-
April 1st, 2005, 06:44 AM
#1
Junior Member
sam/lc5 question
Hi, here is my question. I made a copy of my desktop pc's sam file. I then moved it over to my laptop. I made a new text document and put my password into it. When i ran a dictionary attack against my sam file, nothing happened. It isn't cracking the hashes. Also, when i run LC5 and audit my laptop passwords, it will show more info then just the account name, but with the file I get only the account names. I also tried to use Cain and Able with the file which has the password in it but I have had no sucess. Has anyone tried this before and what am I doing wrong?
Thanks
~ |)ARK$YNTA>< ~
-
April 1st, 2005, 09:26 AM
#2
Member
Re: sam/lc5 question
Originally posted here by dark5yntax
Hi, here is my question. I made a copy of my desktop pc's sam file. I then moved it over to my laptop. I made a new text document and put my password into it. When i ran a dictionary attack against my sam file, nothing happened. It isn't cracking the hashes. Also, when i run LC5 and audit my laptop passwords, it will show more info then just the account name, but with the file I get only the account names. I also tried to use Cain and Able with the file which has the password in it but I have had no sucess. Has anyone tried this before and what am I doing wrong?
Thanks
~ |)ARK$YNTA>< ~
how did you make the copy of the SAM on your desktop?
-
April 1st, 2005, 03:03 PM
#3
Junior Member
Re: Re: sam/lc5 question
Originally posted here by ghostmachine
how did you make the copy of the SAM on your desktop?
I used knoppix and copied it to an sd card in my card reader via usb.
Then I just moved it over to my desktop on my other comp.
-
April 1st, 2005, 03:12 PM
#4
-
April 2nd, 2005, 04:34 AM
#5
Junior Member
k one more question
your referance was awsome. It helped me understand syskey and sam files a lot better. But another question I have is when I first imported the dump into cain it said for the admin password it was ???????S and after brute forcing for awhile I now have WE3KING???????. Does the question marks actually represent how many characters are left and if so is there any way I can lock in the first 7 which it already gave me and just work on the last ones? Again thank you for your help.
-= |)ark$ynta>< =-
-
April 2nd, 2005, 05:07 AM
#6
Basically it means that you are cracking the older LAN Manager hashes where the password is all uppercase and split into two 7 byte sections. I copied this from a Microsoft site, it may help explain:
The LAN Manager (LM) Hash
The LM hash is technically speaking not a hash at all. It is computed as follows:
1. Convert all lowercase characters in the password to uppercase
2. Pad the password with NULL characters until it is exactly 14 characters long
3. Split the password into two 7 character chunks
4. Use each chunk separately as a DES key to encrypt a specific string
5. Concatenate the two cipher texts into a 128-bit string and store the result
What L0phtcrack or Cain is telling you is that it has cracked one 7 byte section of the password already. (there may be a better way to say that, someone else pipe in)
-
April 2nd, 2005, 05:41 AM
#7
Junior Member
so is there anyway to have either LC5 or cain crack the second have since I already have the first? Im a little new at this so how would u go about finishing it?
and thanks for your quick responses I do appreciate it.
-
April 2nd, 2005, 03:05 PM
#8
Just let it keep running the brute force crack, it just happened to find one 7 character string before the other.
-
April 2nd, 2005, 11:40 PM
#9
Junior Member
ok so then your saying it is two seperate strings of 7characters each. Right?
Also I'm up to 8 characters now so should i start over at 6 so I fully go through seven?
Thanks again.
-
April 3rd, 2005, 12:03 AM
#10
I'm not sure what you mean.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|