare Passwords
    7 Cracking Linux/Unix Passwords
    8 Cracking networking equipment passwords
       8.1 Using BackTrack tools
          8.1.1 Using Hydra
          8.1.2 Using Xhydra
          8.1.3 Using Medusa
          8.1.4 Using John the Ripper to crack a Cisco hash
       8.2 Using Windows tools
          8.2.1 Using Brutus
    9 Cracking Applications
       9.1 Cracking Oracle 11g (sha1)
       9.2 Cracking Oracle passwords over the wire
       9.3 Cracking Office passwords
       9.4 Cracking tar passwords
       9.5 Cracking zip passwords
       9.6 Cracking pdf passwords
    10 Wordlists aka Dictionary attack
       10.1 Using John the Ripper to generate a wordlist
       10.2 Configuring John the Ripper to use a wordlist
       10.3 Using crunch to generate a wordlist
       10.4 Generate a wordlist from a textfile or website
       10.5 Using premade wordlists
       10.6 Other wordlist generators
       10.7 Manipulating your wordlist
    11 Rainbow Tables
       11.1 What are they?
       11.2 Generating your own
          11.2.1 rcrack - obsolete but works
          11.2.2 rcracki
          11.2.3 rcracki - boinc client
          11.2.4 Generating a rainbow table
       11.3 WEP cracking
       11.4 WPA-PSK
          11.4.1 airolib
          11.4.2 pyrit
    12 Distributed Password cracking
       12.1 john
       12.2 medussa (not a typo this is not medusa)
    13 using a GPU
       13.1 cuda - nvidia
       13.2 stream - ati
    Thanks,

    P.S. Thank you everyone for your feedback. Keep it coming.

    Changes from version 0.1
    * Added a section on plain-text.info
    * Added a section on using john the ripper with a custom character list
    * Added Xploitz’s and pureh@te’s wordlists

    Changes from version 0.2 - 200 downloads
    * Added sections on using ophcrack
    * Added sections on Cain and Able under windows
    * Fixed a typo
    * New html format

    Changes from version 0.3 - 410 downloads
    * Moved some content to where it should have been
    * Added a section on crunch
    * Fixed typos
    * Fixed a whole lot of html issues
    * Slightly rearranged things to flow better

    Changes from version 0.4 - 877 downloads
    * Added a section on cached credentials
    * Expanded the Novell section
    * Fixed typos
    * Fixed a couple of html errors
    * Moved some things around
    * New utility to dump passwords

    Changes from version 0.5 - 1573 downloads
    * added wpa pw-inspector command
    * added a wordlist manipulation section
    * added usage of fgdump
    * added rcracki section
    * added a sample hash.txt to play with
    * john can be used for input to aircrack-ng
    * moved a few things around for a better flow

    Changes from version 0.6 - 422 downloads
    * added a section on generating a wordlist from a website
    * added head, tail, and sed commands to wordlist manipulation
    * added a section on xhdrya (pointing to Pureh@te's video)
    * added a section on gsecdump
    * added a section on medusa
    * added a section on cisco
    * expanded the crunch section
    * moved everything around in an effort to make things easier to find
    * the dumbforce and knownforce are not finished

    Changes from version 0.7 - 4596 downloads
    * Fixed john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w --test.cap
    missing a - Thanks to roblad for pointing it out

    Changes from version 0.8 - 302 + 1226 (old forums + new)
    * updated the guide to support BT4-Pre-Final
    * switched from transitional html to strict html
    * added a section on cracking office passwords
    * added a section on cracking rar passwords
    * added a section on cracking zip passwords
    * added a section on cracking pdf passwords
    * added instructions for remote password dumping for fgdump
    * point users to john the ripper wiki for dumbforce and knownforce usage
    * convert text urls to links
    * updated links
    * update versions of software (wine and rcrack)
    * fixed several spelling mistakes

    Changes from version 0.9

    * updated the guide to support BT4 Final
    * fixed links to pureh@te's videos
    * added instructions to update flash so you can watch videos clearly
    * updated the john the ripper section to current versions
    * added instructions for using rainbow tables for WPA cracking
    * added two new leetifing scripts
    * added a small cupp discussion
    * added a section on pyrit
    * added a section on distributed password cracking using john and medussa
    * added a section on cuda and stream
    * fixed typo in hash.txt


    MOD EDIT: Download link for the guide:
    http://tools.question-defense.com/Cr...ords_Guide.pdf
    Last edited by Archangel-Amael; 02-20-2010 at 02:02 PM. Reason: See above.

  2. #2
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Re: password cracking guide

    This is awesome stuff. I would love to add it as an official password cracking guide on the manual page, with credits to you of course. Please ping me if this is ok.

  3. #3
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default Re: Password Cracking Guide

    Wonderful contribution. Nice job bohf28.
    SecurityTube has two new sections. Questions & News

  4. #4
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: Password Cracking Guide

    Nice one, bofh28. Thank you for sharing it.
    I've seen things you people wouldn't believe.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default Re: Password Cracking Guide

    Nice guide. 1 small issue. WEP Security "See other posting for WEP cracking details".... where? Searched to WEP in the doc and the forums but no luck

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default Re: Password Cracking Guide

    Thanx for useful doc!

    Regards
    m4n0w4r

  7. #7
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    Panama City, Panama
    Posts
    9

    Default Re: Password Cracking Guide

    Thanks a lot man, great document

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    Kakanj, BIH
    Posts
    1

    Default Re: Password Cracking Guide

    Thank you, nice job...

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default Re: Password Cracking Guide

    Thanks for sharing it

  10. #10
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    4

    Default Re: Password Cracking Guide

    awesome thank you.

Page 1 of 16 12311 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •