Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Download as PPTX, PDF1 like7,411 views
The document provides a guide on using pwdump7 and ophcrack tools to extract and crack Windows password hashes stored in the Security Account Manager (SAM) database. It details lab tasks for generating password hashes, installing ophcrack, and using rainbow tables to recover plaintext passwords. The lab's objective is to educate users on successfully extracting and decrypting password hashes in a Windows environment.
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
- 1. “Dumping and Cracking SAM Hashes to Extract Plaintext Passwords” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in Lab - 1
- 2. “Dumping and Cracking SAM Hashes to Extract Plaintext Passwords” Pwdump7 can be used to dump protected files. You can always copy a used file by executing pwdump7.exe –d c:lockedfile.dat backup-lockedfile.dat Ophcrack is a free open-source (GPL license) program that cracks Windows password by using LM hashes through rainbow tables.
- 3. Lab Scenario The Security Account Manager (SAM) is a database file present on Windows machine that store user account and security decryptors for users on local computer. It store user’s password in a hashes format (in LM hash and NTLM hash). Because a hashes function is one-way, this provide some measure of security for the storage of the passwords. In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise a target machine. The password hashes enable attackers to launch a verity of attacks on system, including password cracking, pass the hash, unauthorized access of other..
- 4. Lab Scenario System using the same password, password analysis, and pattern recognition, in order to crack other passwords in the target environment. You need to have administrator access to dump the content of the SAM file. Assessment of a password strength is critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover the plaintext password.
- 5. Lab Objective The objective of this lab is to help peoples to lean how to; • Use the pwdump7 tool to extract password hashes. • Use the Opcrack tool to crack the hash and obtain the plaintext password.
- 6. Overview of the Lab Pwdump7 can be used to dump protected file. You can always copy a used file executing the command pwdump7.exe –d c:lockedfile.dat backup-lockedfile.dat. Rainbow table for LM hashes of alphanumeric passwords are provided free by the developers. By default, Ophcrack is bundled with table that allow it to crack passwords not longer then 14 characters using only alphanumeric characters.
- 7. Lab Task 01:- Generate Hashes • Open the command prompt, and navigate the location the pwdump7 folder. Alternatively you can navigate from the windows explorer to the pwdump7 folder and right-click and select open Cmd Here. • Now run the command pwdump7.exe, and press Enter. This displays all the
- 8. Lab Task 01:- Generate Hashes password hashes as shown in the above screenshot. • Now, save the hashes in a text file by issuing the command pwdump.exe >d:hashes.txt and press Enter, in this command we are saving the hashes in the hashes.txt file in the D: drive. • Now, open the D: drive and locate the hashes.txt and double- click to open the
- 9. Lab Task 02:- Install Ophcrack • Navigate to the directory you have saved the setup od Ophcrack and double-click on the ophcrack-win32-installer-3.6.0.exe, to install the Ophcrack. You can also download the Ophcrack from the www.Ophcrack.sourceforge.net. • Ophcrack installation window opens, click next to install the application.
- 10. Lab Task 02:- Install Ophcrack • In the choose components section, uncheck all the options, and click Next
- 11. Lab Task 03:- Task 03:- Crack the Password • On completion the installation open the application from the Apps screen . The Ophcrack main window appears as shown in the screenshot.
- 12. Lab Task 03:- Task 03:- Crack the Password Click the Load menu and select PWDUMP file. The Open PWDUMP file window appears. Browse the D: and select the hashes.txt which has been created through Pwdump7, and click Open.
- 13. Lab Task 03:- Task 03:- Crack the Password • The hashes are loaded in the Ophcrack under the NT Hash column. Now, click on the Table menu, the Table Selection window appear, select Vista free and click Install. Note:- to install the Tables you need to download the tables from the internet, you can download the table from http://Ophcrack.sourceforge.net/tables.php. • The Select the directory which contains the tables window appears, brown the location where the table has been downloaded or stored. Select the folder in which the tables are stored and click Select Folder.
- 14. Lab Task 03:- Task 03:- Crack the Password This tables_vist_free is a pre- computed tables for reversing cryptographic hash functions and recovering a plaintext password up to a certain length. The selected table_vista_free is installed under the name Vista free, which is represented by a green colored bullet. Select the table and click OK.
- 15. Lab Task 03:- Task 03:- Crack the Password • Click Crack on the menu bar. Ophcrack begin to crack the passwords. • The cracked password are displayed in the plaintext as in the below screenshot.
- 16. Lab Analysis We have analyze the password hashes gathered during this lab, and figured out what the password was. Tool/Utility Information Collected/Objectives Achieved Pwdump7 Ophcrack IP Address Range/target:- Windows 8.1 machine Scan Result:- •Generate the user password Hashes •Crack the password in the plaintext
- 17. Feedback Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A
Editor's Notes
- #2: 1