Now in this post we are going to discuss the ways of cracking windows passwords,i mean the passwords for users like administrator etc which we are not familiar with.There are basically two methods for cracking a password for windows-
-Brute force attacks/Dictionary attacks
-SAM file method
SAM or Security Accounts Manager is a registry file in all types of windows OS.The location of a SAM file is C:\Windows\System32\config\sam
A SAM cannot be copied or moved while windows is running.All types of passwords of the system are stored in a SAM file encrypted with a key.But to open a SAM file we can use another OS like Ubuntu/Backtrack,using that we can see the contents of a SAM file.
There is a very famous software called Ophcrack which is widely used for cracking these kinds of passwords.Ophcrack is a kind of a virtual operating system based on linux which uses the SAM file of windows and cracks the password of all users from that.Its ISO image is available on the net for free which can be downloaded and burned onto a disk which is bootable and while booting,we can get the passwords using it.
Now we will be discussing password cracking using a software called Cain & Abel.
Download Cain & Abel for free here.
If you want to crack the password for admin,you must be logged in as admin.This is a drawback with this method.But many a times administrators secretly type the password and provide you with all the authorities,so at that time this method can be used.
Install this software on your system,open the software and then click on cracker->LM&NTLM Hashes->File->Add to list->Next.Refer to the snap shot below
If you have any idea regarding the password like number of characters in the password or you know a few characters used in the password or you know the starting character of the password etc,input it in appropriate fields so that the calculation becomes easy.....Number of passwords that have to be checked would be given.
After that,just click on Start.It will take time depending upon the number of passwords that have to be matched...Usually it is capable of executing 25000 passwords in a second.
While it is matching the passwords,when the correct password appears,the execution stops and it gives the correct password.Like password of my system was "*333"
This technique of Brute force however cannot be used on email account hacking and facebook hacking.The reason being that if we enter an incorrect password thrice,Captcha appears to verify that input is from a human and not from a machine.........
This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
-Brute force attacks/Dictionary attacks
-SAM file method
SAM or Security Accounts Manager is a registry file in all types of windows OS.The location of a SAM file is C:\Windows\System32\config\sam
A SAM cannot be copied or moved while windows is running.All types of passwords of the system are stored in a SAM file encrypted with a key.But to open a SAM file we can use another OS like Ubuntu/Backtrack,using that we can see the contents of a SAM file.
There is a very famous software called Ophcrack which is widely used for cracking these kinds of passwords.Ophcrack is a kind of a virtual operating system based on linux which uses the SAM file of windows and cracks the password of all users from that.Its ISO image is available on the net for free which can be downloaded and burned onto a disk which is bootable and while booting,we can get the passwords using it.
Now we will be discussing password cracking using a software called Cain & Abel.
Download Cain & Abel for free here.
If you want to crack the password for admin,you must be logged in as admin.This is a drawback with this method.But many a times administrators secretly type the password and provide you with all the authorities,so at that time this method can be used.
Install this software on your system,open the software and then click on cracker->LM&NTLM Hashes->File->Add to list->Next.Refer to the snap shot below
Then select the user whose password you wish to see,right click and select an appropriate attack like dictionary attack if you know that the password is a dictionary word,else use brute force attack.Then click on NTLM hashes...
After that,just click on Start.It will take time depending upon the number of passwords that have to be matched...Usually it is capable of executing 25000 passwords in a second.
While it is matching the passwords,when the correct password appears,the execution stops and it gives the correct password.Like password of my system was "*333"
This technique of Brute force however cannot be used on email account hacking and facebook hacking.The reason being that if we enter an incorrect password thrice,Captcha appears to verify that input is from a human and not from a machine.........
This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
hi,
ReplyDeletethanks for the information
just see other bloggers dont steal this valuable info