-
March 9th, 2007, 12:05 PM
#1
Junior Member
How do I find out the windows password hashing is using? lm, ntlm, ntlmv2?
I am trying to find out the windows login password a computer is using. I do not have administrator privilege. I could boot from a cd. Does Offline NT Password & Registry Editor helps? How to find out?
This is the hash I dumped out from a boot cd:
Administrator:500:FC6C1371650726D5963A9B259AE5C80029:2437E445C0E704A73CAC16E219B42588XX:::
It has 34 digit instead of normally 32. You can see a XX at the end. So I am guessing it's using another type of hashing.
Any body has any suggestion or comment?
-
March 9th, 2007, 04:17 PM
#2
Yes,
Please indicate what operating system it is (some sort of NT I know, but which?) and if you are talking stand alone or networked.
Just do a Google search for "reset Windows password" and you will find hundreds of tutorials and links to tools.
That is the secret, you don't want to know the current password, you want to reset it Hey, if you can crack it easily you need to change it anyway, and if you can't it will waste a lot of your time.
As for the hash, lm would normally only be used if you were on a network that had to support legacy operating systems. Ntlm is for NT 4.0 up to SP3.
ntlmv2 came out with Win NT 4.0 SP4, so even that is pretty old, but does offer much stronger encryption. Please assume that, or go buy yourself a Zimmer frame...............you will need one before you are done
Last edited by nihil; March 9th, 2007 at 11:15 PM.
-
March 9th, 2007, 11:51 PM
#3
Junior Member
Yes, I understand I could reset the password without knowing the password using some tools.
But since this is a security forum, my goal is to research how the crack works in order to prevent it. My goal isn't to crack the password. I actually know the password but assume don't know.
-
March 10th, 2007, 12:03 AM
#4
Irongeek has at least two tutorials that should get you on your way
-
March 10th, 2007, 10:26 AM
#5
How it works is very simple:
1. Extract password hash
2. Crack password hash
Problem would be if I am using ntlmv2 or better and have a password like:
<€0987654321 "crack this you pillock" !"£$%^&*()_+>
And that is very easily remembered, because it is a "packed" password
N.B. The spaces are important.......... a lot of dictionary and brute force tables ignore them, and will fail as a result.
EDIT: As for "preventing it"........ you cannot.........if I have unrestricted physical access; you are owned. It is as complicated and simple as that
Last edited by nihil; March 10th, 2007 at 10:41 AM.
-
March 12th, 2007, 03:18 AM
#6
Junior Member
Originally Posted by cpthk
I am trying to find out the windows login password a computer is using. I do not have administrator privilege. I could boot from a cd. Does Offline NT Password & Registry Editor helps? How to find out?
This is the hash I dumped out from a boot cd:
Administrator:500:FC6C1371650726D5963A9B259AE5C80029:2437E445C0E704A73CAC16E219B42588XX:::
It has 34 digit instead of normally 32. You can see a XX at the end. So I am guessing it's using another type of hashing.
Any body has any suggestion or comment?
You used the newer version of the LoginRecovery program. They tried hard to make it difficult for you to get the hash. I recommend using an earlier version, or using something else like the Ophcrack LiveCD.
Anyway, what they did is they added a number to every byte in the hashes. This number is prepended to the hashes (FC). So you need to subtract FC from all the remaining bytes. FC is not part of the hash; XX is not part of the hash either. So for example, the first byte should be 6C - FC = 70.
So your real hashes should be
701775690B2AD99A3E9F299EE9CC042D:283BE849C4EB08AB40B01AE61DB8298C
and the password is 4swall!owmor6
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By gore in forum Other Tutorials Forum
Replies: 10
Last Post: March 28th, 2005, 08:38 AM
-
By NeonWizard in forum The Security Tutorials Forum
Replies: 5
Last Post: August 13th, 2004, 06:54 PM
-
By DeadAddict in forum Other Tutorials Forum
Replies: 3
Last Post: November 18th, 2003, 01:20 PM
-
By qwerty_smith in forum Microsoft Security Discussions
Replies: 1
Last Post: February 5th, 2003, 09:41 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|