Cracking Windows Admin pass with Backtrack2
Backtrack2 Homepage: http://www.remote-exploit.org/backtrack.html
Written by : Me (pavs)
Inspired By : http://www.neophob.com/serendipity/index.php?/archives/89-Crack-local-Windows-passwords-with-Backtrack-v1.x.html
One of several ways to gain Admin passwords in a windows system, if you have physical access to the system is by using a boot live linux distro like Backtrack2. Backtrack is a pen-testing distro so obviously it is loaded with all kinds of software to help you do security tests in both local and remote systems.
Assuming that the local allows you to boot from the CD and the bios is not password protected. Which also has ways to go around but I won’t discuss those in this tutorial.
The first thing to do after booting in to BT (Backtrack), is to open a shell window.
Our first job is to mount the disk/partition where the windows installation that we are trying to crack is located. With this command : # cd /mnt/hda2/WINDOWS/system32/config
Next step is to copy the SAM file and the system folder in to a temporary folder so that we can access it later to crack it. With these commands:
# cp SAM /tmp
# cp system /tmp
We will decrypt the SAM file to get the password hashes and route it to the tmp folder with this command: bkhive system key > /tmp/key
Now we extract the password hashes out of the SAM file and dump it in a text file in a “crack-readable” format.
This is how the hashes looks like, obviously some informations are blurred out.
Now we will use John the Ripper password cracker in brute force mode to crack this password. John is not the only program to crack SAM hashes there are other ways and other programs that does the same. The tutorial just demonstrates one of the several ways of doing it.
In Blacktrack2 it’s located here:
Or on the shell you can type this: cd /pentest/password/join-1.7.2/run
This is the process of John cracking the password, with the command:
john –incremental:all -f=NT /tmp/hashes.txt
This process might take very long depending on your processor speed and password complexity and length.
Thats it.
Thats all for now.
pavs
Hacking Software Review
Loading ...
February 14th, 2008 08:51
it was informative and good . i have used it still need to get the result though its under process anyways goodwork man keep it up
February 21st, 2008 12:32
ok,
how to do this on the network?
March 24th, 2008 03:31
How do i modify the first step if it won’t let me partition?
March 30th, 2008 12:14
Why not use orphcrack? Its _WAY_ less complicated than this crap
April 10th, 2008 04:41
So, when its in john, you have to hold down space or enter to keep it going, Or is it working in the background?
May 14th, 2008 03:08
thanks
May 28th, 2008 20:07
[...] Backtrack is a pen-testing distro so obviously it is loaded with all kinds of software to helphttp://www.linuxhaxor.net/2007/07/05/cracking-windows-admin-pass-with-backtrack2/backtrack2 : Software > Linux - MininovaBackTrack is the most Top rated linux live distribution [...]
June 21st, 2008 20:07
[...] [...]