 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
ntlm hash help/solve |
 |
 Posted: Sat Nov 24, 2007 4:16 am |
 |
|
| Harq |
| Regular user |
 |
|
| Joined: Nov 24, 2007 |
| Posts: 8 |
|
|
|
 |
|
 |
|
A friend of mine recently lost their password for Vista so I tried solving it with Ophcrack to discover that I needed nt tables
I got the following hash dump, can anyone solve it please? (Sorry, I don't know what is what in this)
Garrett:1000:aad3b435b51404eeaad3b435b51404ee:05b073daa9c1b3b909ff5ae2e4604bb5::: |
|
|
|
|
|
Re: ntlm hash help/solve |
|
| Posted: Sat Nov 24, 2007 4:39 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Harq wrote: | A friend of mine recently lost their password for Vista so I tried solving it with Ophcrack to discover that I needed nt tables
I got the following hash dump, can anyone solve it please? (Sorry, I don't know what is what in this)
Garrett:1000:aad3b435b51404eeaad3b435b51404ee:05b073daa9c1b3b909ff5ae2e4604bb5::: |
It took more time to enter this hash to Cain, then to crack it:
| Code: |
Plaintext of 05b073daa9c1b3b909ff5ae2e4604bb5 is 4321
Attack stopped!
1 of 1 hashes cracked
|
 |
|
|
|
|
|
Re: ntlm hash help/solve |
|
| Posted: Sat Nov 24, 2007 5:04 am |
|
|
| Harq |
| Regular user |
|
|
| Joined: Nov 24, 2007 |
| Posts: 8 |
|
|
|
|
|
|
|
| waraxe wrote: | | Harq wrote: | A friend of mine recently lost their password for Vista so I tried solving it with Ophcrack to discover that I needed nt tables
I got the following hash dump, can anyone solve it please? (Sorry, I don't know what is what in this)
Garrett:1000:aad3b435b51404eeaad3b435b51404ee:05b073daa9c1b3b909ff5ae2e4604bb5::: |
It took more time to enter this hash to Cain, then to crack it:
| Code: |
Plaintext of 05b073daa9c1b3b909ff5ae2e4604bb5 is 4321
Attack stopped!
1 of 1 hashes cracked
|
|
OK, I doubt that is the password so I have a questions about ophcrack and vista:
1. When I opened it it had 4 or so different ?drives? that I could choose. The first one said it contained no valid hashes and the second one is the once that I got these hashes off, so I did not go any further. So the question is: Can/how can I get the actual password hashes from Vista with an ophcrack live cd?
Thanks!  |
|
|
|
|
|
|
|
|
| Posted: Sat Nov 24, 2007 5:30 am |
|
|
| sk8er |
| Advanced user |
 |
|
| Joined: May 09, 2005 |
| Posts: 64 |
|
|
|
|
|
|
|
How is it going?
Would you tell me like achieved that hash?
Thank you very much |
|
|
|
|
| Posted: Sat Nov 24, 2007 4:15 pm |
|
|
| Harq |
| Regular user |
|
|
| Joined: Nov 24, 2007 |
| Posts: 8 |
|
|
|
|
|
|
|
Oh. My. God. That was the password...
Thankyou, we would have never found it by guessing 
OK, since my last question was wrong: How do you import hashes into Cain and Abel with text files? |
|
|
|
|
|
|
|
|
| Posted: Sat Nov 24, 2007 6:19 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First take that data line
Garrett:1000:aad3b435b51404eeaad3b435b51404ee:05b073daa9c1b3b909ff5ae2e4604bb5:::
... and put in text file. And then "Add NT Hashes from" --> "Import Hashes from a text file"
And then crack as "NTLM Hashes". And of course, IF password is good, THEN you can't crack it!
That's all
To sk8er:
Windows PC, including Windows Vista, stores login username and password hash in Hard Disk.
If your PC is running and you have admin level rights in Windows, then by using right
software you can fetch those password hashes (NTLM hashes) from windows SAM storage and
try to crack them later in order to obtain plain text passwords.
Another possibility is to bypass Windows protective security measures and steal hashes directly
from Hard Drive. There are several possibilities:
1. You can take HDD from victim PC and put it to another PC and then fetch SAM with hashes.
This is typical scenario, when you take your broken PC to repair shop
2. If there is more than one operating system on PC (dual-boot or multi-boot), then maybe
you can access windows SAM from another operating system (Linux for example).
This is typical scenario for school computer classes, where dual-booted PC-s are common.
3. If you can boot PC from CD, DVD or Flash Memory, then you can use your favourite
Recovery Bootdisk or any other bootable Linux distro and then read SAM from HDD.
And finally - IF you got password hashes and IF password(s) are not strong enough,
then you MAY BE able to crack them and reveal original password in plain text.
And this is good start for social engineering - because people tend to use same or similar
passwords in other places too - email accounts, etc. |
|
|
|
|
|
|
|
|
| Posted: Sun Nov 25, 2007 5:47 am |
|
|
| sk8er |
| Advanced user |
|
|
| Joined: May 09, 2005 |
| Posts: 64 |
|
|
|
|
|
|
|
Then than in windows , The secret this in obtaining the SAM ???
They would be able to use programs here like, SAM INSIDE ???
Say me anything, exists clearly visible difference between the kind of HASH between winXP and winVista???
salu2 and Thank you very much |
|
|
|
|
| Posted: Sun Nov 25, 2007 6:55 pm |
|
|
| Harq |
| Regular user |
|
|
| Joined: Nov 24, 2007 |
| Posts: 8 |
|
|
|
|
|
|
|
| sk8er wrote: | Then than in windows , The secret this in obtaining the SAM ???
They would be able to use programs here like, SAM INSIDE ???
Say me anything, exists clearly visible difference between the kind of HASH between winXP and winVista???
salu2 and Thank you very much |
I used the ophcrack live cd, they have an option to automatically dump the hashes and also you can then dump them as a text file to a flash drive.
On XP they are usually stored as LM hashes, for Vista the default is NTLM hashes (harder to crack, and the Ophcrack livecd has tables for LM hashes) |
|
|
|
|
| Posted: Sun Nov 25, 2007 7:05 pm |
|
|
| sk8er |
| Advanced user |
|
|
| Joined: May 09, 2005 |
| Posts: 64 |
|
|
|
|
|
|
|
I can fire that one "Live cd " , In a memory USB ????
salu2 and thank very much |
|
|
|
|
| Posted: Sun Nov 25, 2007 8:29 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Nov 26, 2007 6:21 am |
|
|
| sk8er |
| Advanced user |
|
|
| Joined: May 09, 2005 |
| Posts: 64 |
|
|
|
|
|
|
|
Very well, I asked the one belonging to memory USB, why I would be showier to use the USB that to have that to open the reader of the CD and all of it.
Thank you very much for orientation |
|
|
|
|
| Posted: Fri Nov 30, 2007 2:21 pm |
|
|
| dimension11 |
| Regular user |
|
|
| Joined: Nov 30, 2007 |
| Posts: 5 |
|
|
|
|
|
|
|
Hi,
What happens there is a password, but the hash reads blank? Meaning the LM hash is not stored right? How would I retrieve the password then? For example if the password is longer than 14chars..
thanks |
|
|
|
|
| Posted: Fri Nov 30, 2007 3:14 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| If LM hash is empty, then get NTLM hash and try to crack it ... |
|
|
|
|
| Posted: Fri Nov 30, 2007 6:50 pm |
|
|
| dimension11 |
| Regular user |
|
|
| Joined: Nov 30, 2007 |
| Posts: 5 |
|
|
|
|
|
|
|
| How would I get the NTLM hash ? I tried pwdump6 and it returned the same result. |
|
|
|
|
| Posted: Fri Nov 30, 2007 11:09 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Try other software then ... |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 226
Members: 0
Total: 226
