| To: | "Jerome Athias" <jerome.athias@free.fr> |
|---|---|
| Subject: | Re: LophtCrack and SAM Passwd |
| From: | "Brendan Dolan-Gavitt" <mooyix@gmail.com> |
| Date: | Wed, 20 Dec 2006 09:37:05 -0500 |
| Cc: | "William Woodhams" <William.Woodhams@wegmans.com>, pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JMVY2aE7RxPNCaXm0j/rET4aKv7RMqPFlrzUdS1qMzGw6OTL2bjHw3ax/JiLSgjkw6nnLChflKivF4y07ed3e7v7e5Tk4c6sZGvuFsr8G6pEsqRMTNJiWl9tTKZ02mgsiqOJpgR7I+RzSepluX0YSQHwHQZqgD1dq9IUJCMX1tE= |
| In-reply-to: | <4588EE0B.4000503@free.fr> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <69F15C0E359E384FB660D550512C6864262138@CRP865.wfm.wegmans.com> <4588EE0B.4000503@free.fr> |
| Resent-date: | Wed, 20 Dec 2006 06:26:58 -0700 (MST) |
| Resent-from: | pen-test-return-1078483293@securityfocus.com |
| Resent-message-id: | <20061220132658.1705B2455A9@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
More specifically: the hashes were likely encrypted with syskey (turned on by default in Win2k/XP IIRC). Go get bkhive and samdump2 (also available for linux!) to get the actual hashes, and then make short work of them with ophcrack or RainbowCrack. If the passwords are alphanumeric, you should be able to do this in about 5 minutes total, including pulling the SYSTEM and SAM hives :) On 12/20/06, Jerome Athias <jerome.athias@free.fr> wrote: Hi, ophcrack is the faster (soft) way to do this rainbowcrack is the second alternative ( http://www.freerainbowtables.com could help ;-)) Good luck William Woodhams a écrit : > I have a system that recently got hacked and the passwords on the > machine were compromised. I want to get back into this system for > forensic reasons. Unfortunately when I dumped the SAM file and tried > cracking it with LophtCrack nothing worked. I ran it for a good 10 > hours with no success on any account. I was thinking maybe my word list > was not big enough. So the questions are: > > A. Anyone have any good sources for large word lists? > B. Any other application for cracking SAM's that I have not thought of? > I have ran it through a couple smaller security apps (names escape me at > the moment.) > > Thanks, > > Bill Woodhams > > > |
| Previous by Date: | Re: LophtCrack and SAM Passwd, Justin Lintz |
|---|---|
| Next by Date: | RE: Trend Micro's Vista "0day exploit auction" claim, Roger A. Grimes |
| Previous by Thread: | Re: LophtCrack and SAM Passwd, killy |
| Next by Thread: | Re: LophtCrack and SAM Passwd, jm |
| Indexes: | [Date] [Thread] [Top] [All Lists] |