A unique perspective on using technology everyday.

Cracking Windows Passwords

February 11th, 2009 Posted in Computers     

Working in IT always seems to have fun and interesting projects or tasks; recently I was tasked with cracking passwords in Windows XP. Since cracking passwords in Windows XP is a simple and easy task to accomplish, I decided that I would document and describe the process. As a perlude, I am not encouraging people to crack passwords for accounts that they do not own.

Brief Understanding

It’s important that you have at least a basic understand of what we are going to attempt. When you set a password on a Windows XP User Account that is fewer than 15 characters it is stored in a Lanman Hash (LM Hash). To the everyday user, this just means that your password is stored in an encrypted format; for example if your Administrator account had the password “computer”, then the hash of that would be:

Administrator:500:AE6E1B1FCCB24D5B944E2DF489A880E4:
2B2AC2D1C7C8FDA6CEA80B5FAD7563AA:::

In order to crack a password in Windows, we are going to use the hash to determine what the password really is.

Tools Needed

Before we start we need to download Ophcrack; “Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.” Once downloaded, install Ophcrack, this will also include a program called PWDump. PWDump will allow us to extract the password hashes stored on Windows. Lastly, we will need a rainbow table. A rainbow table, for simplicity, is a table that will assist our password cracker, Ophcrack, in determining the password.

Cracking the Password

Note that you will need administrative permissions to the machine for this to work. For this example will perform a crack on the local machine.

Step 1: Download and Install Ophcrack

Step 2: Download Rainbow Tables

Step 3: Go to the Command Prompt, Start > Run > Type “cmd” > Press Enter

Step 4: Browse to the pwdump directory, typically you will type the following command:

cd “C:\Program Files\ophcrack\pwdump”

Step 5: Run pwdump as an administrator to extract the password hashes. For our example we will run it against the local machine and dump the hashes to a text file. Do that with the following command:

pwdump6_setup.exe -o C:\pwdump.txt localhost

Step 6: Open Ophcrack

Step 7: Press the Load button and select PWDUMP file

Step 8: Press the Tables button, and select the Rainbow table that you downloaded in step 2. Once you selected the Rainbow table that you downloaded, click the Install button and browse to the downloaded rainbow table.

Step 9: After the rainbow tables are installed, enable it by pressing the Enable button that looks like a green circle. After it is enabled, press OK.

Step 10: Press the Crack button.

Step 11: Wait.

Remember, that the rainbow tables that are freely available to download will only crack basic passwords. If you want to crack passwords with special characters you will need to download the Special rainbow table, which can be purchased through Ophcrack.

Hope that this simple overview is useful!

Post a Comment