Password Cracking Guide

[bofh28]

My issue was actually not with recovering an administrative passwd but a user's - they had old domain logins and we needed his password in order to update his OSX keychain, l0phcrack came through, but i'd still like to find some solution that doesnt require a boot into windows. Awesome guide btw, slowly making my way through it.

I don't understand. You don't have to boot into windows to retrieve a user's password. You can boot BT, and run samdump which will dump all of the users passwords to the screen. Either use the option redirect the output (I don't remember what it is at the moment) or use samdump2 >hash.txt
Now you can use john the ripper, l0phcrack, or plain-text.info to crack the hash.

[maget]

That is extremaly cool ThX

[kkkyle]

very nice guide, i leaned a lot.

[Back|Track_user]

Came in handy at work today. Thanks.

[alek2sandar]

Great document.. Thanks..

[URETROID]

Amazing work, Thanks.

[Revenger]

nice work,thanks for sharing

[Krogg]

Awesome Post! I like the manual and I am excited to get my hands on it and check out the details.

So I have one issue when trying to crack the windows pass. When I try to mount the drive that has the SAM file, I get an error saying that the file in charge of the volume is locked. And it will not let me mount. As a further detail, when I ls -a the directory where the "sda2" is located it shows the media, but it is a dark yellow. Does this mean anything?

Is there something that I need to do before it will allow me access to the SAM? I was going to use the chntpsw command to crack the pass. I know from your manual that there are other options, but it seems to be the easiest way to crack them. Can you help me? Thanks for any help!

[bofh28]

goto to a terminal prompt and type in:
mount /dev/sda2 /mnt/whereever

don't try to use a gui to mount a partition. It has rarely worked for me.
The chntpw command will change the password. It you want to crack the password you must use samdump2. If you use chntpw be sure to blank the password and not to set the password to something you know. If you blank it you will get into the system, you set a password you might get it.

If you need help please post.

[randalth0r]

Maybe a entry about Linux password cracking has to be added. From what I know, it takes different amounts of time to crack a password depending on which hash type is used. For example a MD5 hash is easier than a SHA-2 hash.

If the hash begins with $1$ it's MD5. $5$ is SHA-1 and $6$ is SHA-2.

Please correct me if I'm wrong.