This Lab will show you how to dump the Windows protected password storage SAM file using the tool pwdump7 and then crack the hash with an hash cracker tool that is Ophcrack and extract the plain-text password.
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
1. “Dumping and Cracking SAM Hashes
to Extract Plaintext Passwords”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
info@prohackers.in
Lab - 1
2. “Dumping and Cracking SAM Hashes to
Extract Plaintext Passwords”
Pwdump7 can be used to dump protected files. You can always
copy a used file by executing pwdump7.exe –d c:lockedfile.dat
backup-lockedfile.dat Ophcrack is a free open-source (GPL
license) program that cracks Windows password by using LM
hashes through rainbow tables.
3. Lab Scenario
The Security Account Manager (SAM) is a database file present on
Windows machine that store user account and security decryptors
for users on local computer. It store user’s password in a hashes
format (in LM hash and NTLM hash). Because a hashes function is
one-way, this provide some measure of security for the storage of
the passwords.
In a system hacking life cycle, attackers generally dump
operating system password hashes immediately after a
compromise a target machine. The password hashes enable
attackers to launch a verity of attacks on system, including
password cracking, pass the hash, unauthorized access of other..
4. Lab Scenario
System using the same password, password analysis, and pattern
recognition, in order to crack other passwords in the target
environment.
You need to have administrator access to dump the content
of the SAM file. Assessment of a password strength is critical
milestone during your security assessment engagement. You will
start your password assessment with a simple SAM hash dump and
running it with a hash decryptor to uncover the plaintext
password.
5. Lab Objective
The objective of this lab is to help peoples to lean how to;
• Use the pwdump7 tool to extract password hashes.
• Use the Opcrack tool to crack the hash and obtain the
plaintext password.
6. Overview of the Lab
Pwdump7 can be used to dump protected file. You can always
copy a used file executing the command pwdump7.exe –d
c:lockedfile.dat backup-lockedfile.dat. Rainbow table for LM
hashes of alphanumeric passwords are provided free by the
developers. By default, Ophcrack is bundled with table that allow
it to crack passwords not longer then 14 characters using only
alphanumeric characters.
7. Lab Task 01:- Generate Hashes
• Open the command prompt, and navigate the location the
pwdump7 folder. Alternatively you can navigate from the windows
explorer to the pwdump7 folder and right-click and select open
Cmd Here.
• Now run the command pwdump7.exe, and press Enter. This
displays all the
8. Lab Task 01:- Generate Hashes
password hashes as shown in the above screenshot.
• Now, save the hashes in a text file by issuing the command
pwdump.exe >d:hashes.txt and press Enter, in this command
we are saving the hashes in the hashes.txt file in the D: drive.
• Now, open the D: drive and locate the hashes.txt and double-
click to open the
9. Lab Task 02:- Install Ophcrack
• Navigate to the directory you have saved the setup od Ophcrack
and double-click on the ophcrack-win32-installer-3.6.0.exe,
to install the Ophcrack. You can also download the Ophcrack
from the www.Ophcrack.sourceforge.net.
• Ophcrack installation window opens, click next to install the
application.
10. Lab Task 02:- Install Ophcrack
• In the choose components section, uncheck all the options,
and click Next
11. Lab Task 03:- Task 03:- Crack the Password
• On completion the installation
open the application from the
Apps screen . The Ophcrack
main window appears as shown
in the screenshot.
12. Lab Task 03:- Task 03:- Crack the Password
Click the Load menu and select
PWDUMP file. The Open PWDUMP file
window appears. Browse the D: and
select the hashes.txt which has been
created through Pwdump7, and click
Open.
13. Lab Task 03:- Task 03:- Crack the Password
• The hashes are loaded in the Ophcrack under the NT Hash
column. Now, click on the Table menu, the Table Selection
window appear, select Vista free and click Install.
Note:- to install the Tables you need to download the tables from the internet,
you can download the table from http://Ophcrack.sourceforge.net/tables.php.
• The Select the directory which contains the tables window
appears, brown the location where the table has been
downloaded or stored. Select the folder in which the tables are
stored and click Select Folder.
14. Lab Task 03:- Task 03:- Crack the Password
This tables_vist_free is a pre-
computed tables for reversing
cryptographic hash functions and
recovering a plaintext password up to
a certain length.
The selected table_vista_free is
installed under the name Vista free,
which is represented by a green
colored bullet. Select the table and
click OK.
15. Lab Task 03:- Task 03:- Crack the Password
• Click Crack on the menu
bar. Ophcrack begin to
crack the passwords.
• The cracked password are
displayed in the plaintext
as in the below screenshot.
16. Lab Analysis
We have analyze the password hashes gathered during this lab, and
figured out what the password was.
Tool/Utility Information Collected/Objectives Achieved
Pwdump7
Ophcrack
IP Address Range/target:- Windows 8.1
machine
Scan Result:-
•Generate the user password Hashes
•Crack the password in the plaintext
17. Feedback
Thanks for reading this presentation
Please give us your feedback at
info@prohackers.in
Your feedback is most valuable for us for improving the presentation
You can also suggest the topic on which you want the presentation
Website: www.prohackers.in
FB page: www.facebook.com/theprohackers2017
Join FB Group: www.facebook.com/groups/group.prohackers/
Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A