Page 5 of 5 FirstFirst ... 345
Results 41 to 44 of 44

Thread: Tutorial:Cracking Cached Domain/Active Directory Passwords on Windows XP/2000/2003

  1. #41
    Junior Member
    Join Date
    Mar 2006
    Posts
    8
    I thought I would also post up a link to a post I made on another forum regarding John the Ripper.

    John the Ripper is a cracking program that runs natively in Linux but can easily be ported to Windows. It can crack pretty much anything but before you go off cracking your leet passwords on Windows you should know that John the Ripper runs way faster on Linux than it does on Windows.

    I've been experimenting with different boxes of different speeds to see which would crack the fastest and I've found that a lot of the speed depends on the platform on which John is running. I've been mostly comparing two machines so I'll go ahead and give the specifications of those.

    The first is a Dell Dimension with a 1.8 GHz Intel Celeron processor and 768 MB of DDR RAM. The second is an HP laptop with a 1 GHz AMD processor and 256 MB of SDRAM. The Dell runs Windows XP Professional and the laptop boots off of Whax because it doesn't have a working hard drive.

    As you can see, the Dell is clearly way faster than the HP but just keep an open mind as the results may surprise you.

    NOTE: All cracking here was with MS-Cache hashes using the exact same list of hashes.

    I had the Dell run several dictionary and hybrid attacks and it consistently ran at about 450,000 combinations per second (c/s). I had the HP laptop run a bruteforce attack and it consistently ran at about 625,000 combinations per second (c/s).

    So, the 1 GHz AMD processor beat out the 1.8 GHz Celeron? I'm not so sure about that. Windows XP takes up a lot of RAM and processor cycles to begin with. Also, John is not meant to run on Windows so it's probably not going to run as well as it would on Linux. I didn't even load up a window manager (ie Fluxbox or KDE) to crack in Whax. This means that next to no processor cycles and very little RAM were taken up by the operating system.

    Also, consider that the Dell was running dictionary and hybrid attacks using fairly large dictionaries. The smallest dictionary I had it use was 50 MB and the largest was over 200 MB. I don't know how much of the dictionary John loads into memory before it begins cracking but I would assume it's very little. However, this may have still had an effect on the overall speed despite the fact that the system has 768 MB of DDR RAM.

    The bottom line: Run John the Ripper on Linux whenever possible
    Last edited by puzzlepants; October 2nd, 2008 at 09:08 AM. Reason: broken link

  2. #42
    Junior Member
    Join Date
    Mar 2006
    Posts
    3
    hey download links dont work....do u have anyother.anyway i have john!..but i need cachedump.exe

  3. #43
    Junior Member
    Join Date
    Mar 2006
    Posts
    8
    First result on Google: http://www.off-by-one.net/misc/cachedump.html

    Direct download link for cachedump 1.2: http://www.off-by-one.net/misc/cachedump-1.2.zip

  4. #44
    Junior Member
    Join Date
    Jul 2007
    Posts
    1
    Excuse me to bring up this post after a long long time, but I was trying to recover my cached domain password but go the following error.

    Service not found. Installing CacheDump Service (C:\cachedump.exe -s)
    CacheDump service successfully installed.
    Pipe \\.\pipe\cachedumppipe created.
    Service started.
    ERROR ConnectNamedPipe function failed. (code 535)
    Service currently active. Stopping service...
    Service successfully removed.
    cachedump version used is 1.2, GP has been checked and contains more than 1 cached logons accounts.

    I also need clarification, if the local admnistrator account is sufficient to perform this or you need an account which is part of Domain admins ???

    Any workarounds ???

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •